Skip to Scheduled Dates
Course Overview
Security can’t be an afterthought in today’s fast-paced DevOps environments. The DevSecOps Foundation course helps IT professionals, leaders, and change agents embed security practices into DevOps culture from the ground up. This training equips participants with the frameworks, tools, and leadership strategies needed to build secure, high-velocity systems. Learn how to influence organizational culture, manage risk in high-speed environments, integrate IAM and application security, and secure CI/CD pipelines—all while avoiding change fatigue and demonstrating the business value of DevSecOps. You'll explore how DevSecOps roles fit with a DevOps culture, and how security practices can be integrated early in the development lifecycle to reduce risk and optimize resource usage.
Who Should Attend
This course is intended for: Anyone starting or leading a DevOps cultural transformation program, Anyone interested in modern IT leadership and organizational change approaches, Business Analysts, Business Stakeholders, Consultants, DevOps tool providers, IT Operations Managers, IT Leadership, Practitioners and change agents, Project Managers, Systems Integrators, Team Leaders, Managers, Directors, Tool Suppliers
Course Objectives
This DevSecOps Foundation training helps participants understand how to lead and support secure DevOps transformations at both the strategic and tactical levels. The course explains how DevOps security practices differ from other security approaches and offers tangible takeaways for applying changes to your organization. Key learning areas include:
- Understanding organizational culture and how DevSecOps roles fit within a DevOps organization
- Strategies to support an organizational transformation that integrates security as code
- Managing conflict and building feedback loops
- Using meaningful metrics and demonstrating DevOps ROI
- Applying data and security sciences to reduce risk and protect the organization and customer
- Integrating security programs early in the development process
- Understanding the vocabulary of DevSecOps and how the practices covered support business and security alignment
Course Outline
1 – Course Introduction
- Course goals and structure
- Agenda overview
2 – Why DevSecOps
- Key terms and concepts
- Importance of integrating security into DevOps
- Core principles of DevSecOps
3 – Culture and Management
- Incentive models and resilience
- DevOps culture and organization
- Organizational models (Westrum, LaLoux)
- Exercise: Influencing culture
4 – Strategic Considerations
- Threat modeling and contextual risk
- High-velocity risk management
- Exercise: Measuring for success
5 – General Security Considerations
- Avoiding the checkbox trap
- Security hygiene and architectural considerations
- Federated identity and log management
6 – Identity & Access Management (IAM)
- IAM concepts and implementation
- Automation opportunities
- Pitfalls and common vulnerabilities
- Exercise: Overcoming IAM challenges
7 – Application Security
- Application Security Testing (AST)
- Testing techniques and prioritization
- Issue management and automation
- Threat modeling and continuous testing
8 – Operational Security
- Security hygiene in operations
- Role of ops management
- Exercise: Adding security to your CI/CD pipeline
9 – Governance, Risk, Compliance (GRC) and Audit
- Importance of GRC in DevOps
- Rethinking policies and shifting audit left
- Policy as code and automation
- Exercise: Making policies, audit, and compliance “consumable as a service”
10 – Logging, Monitoring, and Response
- Log management setup
- Incident response and forensics
- Threat intelligence and information sharing
11 – Course Review
- Recap of key concepts and exercises
- Creating a personal action plan
12 – Exam Preparation
- Exam requirements and structure
13 – Terminology and Sample Exam
- Common DevOps and DevSecOps vocabulary
- Sample DSOF certification exam questions