DevSecOps is more than just a new label – it’s a well-established set of skills, tools and team practices for proactively building security into applications and IT services.
From the start, security has been a key priority for technology professionals who practice the grassroots principles of DevOps. However, even on teams which strive to adhere to DevOps practices, security concerns still take a back seat far too often. The more recent DevSecOps phenomenon does not represent a new idea (secure all the things!) but it does represent a renewed focus on the importance of security in the development lifecycle and its implications for all of downstream IT.
Led by a senior expert, teach your teams how to improve the DevSecOps practice – from guiding principles to daily technical execution.
This DevSecOps boot camp is the most practical, in-depth educational solution for teams who want to understand, apply and improve their skills on “shifting left” in IT security. This expert-led boot camp focuses on the principles, processes, and technical skills necessary to make security and risk profiling a front-end priority: embracing a “quality first” mindset. Teams will leave class understanding that they have a responsibility for how applications and IT services perform when they are complete and in production…even if they are involved primarily in design, development or testing applications. For IT teams primarily on the operations end of the spectrum, this class will teach them how to shift left and collaborate on the upstream work that ultimately impacts the IT security environment, the organization’s risk management, and their own daily jobs.
In this Course, You will Learn How to:
- Assess, specify and automate much of the work associated with application security
- Bridge the typical functional silos in IT that prevent proactive security practices
- Translate common risks into technical use cases and software requirements
- Apply “security first” engineering and testing practices throughout the entire application pipeline
- Use static analysis, broader unit test coverage, and code quality reviews specifically for security
- Translate the OWASP risks into practical, actionable software development best practices
- Deploy for security
- Tie secure development practices and automated engineering to GRC and audit requirements
- Try new approaches to change management for increased speed, automation and security
- Use DevOps-style metrics to measure and monitor security practices and performance
- Promote the cultural practices that lead to improved responsibility for security outcomes
- Go back to work with a plan to implement what you learn
This course is also available publicly via Live Virtual Classroom:
Get Course Information