Applied DevSecOps
The Netherlands
Are you ready to automate security testing? You’ve landed on the perfect training! In just two intense days, immerse yourself in the world of DevSecOps. From threat modelling to vulnerability management, we’ve got your security needs covered.
Any questions?
Michiel will gladly help you further with any personal or in-company needs you might have.
Get in touchWhat will you learn?
In today’s digital landscape, security cannot be an afterthought. With DevSecOps, you can rest assured that security is a priority from the start, preventing vulnerabilities from creeping into any part of your software development lifecycle.
This training will give you a thorough understanding of the principles and practices needed to seamlessly integrate security into your software development and deployment pipeline. You will learn to identify and address third-party security risks at any stage, from code creation to production deployment. The training covers topics like threat modeling, application security automation, vulnerability management, infrastructure security, identity and access management, secrets management, and security monitoring. Say goodbye to common security pitfalls and hello to a new era of safe technology!
Key takeaways
- The basics of DevSecOps and threat modeling.
- How to use security tooling, like SAST, DAST, IAST, RASP, and WAF.
- Techniques to validate your system’s security posture.
- The principles of immutable infrastructure within a security context.
- Strategies for scaling your security automation.
- IaM and secrets management essentials.
Program
We will kick off the training with an introduction to threat modeling to understand just how vulnerable organizations are and emphasize the importance of security. After that, we will dive into application security automation, starting with simple dependency checks and the basics of SAST. We will continue to explore various scanners and experience hands-on vulnerability management with Git and tools like DefectDojo.
On the second day, we will plunge into infrastructure security automation, focusing on platform security (Docker, host security), identity and access management, secrets management, and security monitoring with ELK.
- Hands-on vulnerability management: Learn to manage vulnerabilities hands-on with Git and tools like DefectDojo.
- Infrastructure security: Learn all about securing platforms, Docker, host security, identity and access management, secrets management, and security monitoring with ELK.
Who is it for
This training is designed for security professionals, operations specialists and members of SRE and/or platform teams. If this sounds like you and you want to know how to scale security faster and detect and avoid common security pitfalls — you’ve come to the right place!
Requirements
Basic knowledge of the topic is beneficial.
Why should I do this training
Boost your security career
Learn security automation essentials.
Protect your organization
Master threat modeling and vulnerability management.
Be prepared
Acquire skills for scaling security in modern environments.
What does it look like?
What else
should I know?
Course information
Materials included: We will provide all necessary study materials.
Lunch included: A delicious lunch and a variety of snacks are part of the deal!
Languages: Training is in English.
Laptop: Bring a laptop with > 8GB RAM, 24GB free hard drive space, and admin access for VMs using VirtualBox and Docker.
CPE: This training entitles you to 24 CPE points.
T&A: Travel and accommodation expenses are not included.
Meet our trainers
Marinus Kuivenhoven
Marinus Kuivenhoven is a Security trainer and Head of Security Learning and Coaching at Xebia Academy.