Building a DevSecOps Practice [GK821516]

OVERVIEW

Exclusive - Learn how to integrate DevSecOps into the software development lifecycle.

DevSecOps is a branch of DevOps that focuses on automating Security and integrating it into the process, such as Continuous Delivery, Infrastructure-as-Code (IaC), and observability. DevSecOps speeds the delivery of safer code, but it also helps developers get early feedback on their work, producing more reliable software. This course examines integrating DevSecOps practices into the software delivery pipeline using open-source tools. This course is for software developers, site reliability engineers, and DevOps workers who want to write more secure code in a shorter amount of time.

IS THIS THE RIGHT COURSE?

A working understanding of industry-standard DevOps practices. A learner attending this course should be familiar with the basic tenets of agile and modern IT development and deployment methodologies. While not necessarily an expert in these concepts, learners should be comfortable with their principles. Also, a learner should have a keen and curious ambition about IT security. Security professionals attending the course may or may not have a DevOps background.

OBJECTIVES

• Examine Agile methodologies are driving the new DevSecOps field
• Understand what "Shift Left" means relative to DevSecOps
• Identify the leading "players" in a DevSecOps practice and learn why the leading players might have differing and complementary) agendas.
• Compare and contrast different types of Security such as implied, explicit, and continuous
• Examine differing points of contention between traditional Security and IT forensic teams and more modern and progressive DevSecOps Teams
• Learn about different work strategies, focusing on getting disparate DevOps and security teams and their respective stakeholders "on the same page."
• Learn about Cloud-Native Security, and different cloud deployment security considerations
• Examine ways of securing applications and building secure systems
• Demonstrate how to secure build systems
• Identify vulnerability patterns in various modern cloud deployment strategies
• Analyze and plan for all phases of security planning from concept through project maintenance and retirement
• Develop and execute a DevSecOps security plan
• Design, plan and use DevSecOps monitoring and logging.
• Understand how Artificial Intelligence is impacting IT Security and DevSecOps
• Identify DevSecOps vendors, providers, and tools
•  

AUDIENCE

• Software developers
• Site reliability engineers
• DevOps workers

NEXT STEP

Must have a subscription to Skillsoft Percipio in order to access the following:

Network Security Specialist to CloudOps Security Architect (Aspire Journey)
With more businesses implementing cloud technology, it's essential to have proper security measures in place. This Skillsoft Aspire journey explores the steps required to go from a Network Security Specialist to CloudOps Security Architect.

DevOps Engineer to Cloud Architect (Aspire Journey)
Are you a DevOps Engineer looking to transition to a cloud computing role? In this Skillsoft Aspire Journey, you will learn the skills required to become a Cloud Engineer, CloudOps Engineer, and Cloud Architect.

Load Balancing Multi and Hybrid Cloud Solutions (Aspire Proficiency Journey)
The Load Balancing Multi and Hybrid Cloud Solutions Journey explores load balancing in high availability, agnostic server/cloud, or multi-cloud platforms. High availability topics run through each learning path and are mentioned within each topic's context. During this learning journey, we discuss different load balancing strategies for traditional, cloud, and multi-cloud deployments. Later, we will discuss popular load balancing technologies, vendors, and design patterns.

CONTENT

1. DevSecOps in a Nutshell
   
   
   • SecDevOps in a Nutshell Or DevOps Security in a Nutshell.
   • A Very Brief Introduction to DevOps and Security
   • DevSecOps, SecDevOps, DevOps Security Defined
   • Activity Major DevSecOps Players: Regulators, Stakeholders, Developers, Operations, IT Security, Auditors, Leadership
   • Shifting DevOps Security "Left" (like other agile practices)
   • Continuous Security, implied Security, explicit Security
   • Points of Contention between traditional Security Teams (InfoSec) and DevSecOps Teams
2. DevSecOps in Practice
   
   
   • App Security Basics: authorization and access, auditing and logging, confidentiality or privacy, system, and data integrity.
   • Focus on data: platform data, database data, application data
   • Identity management for Dummies: IAM, permissions, and management
   • Mindset shift to DevSecOps: shift left
3. Living with DevSecOps
   
   
   • DevSecOps Testing and Monitoring
   • Artificial Intelligence and DevSecOps
   • Major DevSecOps Vendors and Solutions