Cloud Security and DevOps Automation

Provided by

Enquire about this course

About the course

Instructor: Gregory Leonard
5,435 EUR 5,185 EUR paid by Jul 17

38 CPEs
Laptop Required

DEV540 provides development, operations, and security professionals with a methodology to build and deliver secure infrastructure and software using DevOps and cloud services. Students will explore how the principles, practices, and tools of DevOps can improve the reliability, integrity, and security of on-premise and cloud-hosted applications.

Starting with on-premise deployments, the first two days of the course examine the Secure DevOps methodology and its implementation using lessons from successful DevOps security programs. Students will gain hands-on experience using popular open-source tools such as Puppet, Jenkins, GitLab, Vault, Grafana, and Docker to automate Configuration Management ("nfrastructure as Code"), Continuous Integration (CI), Continuous Delivery (CD), containerization, micro-segmentation, automated compliance ("Compliance as Code"), and Continuous Monitoring. The lab environment starts with a CI/CD pipeline that automatically builds, tests, and deploys infrastructure and applications. Leveraging the Secure DevOps toolchain, students perform a series of labs injecting security into the CI/CD pipeline using a variety of security tools, patterns, and techniques.

After laying the DevSecOps foundation, the final three days move DevOps workloads to the cloud, build secure cloud infrastructure, and deliver secure software. DEV540 provides in-depth analysis of the Amazon Web Services (AWS) toolchain, while lightly covering comparable services in Microsoft Azure. Using the CI/CD toolchain, students build a cloud infrastructure that can host containerized applications and microservices. Hands-on exercises analyze and fix cloud infrastructure and application vulnerabilities using security services and tools such as API Gateway, Identity and Access Management (IAM), CloudFront Signing, Security Token Service (STS), Key Management Service (KMS), managed WAF services, serverless functions, CloudFormation, AWS Security Benchmark, and much more.

DEV540 Will Prepare You To:

Understand the core principles and patterns behind DevOps:

Recognize how work is done in DevOps and identify keys to success

Map and implement a Continuous Delivery/Continuous Deployment pipeline:

Utilize Continuous Integration, Continuous Delivery, and Continuous Deployment workflows, patterns, and tools

Identify the security risks and issues associated with DevOps and Continuous Delivery

Understand the DevSecOps methodology and toolchain:

Use DevOps practices to secure DevOps tools and workflows
Conduct effective risk assessments and threat modeling in a rapidly changing environment
Design and write automated security tests and checks in CI/CD
Understand the strengths and weaknesses of different automated testing approaches in Continuous Delivery
Implement self-serve security services for developers
Inventory and patch your software dependencies
Threat model and secure your build and deployment environment

Integrate security into production operations:

Automate configuration management using infrastructure as code
Secure container technologies (such as Docker)
Build continuous monitoring feedback loops from production to engineering
Securely manage secrets for continuous integration servers and applications
Automate compliance and security policy scanning

Move your DevOps workloads to the cloud:

Secure your Amazon Web Services account
Understand the cloud architecture components
Use Infrastructure as Code (specifically CloudFormation) to automate cloud infrastructure
Incorporate security scanning into CodePipeline using CodeBuild
Containerize applications with the EC2 Container Registry and EC2 Container Service

Consume cloud services to secure cloud applications:

Protect sensitive secrets with KMS and the SSM Parameter Store
Protect static content with CloudFront Signing
Secure REST APIs with API Gateway
Leverage serverless functions to authorize requests to the API Gateway

Automate cloud security and operations tasks:

Patch systems with blue/green deployments
Deploy the AWS WAF and write custom WAF rules
Detect and respond to security events using CloudWatch and serverless functions

Course Syllabus

DEV540.1: Introduction to Secure DevOps
DEV540.2: Moving to Production
DEV540.3: Moving to the Cloud
DEV540.4: Cloud Application Security
DEV540.5: Cloud Security Automation


Start date Location / delivery
02 Sep 2019 Munich, Germany

Related article

Addressing The Weakest link John McGlone at The Training Centre outlines how you can address the weakest link in cybersecurity. Companies spend a s...