Home
Courses
SecDevOps Foundation® (SDOF) Certification Training

SecDevOps Foundation® (SDOF) Certification Training

Course 3695

Duration: 3 days
Exam Voucher: Yes
Language: English
Level: Intermediate

This SecDevOps Foundation^® (SDOF) Certification Training course will help you prepare for and successfully attain the SecDevOps Foundation Certification. In this course, you will learn the following:

Benefits, concepts, and vocabulary of SecDevOps and DevSecOps
How SecDevOps and DevSecOps evolved from Agile
Differences between DevOps practices and other cybersecurity approaches

SecDevOps Training Delivery Methods

In-Person
Online

SecDevOps Foundation Training Information

In this SecDevOps Foundation Course, you will:

Prepare for the DevOps Institute SecDevOps Foundation Certification (SDOF) with the world's first accredited SecDevOps certification course
Trace the history and evolution of SecDevOps
Integrate SecDevOps roles with a DevOps culture and organisation
Receive official certification from the DevOps Institute (DOI)
Continue learning and face new challenges with after-course one-on-one instructor coaching

Prerequisites

None.

SecDevOps Foundation Certification Details

The 60-minute certification exam is open-book, taken in class, and included in the course tuition.
It is highly recommended that candidates attend the SecDevOps Foundation course with a DevOps Institute-accredited Education Partner to prepare for the certification exam.
The certification exam is administered through DOI.

SecDevOps Foundation Training Outline

Module 1: Agile/DevOps Foundation Review

What is Agile/DevOps?
DevOps Goals
DevOps Values
DevOps Stakeholders

Module 2: Why SecDevOps?

Key terms and concepts
Why SecDevOps is important
3 Ways to think about DevOps + Security
Key principles of SecDevOps
SecDevOps security-first philosophy
SecDevOps evolution from DevSecOps

Module 3: Culture and Management

Key terms and concepts
How much security is enough?
Threat modelling
Context is everything
High-velocity risk management
Team security profiling

Module 4: General Security Considerations

Avoiding the checkbox trap
Basic security hygiene
Architectural considerations
Federated identity
Log management

Module 5: Feature and Security Workflow

Configuration management
Centralised workflow
Workflow branch classifications
Pre- and post-commit
Deployment and release orchestration

Module 6: Acquisition Lifecycle Security

Needs Phase requirements vs. security
Acquisition Review Board (ARB)
Analyse/Select Phase measurement metrics
Obtain phase life cycle
Planning and scheduling
Dispose phase concerns

Module 7: Identity and Access Management (IAM)

Key terms and concepts
Identity and Access Management (IAM) basic concepts
Why IAM is important
Implementation guidance
Automation opportunities
How to hurt yourself with IAM

Module 8: Application Security

Application Security Testing (AST)
Testing Techniques
Prioritising Testing Techniques
Issue Management Integration
Threat Monitoring
Leveraging Automation
Secure coding and Open Web Application Security Project (OWASP) compliance

Module 9: Operational Security

Key terms and concepts
Basic security hygiene practices
Role of operations management
The Ops environment
Embracing fail-early, fail-first
Security infrastructure as code

Module 10: Cross-Team Security

Key terms and concepts
Establishing trust
Promoting shared responsibility
Team verification techniques
Embedded point-of-contact
Security, development, and operations sprints

Module 11: Roles and Responsibilities

SecDevOps Coach
Product Owner Expanded Responsibilities
Programme and Project Manager
Information System Security Officer (ISSO)
SecDevOps Engineer
Site Reliability Engineer

Module 12: Governance, Risk, Compliance (GRC) Audit

Key terms and concepts
What is GRC?
Why care about GRC?
Rethinking policies
Policy as code
Shifting audit left
Three myths of segregation of duties vs. DevOps

Module 13: Logging, Monitoring, and Response

Key terms and concepts
Setting up log management
Incident response and forensics
Threat intelligence and information sharing

Module 14: Continual Improvement

Retrospectives
Continuous learning
Open Collaboration (including security)
Shared intelligence

Module 14: Review and Summary

Exam review
Key course concepts
Next steps

Get This Course £1,650

3-day instructor-led training course
After-course instructor coaching available
DevOps Institute certification exam included

