Welcome to our first Secure Development course for 2022: Introduction to DevSecOps.
2022 has been an exciting year for us, with new team members, lots of great seminars, and more course offerings out and on their way.
Sticking to our mission, we’re pleased to share our latest accessible, inclusive, and industry-aligned security course with you.
This course lays down the foundation for introducing cyber security within your DevOps pipelines, processes, organisation, and technology.
SafeStack Principal Developer Advocate Christian Frichot and Secure Development Specialist Shaun Bettridge share a summary of the new course.
Introduction to DevSecOps
In this course, we take you on a journey through how you can embed security into your DevOps pipelines and processes.
As automation and rapid development processes like agile have become increasingly popular, the tools and methodologies we use have adapted to suit. We find ourselves working with more Continuous Integration / Continuous Deployment tech, but security is often left out of the equation.
This course highlights the current industry best-practice standards, processes, and tools that are driving the adoption of cyber security within organisations without overhauling everything at once. We describe how you can incrementally introduce a security focus within your existing development processes.
In a 2020 survey from StackOverflow, 80% of respondents said they believed DevOps is somewhat important, with many organisations having at least one dedicated DevOps employee. Growing your security capability in line with this change is vitally important when it comes to securing data — both your own and that of your customers.
Our Introduction to DevSecOps course is divided into the following modules.
DevOps culture and processes
DevOps is a complex topic that means different things to different people.
DevOps implementations are often unique between organisations — sometimes even between teams in the same organisation. The first module establishes a common language for DevOps, the history behind its explosive growth, and how security is a natural fit for it.
We further explore how agile and DevOps have changed the software development landscape and how to embed security into agile and product-focused teams.
Cloud security
The explosion of cloud computing is hard to miss these days. DevOps teams can move faster, often thanks to the cloud and containerised apps.
But there are risks with handling sensitive information in the cloud. This module breaks down common threats and how to secure your cloud accounts, workloads, and data.
We learn about the cloud and how it enables DevOps, as well as discussing common security risks you may encounter and how to manage those risks.
Securing source code and deployment pipelines
DevOps teams often embrace an “everything-as-code” approach. This approach uses source code for more than software, including environments, security, and even governance.
As more critical data makes its way into your code, the need to secure your source code management system also increases. But there’s an opportunity to embed automated security within this ecosystem.
We cover Source Code Management (SCM) technology and how to secure these environments. We also focus on the security of Infrastructure-as-Code, containerised environments, and embedding security into Continuous Integration / Continuous Deployment (CI/CD) technology.
DevOps defense
DevOps isn’t just about IT operations embracing software development best practices. It’s also about software teams getting involved in operating their products. How you maintain resilient systems and manage incidents is critical to the operation of any software environment.
This module helps you understand how to embed resilience into continuous deployment processes and manage security incidents in a DevOps environment.
Strategically growing DevSecOps
DevOps is more than just new technology, automated pipelines, and robots. It’s about building a culture of change by empowering individuals and giving them the knowledge to do their job effectively and at speed.
Getting the right amount of security into a DevOps team is a complicated task, and there’s no one right model. This module breaks down some metrics you can measure and tricks to get started.
There’s a lot to be aware of if you deploy software automatically, leverage the cloud, and manage your environments with Infrastructure-as-Code. This course covers a lot of ground but will help everyone unlock their inner security champion to continue delivering value faster and more securely.
Who is this course for?
This course is relevant for anyone involved in delivering software, or cyber security, within organisations, including developers, architects, product owners, security specialists, or anyone looking to understand security best practices for current software development pipelines.
It can be helpful to finish the following courses, too, as we leverage a lot of the concepts they cover.
- Security Fundamentals for Software Development
- Threat Assessment for Software Development
- Finding and Fixing Web Application Security Vulnerabilities (and API vulnerabilities)
You can access all these courses by becoming a member of SafeStack Academy.
What you get with a SafeStack Academy Secure Development membership
Our online training is flexible so that you can learn from anywhere at any time, and our ongoing programme means you get up-to-date content released regularly. Our high-quality, people-focused content is created by experts and is relevant for a range of roles.
As well as our Introduction to DevSecOps course, you’ll get access to our existing courses, including:
- Security Foundations for Software Testing
- Security Fundamentals for Software Development
- Finding and Fixing Web Application Security Vulnerabilities
- Finding and Fixing API Vulnerabilities
- Threat Assessment for Software Development
- Designing Secure Microservice Architectures
- And other new content released regularly.
You also get these neat benefits:
- Monthly online seminars hosted by the SafeStack Academy team on a range of application security topics, designed to connect you with a community of like-minded folks. Check out GitHub Actions for AppSec for an idea of what to expect.
- Online office hours, offering a chance to talk with our team about what you’re learning or any particular secure development challenges you’re working through.
- Access to our hands-on labs, where you can explore concepts and test your knowledge.
- Digital badges to recognise and share what you’ve learned.
We love to hear from you
We hope this course will give you practical ways to embed security into your DevOps pipelines and processes, and we’d love to hear your feedback. Drop us a line on support@safestack.io and let us know what you think.