DevSecOps Engineering (DSOE)℠ is a certification that is accredited by DevOps Institute. A DevSecOps Engineer is an IT Security professional who is skilled at security as code with the intent of making security and compliance consumable as a service. A DevSecOps Engineer uses data and security science as their primary means of protecting the organization and customer. The purpose of this certification and its associated course is to impart, test and validate knowledge of DevSecOps vocabulary, principles, practices, automation and value.

• The purpose, benefits, concepts, and vocabulary of DevSecOps
• How DevOps security practices differ from other security approaches
• Business-driven security strategies
• Understanding and applying data and security sciences
• The use and benefits of Red and Blue Teams
• Integrating security into Continuous Delivery workflows
• How DevSecOps roles fit with a DevOps culture and organization

• Anyone involved or interested in learning about DevSecOps strategies and automation
• Anyone involved in Continuous Delivery toolchain architectures
• Compliance Team
• Delivery Staff
• DevOps Engineers
• IT Managers
• IT Security Professionals, Practitioners, and Managers
• Maintenance and support staff
• Managed Service Providers
• Project & Product Managers
• Quality Assurance Teams
• Release Managers
• Scrum Masters
• Site Reliability Engineers
• Software Engineers
• Testers

• Course Introduction
  • Course Goals
  • Course Agenda
  • Exercise: Diagramming Your CI/CD Pipeline
• Why DevSecOps?
  • Key Terms and Concepts
  • Why DevSecOps is important
  • 3 Ways to Think About DevOps+Security
  • Key Principles of DevSecOps
• Culture and Management
  • Key Terms and Concepts
  • Incentive Model
  • Resilience
  • Organizational Culture
  • Generativity
  • Erickson, Westrum, and LaLoux
  • Exercise: Influencing Culture
• Strategic Considerations
  • Key Terms and Concepts
  • How Much Security is Enough?
  • Threat Modeling
  • Context is Everything
  • Risk Management in a High-velocity World
  • Exercise: Measuring For Success
• General Security Considerations
  • Avoiding the Checkbox Trap
  • Basic Security Hygiene
  • Architectural Considerations
  • Federated Identity
  • Log Management
• IAM: Identity & Access Management
  • Key Terms and Concepts
  • IAM Basic Concepts
  • Why IAM is Important
  • Implementation Guidance
  • Automation Opportunities
  • How to Hurt Yourself with IAM
• Application Security Testing (AST)
  • Testing Techniques
  • Prioritizing Testing Techniques
  • Issue Management Integration
  • Threat Modeling
  • Leveraging Automation
• Operational Security
  • Key Terms and Concepts
  • Basic Security Hygiene Practices
  • Role of Operations Management
  • The Ops Environment
• Governance, Risk, Compliance (GRC) and Audit
  • Key Terms and Concepts
  • What is GRC?
  • Why Care About GRC?
  • Rethinking Policies
  • Policy as Code
  • Shifting Audit Left
  • 3 Myths of Segregation of Duties vs. DevOps
• Logging, Monitoring, and Response
  • Key Terms and Concepts
  • Setting Up Log Management
  • Incident Response and Forensics
  • Threat Intelligence and Information Sharing
• Exam preparations
  • Exam Requirements
  • Sample Exam Review