DevSecOps Foundation (DSOF)℠ - eLearning (exam included)

DevSecOps Foundation (DSOF)℠ - eLearning (exam included)

In today’s rapidly evolving landscape, security is essential for organizations that frequently deploy new code. DevSecOps strengthens the DevOps approach by embedding security and compliance throughout the development pipeline, ensuring all team members follow best practices. The updated DevSecOps V 2.0 curriculum provides the necessary tools, knowledge, and strategies to cultivate and enhance DevSecOps cultures effectively.

Key Features

• Course and material in English 
• Beginner - Intermediate level
• Provided by GEL, Accredited by PeopleCert
• 6 months access to the platform with 24/7 access

• 16 hours of video material
• 25 hours of study time recommendation 
• Quizzes and exam practice
• 1 official exam voucher 
• Certification of course completion

Objectives

• Understanding the objectives, methodologies, advantages, principles, and terminology of the DevSecOps framework
• Distinguishing the DevSecOps approach from other security frameworks
• Developing security strategies aligned with business objectives
• Integrating security seamlessly into the ongoing evaluation processes of DevOps and aligning DevSecOps with DevOps cultures
• Leveraging data and security sciences for effective data comprehension and application
• Embedding DevSecOps practices into the fabric of organizational cultures
• Incorporating security protocols into continuous delivery pipelines
• Driving organizational transformation through DevSecOps expertise
• Educating corporate stakeholders on new practices and pipelines
• Improving communication among Development, Security, and Operations teams
• Comprehensive preparation for the official DevSecOps Foundation exam

Target Audience

• Organizations seeking to embrace the best practices, strategies, or automation approach of DevSecOps
• DevOps leaders/engineers or Site Reliability Engineers aiming to integrate security practices into their existing DevOps workflows
• Professionals interested in the architectures of continuous delivery toolchains
• Compliance and security personnel eager to contribute to DevOps initiatives
• IT executives, managers, security experts, practitioners, project and program managers, and business stakeholders desiring a deeper comprehension of DevSecOps principles
• Support teams, maintenance personnel, quality assurance teams, software engineers, Scrum Masters, release managers, testers, and more
• Individuals preparing to clear the DevSecOps Foundation (DSOF) exam

Prerequisites: No prerequisites are necessary for taking the exam

Syllabus Information

Module 0: Welcome to DevSecOps Foundation

Learning Objectives 

Module zero serves as an introduction to the key features, learning structure, objectives, and layout of the DevSecOps online training course.

It includes a syllabus, diagram pack, glossary, additional reading materials, and links for downloading essential framework publications. Commonly asked questions about the approach are also addressed in this module.

Students are equipped with a toolkit that includes:

• Table of contents
• DevOps Foundation reference sheet
• DevSecOps reference sheet
• Skills self-assessment form
• Glossary
• Customizable glossary
• Supplementary resources
• Diagram pack

Additionally, students receive a comprehensive exam guide and a curated list of literature to aid them throughout the course.

Module 1: Realizing DevSecOps outcomes 

Learning Objectives 

Module one provides an overview of the background and progression of the approach, including a discussion on CALMS and the Three Ways. The module delves into the challenges and limitations related to security while examining the concept of 'safety culture.'

Module 2: Defining the cyber threat landscape 

Learning Objectives

Module two delves into the exploration of threat modeling, supply chain hygiene, and continuous compliance concepts. The module also examines the prevalent risks and vulnerabilities that practitioners encounter in their work. 

Module 3: Integrating DevSecOps stakeholders

Learning Objectives

This module delves into the characteristics of an ideal culture and strategies to comprehend and bridge cultural variances within organizations. The exploration extends to the stakeholders in DevSecOps cultures, their key metrics, and a final assessment of governance, flow, and control. 

Module 4: Establishing DevSecOps practices 

Learning Objectives

This module delves into the establishment of DevSecOps practices, addressing continuous security, onboarding challenges, CI/CD pipeline, and security considerations in Cloud and Container environments.

