Home
Courses
SecDevOps Foundation® (SDOF) Certification Training

SecDevOps Foundation® (SDOF) Certification Training

Course 3695

Duration: 3 days
Exam Voucher: Yes
Language: English
Level: Intermediate

This SecDevOps Foundation^® (SDOF) Certification Training course will help you prepare for and successfully attain the SecDevOps Foundation Certification. In this course, you will learn the following:

Benefits, concepts, and vocabulary of SecDevOps and DevSecOps
How SecDevOps and DevSecOps evolved from Agile
Differences between DevOps practices and other cybersecurity approaches

SecDevOps Training Delivery Methods

In-Person
Online

SecDevOps Foundation Training Information

In this SecDevOps Foundation Course, you will:

Prepare for the DevOps Institute SecDevOps Foundation Certification (SDOF) with the world's first accredited SecDevOps certification course
Trace the history and evolution of SecDevOps
Integrate SecDevOps roles with a DevOps culture and organisation
Receive official certification from the DevOps Institute (DOI)
Continue learning and face new challenges with after-course one-on-one instructor coaching

Prerequisites

None.

SecDevOps Foundation Certification Details

The 60-minute certification exam is open-book, taken in class, and included in the course tuition.
It is highly recommended that candidates attend the SecDevOps Foundation course with a DevOps Institute-accredited Education Partner to prepare for the certification exam.
The certification exam is administered through DOI.

SecDevOps Foundation Training Outline

Module 1: Agile/DevOps Foundation Review

What is Agile/DevOps?
DevOps Goals
DevOps Values
DevOps Stakeholders

Module 2: Why SecDevOps?

Key terms and concepts
Why SecDevOps is important
3 Ways to think about DevOps + Security
Key principles of SecDevOps
SecDevOps security-first philosophy
SecDevOps evolution from DevSecOps

Module 3: Culture and Management

Key terms and concepts
How much security is enough?
Threat modelling
Context is everything
High-velocity risk management
Team security profiling

Module 4: General Security Considerations

Avoiding the checkbox trap
Basic security hygiene
Architectural considerations
Federated identity
Log management

Module 5: Feature and Security Workflow

Configuration management
Centralised workflow
Workflow branch classifications
Pre- and post-commit
Deployment and release orchestration

Module 6: Acquisition Lifecycle Security

Needs Phase requirements vs. security
Acquisition Review Board (ARB)
Analyse/Select Phase measurement metrics
Obtain phase life cycle
Planning and scheduling
Dispose phase concerns

Module 7: Identity and Access Management (IAM)

Key terms and concepts
Identity and Access Management (IAM) basic concepts
Why IAM is important
Implementation guidance
Automation opportunities
How to hurt yourself with IAM

Module 8: Application Security

Application Security Testing (AST)
Testing Techniques
Prioritising Testing Techniques
Issue Management Integration
Threat Monitoring
Leveraging Automation
Secure coding and Open Web Application Security Project (OWASP) compliance

Module 9: Operational Security

Key terms and concepts
Basic security hygiene practices
Role of operations management
The Ops environment
Embracing fail-early, fail-first
Security infrastructure as code

Module 10: Cross-Team Security

Key terms and concepts
Establishing trust
Promoting shared responsibility
Team verification techniques
Embedded point-of-contact
Security, development, and operations sprints

Module 11: Roles and Responsibilities

SecDevOps Coach
Product Owner Expanded Responsibilities
Programme and Project Manager
Information System Security Officer (ISSO)
SecDevOps Engineer
Site Reliability Engineer

Module 12: Governance, Risk, Compliance (GRC) Audit

Key terms and concepts
What is GRC?
Why care about GRC?
Rethinking policies
Policy as code
Shifting audit left
Three myths of segregation of duties vs. DevOps

Module 13: Logging, Monitoring, and Response

Key terms and concepts
Setting up log management
Incident response and forensics
Threat intelligence and information sharing

Module 14: Continual Improvement

Retrospectives
Continuous learning
Open Collaboration (including security)
Shared intelligence

Module 14: Review and Summary

Exam review
Key course concepts
Next steps

Get This Course 20 930 kr

3-day instructor-led training course
After-course instructor coaching available
DevOps Institute certification exam included

Include dates with afternoon start times

#3695

Guaranteed to Run - you can rest assured that the class will not be cancelled.
dec 4 - 6 10:00 - 17:30 CET

Virtual
jan 17 - 19 15:00 - 22:30 CET

Ottawa or Virtual
feb 7 - 9 15:00 - 22:30 CET

Herndon, VA or Virtual
mar 4 - 6 10:00 - 18:00 CET

Virtual
mar 4 - 6 9:00 - 16:30 CET

Virtual
mar 26 - 28 14:00 - 21:30 CET

Toronto or Virtual
apr 10 - 12 16:00 - 23:30 CEST

Austin or Virtual
maj 15 - 17 15:00 - 22:30 CEST

Herndon, VA or Virtual
maj 29 - 31 10:00 - 18:00 CEST

London or Virtual
maj 29 - 31 9:00 - 16:30 CEST

Stockholm or Virtual
jun 12 - 14 15:00 - 22:30 CEST

New York or Virtual
jul 17 - 19 15:00 - 22:30 CEST

Ottawa or Virtual
aug 7 - 9 15:00 - 22:30 CEST

Herndon, VA or Virtual
sep 11 - 13 10:00 - 18:00 CEST

London or Virtual
sep 11 - 13 9:00 - 16:30 CEST

Stockholm or Virtual

Scroll to view additional course dates

Bring this or any training to your organisation
Full-scale programme development
Delivered when, where, and how you want it
Blended learning models
Tailored content
Expert team coaching

#3695

Questions about this course?

Customise Your Team Training Experience

Fill out the form below or call +46 (0)8 506 668 00

* Required Fields

Preferred method of contact:

Phone

Need Help Finding The Right Training Solution?

Our training advisors are here for you.

SecDevOps Foundation Training FAQs

SecDevOps is a powerful modern approach for creating software that integrates security into the development life cycle. The U.S (United States). Department of Homeland Security (DHS) initiative effectiveness has been empirically proven to improve cyber protection significantly.

As a result, it is invaluable for reaching current CMMC (Cybersecurity Maturity Model Certification) requirements for vendors and government agencies.

DevSecOps and SecDevOps are remarkably similar frameworks. SecDevOps is formally proffered by DHS and has a distinctly “security first” philosophy. Over time, SecDevOps is evolving new insights and practices that go beyond the original scope of DevSecOps (such as planning, acquisition, and disposal of assets).

This course is intended for security experts, software developers, and operations specialists who must work in collaborative teams and understand SecDevOps basics. Accordingly, the material proceeds quickly into applicable practices for achieving highly robust CI/CD/CC results. The goal is to know where you are now, where you want to be in the future, and how best to get there.

DevOps Institute certifications expire two years from the date earned and must be renewed before that expiration date. For an individual’s first DevOps Institute certification, 30 CEUs are required to maintain an active certification. For individuals who hold more than one DevOps Institute certification, an additional 6 CEUs will be required for each additional certification.

Learning Tree offers a variety of DOI CEU-eligible training to help you maintain your certification. View the list of DOI CEU-eligible training courses.