New Course: Introduction to DevSecOps

Welcome to our first Secure Development course for 2022: Introduction to DevSecOps.

2022 has been an exciting year for us, with new team members, many great seminars, and more course offerings out and on their way.

Sticking to our mission, we're pleased to share our latest accessible, inclusive, and industry-aligned security course with you.

This course lays the foundation for introducing cyber security within your DevOps pipelines, processes, organization, and technology.SafeStack Principal Developer Advocate Christian Frichot and Secure Development Specialist Shaun Bettridge summarize the new course.

Introduction to DevSecOps

In this course, we take you on a journey through how you can embed security into your DevOps pipelines and processes.

As automation and rapid development processes like agile have become increasingly popular, the tools and methodologies we use have adapted to suit. We find ourselves working with more Continuous Integration / Continuous Deployment tech, but security is often left out of the equation.

This course highlights the current industry best-practice standards, processes, and tools that are driving the adoption of cyber security within organizations without overhauling everything at once. We describe how you can incrementally introduce a security focus within your existing development processes.

In a 2020 survey from StackOverflow, 80% of respondents believed DevOps is somewhat important, with many organizations having at least one dedicated DevOps employee. Growing your security capability in line with this change is vitally essential when securing data — both your own and that of your customers.

Our Introduction to DevSecOps course is divided into the following modules.

DevOps culture and processes

DevOps is a complex topic that means different things to different people.DevOps implementations are often unique between organizations — sometimes even between teams in the same organization. The first module establishes a common language for DevOps, the history behind its explosive growth, and how security is a natural fit for it.

We further explore how agile and DevOps have changed the software development landscape and how to embed security into agile and product-focused teams.

Cloud security

The explosion of cloud computing is hard to miss these days. DevOps teams can move faster, often thanks to the cloud and containerized apps.

However, there are risks associated with handling sensitive information in the cloud. This module breaks down common threats and how to secure your cloud accounts, workloads, and data.

We learn about the cloud and how it enables DevOps, as well as discuss common security risks you may encounter and how to manage those risks.

Securing source code and deployment pipelines

DevOps teams often embrace an "everything-as-code" approach. This approach uses source code for more than software, including environments, security, and governance.

As more critical data enters your code, the need to secure your source code management system also increases. But there's an opportunity to embed automated security within this ecosystem.

We cover Source Code Management (SCM) technology and how to secure these environments. We also focus on the security of Infrastructure-as-Code, containerized environments, and embedding security into Continuous Integration / Continuous Deployment (CI/CD) technology.

DevOps defense

DevOps isn't just about IT operations embracing software development best practices. It's also about software teams getting involved in operating their products. How you maintain resilient systems and manage incidents is critical to the operation of any software environment.

This module helps you understand how to embed resilience into continuous deployment processes and manage security incidents in a DevOps environment.

Strategically growing DevSecOps

DevOps is more than just new technology, automated pipelines, and robots. It's about building a culture of change by empowering individuals and giving them the knowledge to do their jobs effectively and quickly.

Getting the right amount of security into a DevOps team is complicated, and there's no one right model. This module breaks down some metrics you can measure and tricks to get started.

There’s much to know if you deploy software automatically, leverage the cloud, and manage your environments with Infrastructure-as-Code. This course covers a lot of ground but will help everyone unlock their inner security champion to continue delivering value faster and more securely.

Who is this course for?

This course is relevant for anyone involved in delivering software or cyber security within organizations, including developers, architects, product owners, security specialists, and anyone looking to understand security best practices for current software development pipelines.

Finishing the following courses can also be helpful, as we leverage many of the concepts they cover.

  • Security Fundamentals for Software Development

  • Threat Assessment for Software Development

  • Finding and Fixing Web Application Security Vulnerabilities (and API vulnerabilities)

Previous
Previous

Introducing SafeStack's Student Sponsorship program for secure development

Next
Next

Is “shifting left” improving secure development outcomes?