DevOps Security: Creating a DevOps Security Strategy
-
COURSE DATES AND LOCATIONS
DATE
Duration
LOCATION
FEES
Book Now
-
INTRODUCTION
DevOps is a software development approach that aligns application development with IT operations. Some of the tools that have emerged to support DevOps include: automation tools, containerization and orchestration platforms. Security has not kept up with these developments. During this course, participants will learn how to formulate the proper security strategy to face the DevOps security challenge.
-
COURSE OBJECTIVES
By the end of the course, you‘ll be able to:
- Create a DevOps Security Strategy
- Foundations and principles of DevOps, Continuous Delivery, and Continuous Deployment
- The security risks and challenges posed by DevOps
- The keys to successful DevOps security programs
- How to build security into Continuous Delivery and Continuous Deployment
- The tools, patterns, and techniques of security automation in DevOps
- How to secure your build and deployment environment and tool chain
- How to leverage Infrastructure as Code for secure configuration management and provisioning
- How manual security practices (risk assessments, audits, and pen tests) can be adapted to continuously changing environments, and the important role that they still play
- Security risks and challenges posed by containers, and how to secure container technology
-
COURSE AUDIENCE
This course is made for :
- Devops engineers
- Security engineers
- Compliance Security engineers
- IT employees
-
COURSE OUTLINE
Day One
- What is DevOps?
- DevOps Goals
- DevOps Values
- DevOps Stakeholders
- Introduction
- Inadequacies of Traditional Security Tools
- Implementing a DevOps-Ready Security Program
- Aligning Security with Business Goals
Day Two
- Key Terms and Concepts
- Why DevSecOps is important
- 3 Ways to Think About DevOps+Security
- Removing the Security Bottleneck
- Implementing Detailed Visibility
- Standardizing Security Configurations
- Adding Sensors into the Application
Day Three
- Avoiding the Checkbox Trap
- Basic Security Hygiene
- Architectural Considerations
- Federated Identity
- Log Management
- Providing Security Data to DevOps Tools through RESTful APIs
- On-Demand Scaling, Micro-Perimeterization of Security Controls
- Per-Resource Granular Security Policies
Day Four
- Automating Attacks against Pre-Production Code
- Continually Testing the Production Environment
- Protecting Web Applications from an Agile/DevOps Perspective
Day Five
- Securing Containers and Clouds
- Embracing Next Generation Automated Security Tools
- The Future of DevOps and Its Strategic Role in Security
Keyword
Training Subject
Training Location