Certified DevOps Security Practitioner (CDSP) Training

  • 20 Sep 2021
  • 22 Sep 2021
  • 3 sessions
  • 20 Sep 2021, 09:00 13:00 (EDT)
  • 21 Sep 2021, 09:00 13:00 (EDT)
  • 22 Sep 2021, 09:00 13:00 (EDT)
  • Virtual

Registration

  • Certified DevOps Security Practitioner Training for (ISC)2 South Florida Chapter Members
  • Certified DevOps Security Practitioner Training for Non (ISC)2 South Florida Chapter members

Your (ISC)2 South Florida Chapter is partnering with Network Intelligence, to offer this DevSecOps training:

COURSE OBJECTIVE:

This training focuses on Embedding security into the DevOps processes is referred to as DevSecOps While DevOps addresses the business need of rapidly delivering products and release code in order to satisfy customer demands, it is important that security must work in tandem with Agile and DevOps processes

In traditional development methods, security is kept at the very end of the release process

Hence, security has been viewed as a bottleneck to the rapid development methodologies such as Agile along with the software delivery pipeline

This results in a major contention and distrust between development and security teams unless they work in tandem

Just as DevOps addresses the traditional silos between Development and Operations, DevSecOps seeks to address the silos between Dev, Ops and Security teams Automated application security further facilitates reducing friction and removing bottlenecks in the CI/CD cycle

In this course, we will be learning how DevSecOps is implemented in a company by using various programming languages and open source tools It will be helpful to jumpstart in understanding and exposure to various security automation possibilities which can be integrated in DevOps related to application or infrastructure security

COURSE CONTENT

Day 1:

• Intro DevOps Culture

•DevOps Principles

•Overview of DevOps Tools

•DevOps CI/CD Pipelining

•Security & Compliance Challenges in DevOps

•Cloud Service threats

•Rapid releases

•New Technology (Microservices)

•Security challenges in CI/CD

•Case Study

•Injecting Security into CI/CD

•Hands on Open Source Tools

•Static Analaysis

•Dynamic Analysis

•Security Testing

•Git Attack & Best Pratice

•Jenkins Attack & Best Practice

•Case Study

•Shift Secure Left

•OWASP Proactive Controls

•Using Infrastructure as Code

•The ‘ HoneyMoon ’ Effect

•SDOMM or DSOMM(Maturity Model)

Day 2:

•Microservice Security

•What is Docker?

•Overview of Docker Components

•Security Concerns with Containers

•Attacking Docker Containers Misconfiguration(Hands on)

•Auditing Docker Containers(Hands on)

•Kubernetes Attacking and Defending

Day 3:

•Security Automation

•CaseStudy

•Security Policy

•Framework( BDD,Robot

•Introduction to Ansible

•Hands on Security Automation

•Security Automation Compliance

•Hands on Inspec

•Intro to Cloud DevSecOps

•Serverless Security

Examination: Participants need to pass an on-line examination after the training to be awarded with the DevOPs Security Practitioner certificate


      © 2021 (ISC)2 South Florida  Chapter

        Powered by Wild Apricot Membership Software