Network Intelligence Presents: Certified DevOps Security Practitioner

Starts:  Sep 20, 2021 08:00 (CT)
Ends:  Sep 22, 2021 12:00 (CT)

Network Intelligence - a 20-year old global cybersecurity services firm working across the domains of security ranging from assessment to advisory services to compliance consulting & certification for standards like PCI DSS, PA DSS, GDPR, ISO 27001. Apart from being a consulting arm to our clients, we provide specialized training for professionals in the cybersecurity domain.

Network Intelligence has scheduled a 3 day training on DevOps Security called Certified DevOps Security Practitioner (CDSP). This training focuses on Embedding security into the DevOps processes is referred to as DevSecOps. While DevOps addresses the business need of rapidly delivering products and release code in order to satisfy customer demands, it is important that security must work in tandem with Agile and DevOps processes.

One such course that we have developed around the DevOps security is CDSP. The CDSP training is a 12 hours of online training spread across 3 days 4 hours each day and the workshop module is for 12 hours which includes 11 hours of training sessions followed by 1-hour online examination.

The Training details are under:

  • Date: : September 20 - 22, 2021
  • Time: 8:00 AM – 12:00 PM (CST)
  • Duration : 4 hours for 3 days (12 hours of online training)
  • Mode: Online - Microsoft Teams
  • Cost: USD $  200 for Non ISACA Members
    • USD $ 160 for ISACA Members
  • Registration link : https://forms.office.com/r/zsn2435rTb


The following is the course outline of the training:

Certified DevOps Security Practitioner (CDSP)– 3 Days course contents

 

 Module 1:

  • Intro DevOps Culture
  • DevOps Principles
  • Overview of DevOps Tools
  • DevOps CI/CD Pipelining
  • Security & Compliance Challenges in DevOps
  • Regulation
  • Security Compliance
  • Cloud Service threats
  • Rapid releases
  • New Technology (Microservices)

 

Module 2:

  • Case Study
  • Shift Secure Left
  • OWASP Proactive Controls
  • Using Infrastructure as Code
  • The ‘HoneyMoon’ Effect
  • SDOMM or DSOMM(Maturity Model)

 

 

Module 4

  • Microservice Security
  • What is Docker?
  • Overview of Docker Components
  • Security Concerns with Containers
  • Attacking Docker Containers Misconfiguration(Hands-on)
  • Auditing Docker Containers(Hands-on)
  • Kubernetes Attacking and Defending

 

Module 5:

  • Security Automation
  • CaseStudy
  • Security Policy
  • Framework(BDD,Robot)
  • Introduction to ansible(Iaac)
  • Ansible overview
  • Hands-on Security Automation

 

Module 3

  • Security challenges in CI/CD
  • Case Study
  • Injecting Security into CI/CD
  • Hands-on Open Source Tools
    (npm,owasp dependency checker,retire.js)any one
  • Static Analysis
  • Hands-on Open Source Tools
    (gitrob/trufflehog,open source static code scanner) any one
  • Dynamic Analaysis
  • Hands-on Open Source Tools (zap)
  • Security Testing
  • Git Attack & Best Pratice
  • Jenkins Attack & Best Pratice

 

 

Module 6:

  • Security Automation Compliance
  • Hands-on Inspec
  • Runtime Checks & Monitoring
  • Netflix - Security Monkey’s

 

Module 7:

  • WAF Intro
  • Case Study (Microservice)
  • Owasp Modsecurity
  • Intro to Cloud –DevSecOps (AWS, Azure)
  • Serverless Security