1 – Course Introduction
- Course Goals
- Course Agenda
2 – Why DevSecOps
- Key Terms and Concepts
- Why DevSecOps is important
- 3 Ways to Think About DevOps+Security
- Key Principles of DevSecOps
3 – Culture and Management
- Key Terms and Concepts
- Incentive Model
- Resilience
- Organizational Culture
- Generativity
- Erickson, Westrum, and LaLoux
- Exercise: Influencing Culture
4 – Strategic Considerations
- Key Terms and Concepts
- How Much Security is Enough?
- Threat Modeling
- Context is Everything
- Risk Management in a High-velocity World
- Exercise: Measuring For Success
5 – General Security Considerations
- Avoiding the Checkbox Trap
- Basic Security Hygiene
- Architectural Considerations
- Federated Identity
- Log Management
6 – IAM: Identity & Access Management
- Key Terms and Concepts
- IAM Basic Concepts
- Why IAM is Important
- Implementation Guidance
- Automation Opportunities
- How to Hurt Yourself with IAM
- Exercise: Overcoming IAM Challenges
7 – Application Security
- Application Security Testing (AST)
- Testing Techniques
- Prioritizing Testing Techniques
- Issue Management Integration
- Threat Modeling
- Leveraging Automation
8 – Operational Security
- Key Terms and Concepts
- Basic Security Hygiene Practices
- Role of Operations Management
- The Ops Environment
- Exercise: Adding Security to Your CI/CD Pipeline
9 – Governance, Risk, Compliance (GRC) and Audit
- Key Terms and Concepts
- What is GRC?
- Why Care About GRC?
- Rethinking Policies
- Policy as Code
- Shifting Audit Left
- 3 Myths of Segregation of Duties vs. DevOps
- Exercise: Making Policies, Audit and Compliance
10 – Logging, Monitoring and Response
- Key Terms and Concepts
- Setting Up Log Management
- Incident Response and Forensics
- Threat Intelligence and Information Sharing
11 – Course Review
- Where We Started
- What We Covered
- Key Reminders of What’s Important
- Exercise: Creating a Personal Action Plan
12 – Exam Preparations
- Exam Requirements, Question Weighting and
13 – Terminology List
- Sample Exam Review
