Course Outline
1 - Realizing DevSecOps Outcomes
- Origins of DevOps
- Evolution of DevSecOps
- CALMS
- The Three Ways
2 - Defining the Cyberthreat Landscape
- What is the Cyber Threat Landscape?
- What is the threat?
- What do we protect from?
- What do we protect, and why?
- How do I talk to security?
3 - Building a Responsive DevSecOps Model
- Demonstrate Model
- Technical, business and human outcomes
- What’s being measured?
- Gating and thresholding
4 - Integrating DevSecOps Stakeholders
- The DevSecOps State of Mind
- The DevSecOps Stakeholders
- What’s at stake for who?
- Participating in the DevSecOps model
5 - Establishing DevSecOps Best Practices
- Start where you are
- Integrating people, process and technology and governance
- DevSecOps operating model
- Communication practices and boundaries
- Focusing on outcomes
6 - Best Practices to get Started
- The Three Ways
- Identifying target states
- Value stream-centric thinking
7 - DevOps Pipelines and Continuous Compliance
- The goal of a DevOps pipeline
- Why continuous compliance is important
- Archetypes and reference architectures
- Coordinating DevOps Pipeline construction
- DevSecOps tool categories, types and examples
8 - Learning Using Outcomes
- Security Training Options
- Training as Policy
- Experiential Learning
- Cross-Skilling
- The DevSecOps Collective Body of Knowledge
- Preparing for the DevSecOps Foundation certification exam
Target Audience
The target audience for the DevSecOps Foundation course are professionals including:
Anyone involved or interested in learning about DevSecOps strategies and automation
Anyone involved in Continuous Delivery toolchain architectures
Compliance Team
Business managers
Delivery Staff
DevOps Engineers
IT Managers
IT Security Professionals, Practitioners, and Managers
Maintenance and support staff
Managed Service Providers
Project & Product Managers
Quality Assurance Teams
Release Managers
Scrum Masters
Site Reliability Engineers
Software Engineers
Testers