SecDevOps Foundation® (SDOF) Certification Training

Course 3695

  • Duration: 3 days
  • Exam Voucher: Yes
  • Language: English
  • 17 NASBA CPE Credits (live, in-class training only)
  • 17 PMI PDUs
  • 8 DevOps Institute Continuing Education Units
  • Level: Intermediate

This SecDevOps Foundation® (SDOF) Certification Training course will help you prepare for and successfully attain the SecDevOps Foundation Certification. In this course, you will learn the following: 

  • Benefits, concepts, and vocabulary of SecDevOps and DevSecOps
  • How SecDevOps and DevSecOps evolved from Agile
  • Differences between DevOps practices and other cybersecurity approaches

SecDevOps Training Delivery Methods

  • In-Person

  • Online

SecDevOps Foundation Training Information

In this SecDevOps Foundation Course, you will:

  • Prepare for the DevOps Institute SecDevOps Foundation Certification (SDOF) with the world's first accredited SecDevOps certification course
  • Trace the history and evolution of SecDevOps
  • Integrate SecDevOps roles with a DevOps culture and organization
  • Receive official certification from the DevOps Institute (DOI)
  • Continue learning and face new challenges with after-course one-on-one instructor coaching

Prerequisites

None.

SecDevOps Foundation Certification Details

  • The 60-minute certification exam is open-book, taken in class, and included in the course tuition.
  • It is highly recommended that candidates attend the SecDevOps Foundation course with a DevOps Institute-accredited Education Partner to prepare for the certification exam.
  • The certification exam is administered through DOI.

SecDevOps Foundation Training Outline

  • What is Agile/DevOps? 
  • DevOps Goals 
  • DevOps Values 
  • DevOps Stakeholders 
  • Key terms and concepts 
  • Why SecDevOps is important 
  • 3 Ways to think about DevOps + Security 
  • Key principles of SecDevOps 
  • SecDevOps security-first philosophy 
  • SecDevOps evolution from DevSecOps 
  • Key terms and concepts 
  • How much security is enough? 
  • Threat modeling 
  • Context is everything 
  • High-velocity risk management 
  • Team security profiling 
  • Avoiding the checkbox trap 
  • Basic security hygiene 
  • Architectural considerations 
  • Federated identity 
  • Log management 
  • Configuration management 
  • Centralized workflow 
  • Workflow branch classifications 
  • Pre- and post-commit 
  • Deployment and release orchestration 
  • Needs Phase requirements vs. security
  • Acquisition Review Board (ARB)
  • Analyze/Select Phase measurement metrics
  • Obtain phase life cycle
  • Planning and scheduling
  • Dispose phase concerns
  • Key terms and concepts
  • Identity and Access Management (IAM) basic concepts
  • Why IAM is important
  • Implementation guidance
  • Automation opportunities
  • How to hurt yourself with IAM
  • Application Security Testing (AST)
  • Testing Techniques
  • Prioritizing Testing Techniques
  • Issue Management Integration
  • Threat Monitoring
  • Leveraging Automation
  • Secure coding and Open Web Application Security Project (OWASP) compliance
  • Key terms and concepts
  • Basic security hygiene practices
  • Role of operations management
  • The Ops environment
  • Embracing fail-early, fail-first
  • Security infrastructure as code
  • Key terms and concepts
  • Establishing trust
  • Promoting shared responsibility
  • Team verification techniques
  • Embedded point-of-contact
  • Security, development, and operations sprints
  • SecDevOps Coach
  • Product Owner Expanded Responsibilities
  • Program and Project Manager
  • Information System Security Officer (ISSO)
  • SecDevOps Engineer
  • Site Reliability Engineer
  • Key terms and concepts
  • What is GRC?
  • Why care about GRC? 
  • Rethinking policies 
  • Policy as code 
  • Shifting audit left 
  • Three myths of segregation of duties vs. DevOps 
  • Key terms and concepts
  • Setting up log management
  • Incident response and forensics
  • Threat intelligence and information sharing
  • Retrospectives
  • Continuous learning
  • Open Collaboration (including security)
  • Shared intelligence
  • Exam review
  • Key course concepts
  • Next steps

Need Help Finding The Right Training Solution?

Our training advisors are here for you.

SecDevOps Foundation Training FAQs

SecDevOps is a powerful modern approach for creating software that integrates security into the development life cycle. The U.S (United States). Department of Homeland Security (DHS) initiative effectiveness has been empirically proven to improve cyber protection significantly.

As a result, it is invaluable for reaching current CMMC (Cybersecurity Maturity Model Certification) requirements for vendors and government agencies.

DevSecOps and SecDevOps are remarkably similar frameworks. SecDevOps is formally proffered by DHS and has a distinctly “security first” philosophy. Over time, SecDevOps is evolving new insights and practices that go beyond the original scope of DevSecOps (such as planning, acquisition, and disposal of assets).

This course is intended for security experts, software developers, and operations specialists who must work in collaborative teams and understand SecDevOps basics. Accordingly, the material proceeds quickly into applicable practices for achieving highly robust CI/CD/CC results. The goal is to know where you are now, where you want to be in the future, and how best to get there.

PeopleCert CPDs are the continuing education credits that help you maintain PeopleCert certifications in PRINCE2, ITIL and DevOps Institute. 

Maintaining PeopleCert Certifications
All PeopleCert Business and IT certifications (including PRINCE2, ITIL and DOI) must be renewed within three years of their original certification date. There are two ways to keep certifications current: 

  1. Join PeopleCert Plus (a paid membership) to earn 20 CPDs per year for 3 years and renew certifications that way. 
  2. Earn another certification from the same Product Suite (for example, to renew all ITIL certifications you can earn a new ITIL certification) 

Eligible Learning Tree Training
Learning Tree training is not eligible for the PeopleCert Plus CPD program. Attendees can renew their PeopleCert certifications with Learning Tree by enrolling in another certification from the product suite they're trying to renew. Examples: 

  1. If you hold an ITIL 4 Foundation certification, and you acquire an ITIL 4 Practitioner or ITIL 4 Specialist certification, all your certification(s) belonging to the ITIL 4 Product Suite will be renewed.
  2. Similarly, if you hold a PRINCE2 Practitioner certification and you acquire an MSP Foundation, all your certification(s) belonging to the PRINCE2 Project, Programme & Portfolio Management Suite will be renewed.

Learn more about eligibility and CPDs on the PeopleCert website: Keep your certifications current| (peoplecert.org)

Attendee Process for Renewing PeopleCert Certifications with Learning Tree
Once an attendee successfully earns a PeopleCert certification from the same product suite they're trying to renew, their other certifications in that product suite will automatically renew. 

Approval Policies
N/A

Chat With Us