Training: DevSecOps – Security at Every Stage of the Application Lifecycle
Level
IntermediateDuration
32h / 4 dayDate
Individually arrangedPrice
Individually arrangedTraining: DevSecOps – Security at Every Stage of the Application Lifecycle
This training combines the latest techniques, tools, and the philosophy of DevSecOps. Participants will learn how to integrate security into every stage of the software lifecycle – from planning, through development and delivery, to monitoring and auditing. The course also covers security in cloud environments, automation, and building a DevSecOps culture within organizations.
What You Will Learn
- Understand what DevSecOps is, its key principles, and how it differs from traditional approaches
- Learn tools, techniques, and practices such as SAST, DAST, IAST, SCA, and how to integrate them into DevOps processes
- Secure cloud environments, leverage native security mechanisms, and automate compliance with industry regulations
- Build a security-first culture in your organization, create Security Champions, and support collaboration across teams
Who is this training for?
Developers and DevOps engineers who want to learn how to integrate security practices into their CI/CD processes-
IT security specialists interested in implementing DevSecOps in their organizations and collaborating with development teams
-
Managers and technical leaders looking to foster a DevSecOps culture and manage organizational change in teams
-
Cloud and infrastructure architects who want to learn best practices for securing cloud and multi-cloud environments
Training Program
-
1. DevSecOps Fundamentals
- Philosophy and culture of DevSecOps
- Comparing traditional approaches with DevSecOps
- Benefits of adopting DevSecOps
- Process mapping and identifying security gaps
-
2. Security in the Planning Phase
- Threat modeling
- Defining security requirements in the backlog
- Security Champions Program
- Risk assessment during planning
-
3. Secure Application Development
- Secure coding practices
- Security-focused and regular code reviews
- Dependency and library management
- Best practices and coding standards
-
4. Security Automation
- SAST – Static Application Security Testing
- DAST – Dynamic Application Security Testing
- IAST – Interactive Application Security Testing
- SCA – Software Composition Analysis
-
5. Secure Application Delivery
- Securing CI/CD pipelines
- Infrastructure as Code (IaC) security
- Password, secret, and token management
- Securing containerized environments
-
6. Monitoring and Incident Response
- Security Information and Event Management (SIEM)
- Security monitoring and alerting
- Security metrics and KPIs
- Incident response processes
-
7. Cloud Security
- Cloud security characteristics and common threats
- Native cloud security mechanisms
- Compliance as Code
- Multi-cloud security considerations
-
8. DevSecOps Tools
- Security tool integration into pipelines
- Orchestration and automation of security processes
- Security testing tools overview
- Vulnerability management
-
9. Compliance and Audit
- Compliance automation
- Security policies as code
- Audit processes and reporting
- Industry regulations and standards
-
10. Culture and Organization
- Building a DevSecOps culture
- Cross-team collaboration
- Security Champions roles and responsibilities
- Change management
