***Last Day to Register: April 18th***
Dates: April 20-22
Time: 8:30am to 4:30pm Central Time
CPE: 24 (3 days)
Format: Online
ISACA Member Pricing: $725
ISACA Non-Member Pricing: $800
FEE Notes:
- All non-members of ISACA must create a free account and log in during registration.
- You can create an ISACA account here if you do not already have one.
Last Day to Register: April 18th
This course focuses on the use of Development Security Operations (DevSecOps) as an extension of Agile and Lean principles, and how to audit this software development and delivery approach.
Course Agenda
- What is DevOps
- The 5 Ws and the H
- Plan
- Develop
- Deliver
- Operate
- Where do Audit and Risk Fit in?
- Language and culture
- Do risk and DevOps intersect?
- Auditing DevOps
- The DevOps process
- Flow
- Feedback
- Continual learning and experimentation
- What does a DevOps culture look like?
- Collaboration, visibility and alignment
- Shifts in scope and accountability
- Shorter release cycles
- Continual learning
- DevOps practices
- Maturity models overview
- Continual integration and continuous delivery (CI/CD)
- Version control
- Agile software development
- Infrastructure as Code (IaC)
- Configuration management
- Continuous monitoring
- DevOps and the Cloud
- Cloud agility
- Kubernetes
- Serverless computing
- What is DevSecOps?
- The 5 Ws and the H
- Do risk and DevSecOps intersect?
- Auditing DevSecOps
- Best practices for DevSecops
- Shift left
- Security education
- Communication, people, processes and technology
- Traceability, auditability and visibility
- Where do we go from here?
- IT audit and DevSecOps
- Tools and Resources
Instructor: Thomas Salzman, CISA, ITIL
Thomas Salzman is the IT Audit Manager for Illinois State University where he manages all computer audits conducted by the University. His responsibilities include working with educational, athletic, and administrative departments throughout the University to prepare and streamline and improve IT processes, computer security, IT policies and procedures, operational processes and internal controls; and develop methodologies for managing computer resources. His work requires him to be skilled in network controls, application management, computer intrusion, security management, and application design and development. Previously, Mr. Salzman was Director of Professional Services for the Information Systems Audit and Control Association (ISACA) where he was responsible for establishing and supporting its worldwide network of educational programs, conferences, and special events; as well as authoring the Professional Seminar Series of diverse educational offerings. He also served as editor and co-author of the ISACA CISA Review Manual. Prior to joining ISACA, Mr. Salzman was with Coopers & Lybrand, heading their Technical Training and Information Security practices. Tom also served on the faculty of DePaul University, authoring and presenting undergraduate and post-graduate degree programs.