Practical DevSecOps Instructor-led Training

About Practical DevSecOps

Practical DevSecOps ​(a Hysn Technologies Inc company) offers vendor-neutral, practical, and hands-on DevSecOps training and certification programs for IT Professionals. Our online training and certifications are focused on modern areas of information security, including DevOps Security, Cloud-Native Security, Cloud Security & Container security. The certifications are achieved after rigorous tests(12-24 hour exams) of skill and are considered the most valuable in the information security field.

We are excited to announce our instructor-led training weeks for this year in Singapore and we would be running three courses.

DevSecOps Professional Course (2 Days) - 15 to16 June 2020

DevSecOps Expert Course (3 days) - 15 to 17 June 2020

DevSecOps Architect Course (5 days) - 15 to 19 June 2020

P.S All Prices are in SGD (not in USD)

Course Syllabus

DevSecOps Professional Course - 2 days (15-16 June)

Syllabus

1. Introduction to DevOps and DevSecOps
2. Introduction to the Tools of the trade
3. Secure SDLC and CI/CD pipeline
4. Software Component Analysis(CSA) in CI/CD pipeline
5. SAST (Static Analysis) in CI/CD pipeline
6. DAST (Dynamic Analysis) in CI/CD pipeline
7. Infrastructure as Code and Its Security
8. Compliance as code
9. Vulnerability Management with custom tools.

DevSecOps Expert Course - 3 days (15-17 June)

1. Overview of DevSecOps.
2. Introduction to the Tools of the trade.
3. Secure SDLC and CI/CD pipeline.
4. Security Requirements and Threat Modelling (TM).
5. Software Component Analysis (SCA)
6. Advanced Static Analysis(SAST) in CI/CD pipeline.
7. Advanced Dynamic Analysis(DAST) in CI/CD pipeline.
8. Runtime Analysis(RASP/IAST) in CI/CD pipeline.
9. Infrastructure as Code(IaC) and Its Security.
10. Container (Docker) Security.
11. Secrets management on mutable and immutable infra
12. Vulnerability Management with custom tools.

DevSecOps Architect Course - 5 days (15-19 June)

1. Overview of DevSecOps
2. Overview of DevSecOps on AWS
3. Attacking and Auditing modern DevOps systems
4. Introduction to Amazon Web Services
5. Identity and Access Management (IAM)
6. Compute services in AWS
7. Data security in AWS
8. Network Security in AWS
9. Infrastructure as Code(IaC) and Its Security
10. Patch Management and Security Monitoring
11. Compliance in AWS

What students will be provided

The students will be provided with

1. Training manuals and lab guide.
2. Tools used during the course.
3. 30 days online lab setup.
4. CDP/CDE/CDA certification attempt.
5. Access to slack channel.

What will students learn

1. Start or mature your application security program using DevOps practices
2. Learn how to co-relate vulnerabilities to scale false positive analysis using automated tools.
3. Harden infrastructure using Infrastructure as Code and maintain compliance using Compliance as Code tools and techniques.

Who should take this course

This course is aimed at anyone who is looking to embed security as part of agile/cloud/DevOps environments:

1. Security Professionals
2. Penetration Testers
3. IT managers
4. Developers
5. DevOps Engineers

Student Requirements

The student should have some knowledge of running basic linux commands like ls, cd, mkdir etc.,

The student should have some basic understanding of application Security practices like OWASP Top 10 though not a necessity.

Students who want to attend DevSecOps Expert course should have either CDE or CDP Certification or have taken our CDE course before.

Software and Hardware Requirements

1. Our state of the lab is deployed on our cloud labs so you would need the following to connect to the lab environment.
2. Laptop with decent specs
3. AWS Free-tier Account access is required for Architect course

About Trainer

Mohammed A. "secfigo" Imran is the Founder of Practical DevSecOps, a DevSecOps Training and Certification company. He has extensive experience in building and improving multiple organization's Information Security Programs. He has a diverse background in R&D, consulting and product-based industries with a passion to solve complex security programs. Imran is the founder of Null Singapore, the largest information security community in Singapore where he has organised more than 60 events & workshops to spread security awareness. He was also nominated as a community star for being the go-to person in the community whose contribution and knowledge sharing has helped many professionals in the security industry. He is usually seen speaking in conferences like Blackhat, DevSecCon, Null and OWASP chapters