Include dates with afternoon start times

#3695

Nov 25 - 27 2:00 PM - 9:30 PM GMT

New York or Virtual
Nov 27 - 29 9:00 AM - 4:30 PM GMT

London or Virtual
Dec 4 - 6 2:00 PM - 9:30 PM GMT

Toronto or Virtual
Jan 15 - 17 2:00 PM - 9:30 PM GMT

Ottawa or Virtual
Jan 22 - 24 3:00 PM - 10:30 PM GMT

Austin or Virtual
Feb 12 - 14 2:00 PM - 9:30 PM GMT

Herndon, VA or Virtual
Feb 26 - 28 9:00 AM - 4:30 PM GMT

London or Virtual
Mar 26 - 28 1:00 PM - 8:30 PM GMT

New York or Virtual
Apr 30 - May 2 2:00 PM - 9:30 PM BST

Toronto or Virtual
Jun 16 - 18 3:00 PM - 10:30 PM BST

Austin or Virtual
Jun 25 - 27 9:00 AM - 4:30 PM BST

London or Virtual
Jul 9 - 11 2:00 PM - 9:30 PM BST

Virtual
Jul 23 - 25 2:00 PM - 9:30 PM BST

Virtual
Jul 30 - Aug 1 2:00 PM - 9:30 PM BST

Virtual
Aug 6 - 8 2:00 PM - 9:30 PM BST

Ottawa or Virtual
Sep 3 - 5 2:00 PM - 9:30 PM BST

Herndon, VA or Virtual
Sep 10 - 12 9:00 AM - 4:30 PM BST

London or Virtual
Sep 24 - 26 2:00 PM - 9:30 PM BST

Toronto or Virtual
Oct 1 - 3 2:00 PM - 9:30 PM BST

New York or Virtual

Scroll to view additional course dates

Bring this or any training to your organisation
Full-scale programme development
Delivered when, where, and how you want it
Blended learning models
Tailored content
Expert team coaching

#3695

Questions about this course?

Customise Your Team Training Experience

Fill out the form below or call 44 (0) 207 874 5000

* Required Fields

Preferred method of contact:

Phone

Need Help Finding The Right Training Solution?

Our training advisors are here for you.

SecDevOps Foundation Training FAQs

SecDevOps is a powerful modern approach for creating software that integrates security into the development life cycle. The U.S (United States). Department of Homeland Security (DHS) initiative effectiveness has been empirically proven to improve cyber protection significantly.

As a result, it is invaluable for reaching current CMMC (Cybersecurity Maturity Model Certification) requirements for vendors and government agencies.

DevSecOps and SecDevOps are remarkably similar frameworks. SecDevOps is formally proffered by DHS and has a distinctly “security first” philosophy. Over time, SecDevOps is evolving new insights and practices that go beyond the original scope of DevSecOps (such as planning, acquisition, and disposal of assets).

This course is intended for security experts, software developers, and operations specialists who must work in collaborative teams and understand SecDevOps basics. Accordingly, the material proceeds quickly into applicable practices for achieving highly robust CI/CD/CC results. The goal is to know where you are now, where you want to be in the future, and how best to get there.

PeopleCert CPDs are the continuing education credits that help you maintain PeopleCert certifications in PRINCE2, ITIL and DevOps Institute.

Maintaining PeopleCert Certifications
All PeopleCert Business and IT certifications (including PRINCE2, ITIL and DOI) must be renewed within three years of their original certification date. There are two ways to keep certifications current:

Join PeopleCert Plus (a paid membership) to earn 20 CPDs per year for 3 years and renew certifications that way.
Earn another certification from the same Product Suite (for example, to renew all ITIL certifications you can earn a new ITIL certification)

Eligible Learning Tree Training
Learning Tree training is not eligible for the PeopleCert Plus CPD program. Attendees can renew their PeopleCert certifications with Learning Tree by enrolling in another certification from the product suite they're trying to renew. Examples:

If you hold an ITIL 4 Foundation certification, and you acquire an ITIL 4 Practitioner or ITIL 4 Specialist certification, all your certification(s) belonging to the ITIL 4 Product Suite will be renewed.
Similarly, if you hold a PRINCE2 Practitioner certification and you acquire an MSP Foundation, all your certification(s) belonging to the PRINCE2 Project, Programme & Portfolio Management Suite will be renewed.

Learn more about eligibility and CPDs on the PeopleCert website: Keep your certifications current| (peoplecert.org)

Attendee Process for Renewing PeopleCert Certifications with Learning Tree
Once an attendee successfully earns a PeopleCert certification from the same product suite they're trying to renew, their other certifications in that product suite will automatically renew.

Approval Policies
N/A