Certified DevOps Security Professional (CDSOP)

• Educational Background: There are no specific educational requirements for this course 

• Language Proficiency: Learners should have a good command of English, as all course materials, assessments, and discussions are conducted in English.  

• Interest in DevOps Security: This course is ideal for individuals with a keen interest in learning DevOps Security. 

• Enhanced Security Integration: Gain the ability to seamlessly embed security practices into DevOps workflows, ensuring robust protection against vulnerabilities. 

• Proficiency in Automation: Master security automation tools and techniques to streamline processes, enhance efficiency, and reduce manual errors. 

• Risk Mitigation Expertise: Develop skills to identify, assess, and address security risks effectively within dynamic DevOps environments. 

• Compliance Readiness: Understand and implement compliance standards and regulatory requirements to maintain secure and legally aligned DevOps practices. 

This course is designed for professionals seeking to enhance their expertise in integrating security within DevOps workflows for improved efficiency and protection.

• DevOps Engineers
• IT Security Specialists
• Software Developers
• Cloud Architects
• IT Managers
• System Administrators
• Cybersecurity Analysts 

Module 1: An Overview of DevOps 

• Introduction to DevOps 

• Why is DevOps Needed? 

• DevOps Working 

• Roles in DevOps Security 
   

Module 2: DevOps Security Practices 

• Key General Practices 

• Security Practices 

• Cooperation Between DevOps and Security 

• Control of Credentials 

• Automation 

• Minimising Attack Surfaces 

• Container Hardening 

• A Secure Pipeline 

• Scanning for Vulnerability 

• Continuous Monitoring 
   

Module 3: Traditional Security Tools and the Variations 

• Traditional Security Tools 

• A Focus on Prevention 

• New Legislations 

• Digitalisation 

• Securing Code
   

Module 4: Anticipating Attacks and Prevention Tactics 

• Anticipating Attacks 

• Phishing Attacks 

• Types of Phishing 

• Causes of Phishing 

• How to Avoid Phishing? 

• Minimising Data Risks 

• Physical Security and Measures 

• Encryption Techniques 

• Two-Factor Authentication 
   

Module 5: Maintaining System Security and Security of Data 

• DevOps System Security 

• General Workstation Security 

• Sensitive Data 

• Malware 

• Symptoms of Malware 

• Types of Malware 
   

Module 6: Working Alongside Developers Continually 

• Developers 

• Security Professionals 

• Collaboration 

• Barriers to Security in DevOps 

• Gathering Requirements 

• Threat Modelling 

• Environment Configuration 

• Secure Static Analysis 

• Security-Focused Code Review 

• Penetration and Environment Testing 

• Security Review 
   

Module 7: Continual Testing 

• Introduction to Continual Testing 

• Benefits of Continual Testing 

• Continual Testing Vs Test Automation 

• Risk 
   

Module 8: Implementing DevOps Security Practices 

• Current Cyber Security Standards 

• Current Cyber Security Best Practices 
   

Module 9: Ensuring Implemented Practices Align with Business Objectives 

• Integrating DevOps into the Current Workplace Environment 

• Put Client Satisfaction at the Centre 

• Define the Performance Reviews for Staff 

• Attain the Better Results by Monitoring and Feedback 
   

Module 10: Scaling DevOps Security 

• Steps Towards Scaling DevOps 

• Tools and Metrics for Scaling DevOps 

• Challenges of Scaling 
   

Module 11: DevOps Security to the Current Environment 

• Creating an Initial Plan 

• Measuring the Mirror of Results 

• Integration of Specialisation 

• Leading with Culture Rather than Tools 

• Expediting the Deployment Pipeline 

• DevOps is Automated Shared Delivery 

• Everyone Works Towards the Same Objective 

• Using Software Automation Wherever Possible 

• Establishing Transparency 

• Reiterating the Business 

• Offering Training 

• Continuous Feedback