DevSecOps foundation


According as companies push the code faster and more often than ever, the vulnerability rate in our systems is accelerating. As we are asked to do more with less, DevOps has demonstrated immense value for companies and security as an integral component that must be integrated into the strategy.

The topics covered in the course include how DevSecOps provides the commercial value of DevOps and the ability that DevOps has to enable the business and support an organizational transformation with the ultimate goal of increasing productivity, reducing risk and optimizing cost in the organization.

This course explains how DevOps security practices differ from other security approaches and provides the education needed to understand and apply data and security science. Participants will learn the purpose, advantages, concepts and vocabulary of DevSecOps, particularly how the DevSecOps roles fit a DevOps culture and organization. At the end of this course, participants will understand: The use of "security as a code" with the intention of making security and compliance consumable as a service

About the Instructor

Christian Ibiri

He is a person passionate about technology and above all, the disruptive or the transformations of the way we are used to doing things, such as cloud computing, agile methodologies and agile Infrastructures. He is a founding member of DevSecOps Argentina, has more than 10 years of experience in IT, of which the last 7 years in the areas of Hybrid Infrastructures, Cloud, DevOps and automation of tools. He participates in many infrastructure projects, networking, migration and implementation of private and public clouds, automation, unified communications and collaboration, accompanying the other parts involved in them, from the requirements stage to the implementation and post-implementation. DevOps enthusiast, agile infrastructures and infrastructure as code.

Cloud Legion



Cloud Legion

About the Instructor

Luciano Moreira

Vice President of Argentina chapter of the CSA, Luciano Moreira has over 17 years of experience, where the last 12 years specifically in the area of Information Security. Solid knowledge and experience in projects for the implementation and improvement of quality management systems and information security, auditing and compliance control of national and international standards. Instructor of several talks and courses in different training centers and companies. In the last years he has been working to develop and promote the security of information in Argentina through activities carried out with associations such as CSA, DevSecOps, Owasp, ISACA, IEEE. Lead Auditor ISO 27001, 27017 and 27018 ISO 9001 Lead Auditor, CSA STAR Auditor, CCSK (Certificate of Cloud Security Knowledge), Certified Integrator in Secure Cloud Services, etc. Elected Cybersecurity Consultant of the Year at the Cybersecurity Excellence Awards in 2016, 2017 and 2018.



Objectives


At the end of this workshop you will learn: The purpose, benefits, concepts and vocabulary of DevSecOps, How DevOps security practices differ from other security approaches, Business-driven security strategies, Understanding and applying data and security science, The use and benefits of red and blue teams, Integrating security into continuous delivery workflows, How DevSecOps roles fit into a DevOps culture and organization.




Cloud Legion


Plan of studies

This workshop is divided into 5 days: It is designed to teach practical steps on how to integrate security programs into DevOps practices and highlights how professionals can use data and security science as the primary means to protect the organization and to the client.

Using real-life arguments and case studies, participants will have tangible opportunities to take advantage when they return to the office.




COURSE SCHEME

Introduction

  • Course objectives
  • Course agenda
  • Exercise: Diagramming your CI/CD Pipeline

  • Why DevSecOps?

  • Key terms and concepts
  • Why is DevSecOps important?
  • 3 ways to think about DevOps + Security
  • DevSecOps Key Principles

  • Culture and management

  • Key terms and concepts
  • Incentive model
  • Resistance
  • Organizational culture
  • Generativity
  • Erickson, Westrum y LaLoux
  • Exercise: Influence of culture.

  • Strategic considerations

  • Key terms and concepts
  • How much security is enough?
  • Threat modeling
  • The context is everything
  • Risk management in a high-speed world
  • Avoiding the trap of the check box

  • Basic Safety Hygiene

  • Evitando la trampa de la casilla de verificación
  • Higiene Básica de Seguridad
  • Architectural considerations
  • Federated identity
  • Record management

  • IAM: Identity & Access Management

  • Key terms and concepts
  • Basic concepts of IAM
  • Why is IAM important?
  • Implementation guide
  • Automation opportunities
  • How to hurt yourself with IAM
  • Exercise: Overcoming the IAM Challenges

  • Application security

  • Application security tests (AST)
  • Testing techniques
  • Prioritize test techniques
  • Integration of problem management
  • Threat modeling
  • Taking advantage of automation

  • Operational safety

  • Key terms and concepts
  • Basic hygiene and safety practices
  • Role of Operations Management
  • The operating environment
  • Exercise: Add security to your CI/CD Pipeline

  • Governance, Risk, Compliance (GRC) and Audit

  • Key terms and concepts
  • What is GRC?
  • Why worry about GRC?
  • Rethinking policies
  • Policy as a code
  • Scrolling the audit to the left
  • 3 myths of the segregation of duties against devOps
  • Exercise: make policies, auditing and compliance work with DevOps

  • Registration, Monitoring and Response

  • Key terms and concepts
  • Registry management configuration
  • Incident response and forensic analysis
  • Intelligence of threats and the exchange of information

  • Course review

  • Where we started
  • What we cover
  • Key reminders of what is important
  • Exercise: Creating a personal action plan

  • Who should attend


    The target audience of the DevSecOps foundation course are professionals that include:

    • Anyone involved or interested in learning about the strategies and automation of DevSecOps
    • Anyone involved in chain architectures of continuous delivery tools
    • Compliance team
    • DevOps Engineers
    • IT Managers
    • Computer security professionals and managers
    • Maintenance and support staff
    • Managed service providers
    • Project & Product Managers
    • Quality Assurance Teams
    • Scrum Masters
    • Site reliability engineers
    • Software Engineers
    • Testers

    If you want to know more about our courses and workshops, you can send us your query by completing the form below. We will contact you as soon as possible.

    Contact us