Enquire about this course

Refund Policy

Contact the organiser to request a refund.

Eventbrite's fee is nonrefundable.

About this event

  • Event lasts 1 day 8 hours

Your course

Keep up with DevOps modernization and widen your career prospects. This practical 2-day course will help you build your own DevSecOps pipeline so you can make products secure by design. Get your hands dirty with our popular virtual labs and learn from experienced, practicing penetration testers with a legacy of training at Black Hat. Learn how to use and automate the most popular and effective security tools and practices, overcome common DevSecOps challenges, instil security culture within your team, and more...

Who it's for

  • Developers
  • DevOps/DevSecOps engineers
  • Application security engineers
  • Ops teams
  • CISOs

This course is suitable for organizations and teams with a DevOps pipeline already in place, as well as those planning to implement one. The syllabus has been designed to help different key stakeholders improve their skills and knowledge across different security practices and embed "security by design" as the way of working. Putting these learnings to use will lead to improvements in the overall security posture of your applications over time.

Top 3 takeaways

  • Hands-on experience with DevSecOps tools to help you learn what they do and how to use them
  • Working knowledge of how to implement these security tools and other practices in your DevOps pipeline
  • An offline lab setup, which you can replicate on your own computer to create and practice in the same environment in your own time (we will provide a folder and instructions for setup on Linux/MAX or Windows)

What you'll learn

This course uses a Defense by Offence methodology based on real world offensive research (not theory). That means everything we teach has been tried and tested, either on a live environment or in our labs, and can be applied (by you) once the course is over. By the end of the course, you'll know:

  • How cyber criminals and penetration testers exploit insecure DevOps practices
  • Exactly where to start when shifting from DevOps to DevSecOps
  • How to use Talisman to create pre-commit hooks to lower the chance of credentials and other secrets being exposed during development
  • How to automate security into a fast-paced DevOps environment using various open-source tools and scripts that don't slow down delivery
  • How to secure your methodology for managing and delivering Infrastructure as Code (IaC)
  • How to use the Elastic (ELK) Stack to monitor your applications' behaviors with logs and alerts
  • How to achieve DevSecOps in cloud native AWS
  • What challenges to expect when moving to a DevSecOps model and how to overcome them
  • How to mature your DevSecOps approach over time

Why it's relevant

This course was met with an incredible response when we delivered it at OWASP's 2022 AppSec Days Developer Security Summit. Despite growing awareness around the need to shift security left, speed of development is still taking precedent over risk in many organizations, leaving security behind with every deploy. Moving from DevOps to DevSecOps without slowing down is a real challenge. You need to know which tools to use, what processes to put in place and how to govern them, and how change the culture of development at the people level. Maybe most importantly, you need to know where to start.

Our DevSecOps course syllabus responds to that challenge by:

  • Covering the most recognized (and effective) DevSecOps tools, so you can put them into practice
  • Showing you how you to maintain automation and speed without compromising security
  • Addressing the challenges that teams often come up against, so you can prepare to do the same
  • Tackling DevSecOps in the cloud to help you adapt your approach for different environments
  • Acknowledging and responding to the security skills gap that exists in most development teams
  • Covering everything that DevSecOps stakeholders need to know (not just the development aspect)

What you'll be doing

Our interactive course format enables you to get hands on throughout the session, including:

  • Running different tools and testing them against realistic use cases in your own dedicated lab
  • Automating code reviews to check software for vulnerabilities
  • Modelling a Secure by Design environment module by module
  • Discussing how to embed the human and cultural aspects of DevSecOps

Find out more about this course


Start date Location / delivery
04 Sep 2024 Live Online Training Book now

Related article

Join our cyber security training courses this spring!