Ακολούθησέ μας

DevSecOps Engineering

4 Μαρτίου 202417:00-21:00Αθήνα

DevSecOps Engineering

Σκοπός:

This course explains how DevOps security practices differ from other security approaches and provides the education needed to understand and apply data and security sciences. Participants learn the purpose, benefits, concepts, and vocabulary of DevSecOps; particularly how DevSecOps roles fit with a DevOps culture and organization. At the end of this course, participants will understand using “security as code” with the intent of making security and compliance consumable as a service.
The course is designed to teach practical steps on how to integrate security programs into DevOps practices and highlights how professionals can use data and security science as the primary means of protecting the organization and customer.

What you’ll learn

  • The purpose, benefits, concepts, and vocabulary of DevSecOps
  • How DevOps security practices differ from other security approaches
  • Business-driven security strategies
  • Understanding and applying data and security sciences
  • The use and benefits of Red and Blue Teams
  • Integrating security into Continuous Delivery workflows

Συνοπτικό πρόγραμμα:

Why DevSecOps?

  • Key Terms and Concepts
  • Why DevSecOps is important
  • 3 Ways to Think About DevOps+Security
  • Key Principles of DevSecOps

Culture and Management

  • Key Terms and Concepts
  • Incentive Model
  • Resilience
  • Organizational Culture
  • Generativity
  • Erickson, Westrum, and LaLoux

Strategic Considerations

  • Key Terms and Concepts
  • How Much Security is Enough?
  • Threat Modeling
  • Context is Everything
  • Risk Management in a High-velocity World

General Security Considerations

  • Avoiding the Checkbox Trap
  • Basic Security Hygiene
  • Architectural Considerations
  • Federated Identity
  • Log Management

IAM: Identity & Access Management

  • Key Terms and Concepts
  • IAM Basic Concepts
  • Why IAM is Important
  • Implementation Guidance
  • Automation Opportunities
  • How to Hurt Yourself with IAM

Application Security

  • Application Security Testing (AST)
  • Testing Techniques
  • Prioritizing Testing Techniques
  • Issue Management Integration
  • Threat Modeling
  • Leveraging Automation

Operational Security

  • Key Terms and Concepts
  • Basic Security Hygiene Practices
  • Role of Operations Management
  • The Ops Environment

Governance, Risk, Compliance (GRC) & Audit

  • Key Terms and Concepts
  • What is GRC?
  • Why Care About GRC?
  • Rethinking Policies
  • Policy as Code
  • Shifting Audit Left
  • 3 Myths of Segregation of Duties vs. DevOps

Logging, Monitoring, and Response

  • Key Terms and Concepts
  • Setting Up Log Management
  • Incident Response and Forensics
  • Threat Intelligence and Information Sharing

Διάρκεια

20 ώρες

  • 04/03/2024Ημερομηνίες διεξαγωγής: 4,6,7,11,12/03
  • 17:00- 21:00
  • Κόστος: 500€

Εκδήλωση ενδιαφέροντος

Ενδιαφέρεστε για τις υπηρεσίες μας; Επικοινωνήστε άμεσα μαζί μας για να σας καθοδηγήσουμε κατάλληλα.