Cart 0

SecDevOps Foundation® (SDOF) Certification Training

Course Outline

This SecDevOps Foundation® (SDOF) Certification Training course will help you prepare for and successfully attain the SecDevOps Foundation Certification. In this course, you will learn the following: 

  • Benefits, concepts, and vocabulary of SecDevOps and DevSecOps
  • How SecDevOps and DevSecOps evolved from Agile
  • Differences between DevOps practices and other cybersecurity approaches

SecDevOps Foundation® (SDOF) Certification Training Benefits

  • In this SecDevOps Foundation Course, you will:

    • Prepare for the DevOps Institute SecDevOps Foundation Certification (SDOF) with the world's first accredited SecDevOps certification course
    • Trace the history and evolution of SecDevOps
    • Integrate SecDevOps roles with a DevOps culture and organization
    • Receive official certification from the DevOps Institute (DOI)
    • Continue learning and face new challenges with after-course one-on-one instructor coaching

  • Prerequisites

    None.

  • SecDevOps Foundation Certification Details

    • The 60-minute certification exam is open-book, taken in class, and included in the course tuition.
    • It is highly recommended that candidates attend the SecDevOps Foundation course with a DevOps Institute-accredited Education Partner to prepare for the certification exam.
    • The certification exam is administered through DOI.

SecDevOps Foundation Training Outline

Module 1: Agile/DevOps Foundation Review

  • What is Agile/DevOps? 
  • DevOps Goals 
  • DevOps Values 
  • DevOps Stakeholders 

Module 2: Why SecDevOps?

  • Key terms and concepts 
  • Why SecDevOps is important 
  • 3 Ways to think about DevOps + Security 
  • Key principles of SecDevOps 
  • SecDevOps security-first philosophy 
  • SecDevOps evolution from DevSecOps 

Module 3: Culture and Management

  • Key terms and concepts 
  • How much security is enough? 
  • Threat modeling 
  • Context is everything 
  • High-velocity risk management 
  • Team security profiling 

Module 4: General Security Considerations

  • Avoiding the checkbox trap 
  • Basic security hygiene 
  • Architectural considerations 
  • Federated identity 
  • Log management 

Module 5: Feature and Security Workflow

  • Configuration management 
  • Centralized workflow 
  • Workflow branch classifications 
  • Pre- and post-commit 
  • Deployment and release orchestration 

Module 6: Acquisition Lifecycle Security

  • Needs Phase requirements vs. security
  • Acquisition Review Board (ARB)
  • Analyze/Select Phase measurement metrics
  • Obtain phase life cycle
  • Planning and scheduling
  • Dispose phase concerns

Module 7: Identity and Access Management (IAM)

  • Key terms and concepts
  • Identity and Access Management (IAM) basic concepts
  • Why IAM is important
  • Implementation guidance
  • Automation opportunities
  • How to hurt yourself with IAM

Module 8: Application Security

  • Application Security Testing (AST)
  • Testing Techniques
  • Prioritizing Testing Techniques
  • Issue Management Integration
  • Threat Monitoring
  • Leveraging Automation
  • Secure coding and Open Web Application Security Project (OWASP) compliance

Module 9: Operational Security

  • Key terms and concepts
  • Basic security hygiene practices
  • Role of operations management
  • The Ops environment
  • Embracing fail-early, fail-first
  • Security infrastructure as code

Module 10: Cross-Team Security

  • Key terms and concepts
  • Establishing trust
  • Promoting shared responsibility
  • Team verification techniques
  • Embedded point-of-contact
  • Security, development, and operations sprints

Module 11: Roles and Responsibilities

  • SecDevOps Coach
  • Product Owner Expanded Responsibilities
  • Program and Project Manager
  • Information System Security Officer (ISSO)
  • SecDevOps Engineer
  • Site Reliability Engineer

Module 12: Governance, Risk, Compliance (GRC) Audit

  • Key terms and concepts
  • What is GRC?
  • Why care about GRC? 
  • Rethinking policies 
  • Policy as code 
  • Shifting audit left 
  • Three myths of segregation of duties vs. DevOps 

Module 13: Logging, Monitoring, and Response

  • Key terms and concepts
  • Setting up log management
  • Incident response and forensics
  • Threat intelligence and information sharing

Module 14: Continual Improvement

  • Retrospectives
  • Continuous learning
  • Open Collaboration (including security)
  • Shared intelligence

Module 14: Review and Summary

  • Exam review
  • Key course concepts
  • Next steps
Course Dates - North America
Course Dates - Europe
Attendance Method
Additional Details (optional)