Module 5: Memory Game

Learning Objectives

This module features an engaging memory game aimed at assessing your retention of key terms and definitions from modules 1-4. 

Module 6: Best practices to get started

Learning Objectives

Module six focuses on the optimal strategies for enhancing flow, feedback mechanisms, and fostering a culture of continuous learning.

Module 7: DevOps pipelines and continuous compliance 

Learning Objectives

Explore the intricacies of the DevOps pipeline, encompassing the planning and implementation processes linked to it. Delve into the objectives and challenges of the pipeline, along with practices for continuous integration and delivery, followed by insights on securing the pipeline.

Module 8: Building a responsive DevSecOps model 

Learning Objectives

Module eight delves into the significance of being 'responsive' in navigating cyber threat environments. Discover the essence of KPIs, assessment, and reporting, followed by insights on implementing a secure pipeline.

Module 9: Learning using outcomes

Learning Objectives

Module 9 addresses the importance of continual learning and touches on principles like training as policy, learning communities, and the value of retrospective and innovative learning.

Module 10: Memory game 

Learning Objectives

Engage in a brief memory challenge featuring a game aimed at assessing your retention of key terms and definitions from modules 6-9.

Module 11: Course wrap-up 

Learning Objectives

This module concludes the course.

Module 12: Practice Exam  

Learning Objectives

The course comes with two practice exams to help students prepare for the certification exam. The first one was developed by the DevOps Institute, while the second has been tailored by our team of experts

DevSecOps Foundation (DSOF)℠ Certification exam:

• Take the online proctored exam
• Answer 40 multiple-choice questions
• Utilize open-book resources
• Complete the exam within a 60-minute time frame
• Achieve a passing score of 65% by answering a minimum of 26 out of 40 questions correctly

FAQs

What is DevSecOps?

Embracing the evolution of DevOps, DevSecOps emerges as a vital addition. This innovative approach integrates security seamlessly into the core of development and operations, emphasizing the incorporation of security measures (and automation where feasible) across essential processes. Introducing DevSecOps v2.0, the most recent release by the DevOps Institute. This updated version offers enhanced insights, refined best practices, and a heightened focus on delving into and comprehending the contemporary 'cyber threat landscape'.

Why is security important in DevOps?

Empowering organizations to enhance efficiency in development and operations, DevOps revolutionizes processes. Yet, conventional security protocols often lag behind this rapid pace, exposing DevOps users and their creations to vulnerabilities. DevSecOps addresses this challenge by accelerating security measures and elevating their significance.

How does DevSecOps work?

Operating at the intersection of security and DevOps methodologies, DevSecOps harmonizes security protocols with established DevOps practices. This approach fosters a continuous 'security as code' ethos, embedding security checks, assessments, and controls within code and infrastructure workflows. Moreover, it promotes a culture of collaboration, open communication, and collective accountability towards ensuring robust security measures.

What is a DevSecOps Engineer?

The role of DevSecOps professionals involves supervising the deployment and administration of DevSecOps practices. They select suitable security tools and software for automation, ensuring all team members are well-versed in optimizing security measures.

How can DevSecOps benefit businesses?

Traditional security approaches in DevOps often lead to bottlenecks, hindering critical workflows and causing release delays. DevSecOps eliminates these bottlenecks by prioritizing security at every stage.

This approach not only enhances the safety of DevOps solutions but also maintains efficiency without significant interruptions.

What do I need to know about the DevSecOps examination?

The DevSecOps Foundation (DSOF) test is a closed-book assessment comprising 40 multiple-choice queries. The exam duration is 60 minutes (with an extra 25 minutes for non-native English speakers). A minimum score of 65% is required to pass the exam.

What does the DevSecOps certification path look like?

While DevSecOps lacks a rigid certification route, it is advisable to explore the methodology through a recognized training institution.

How valuable is DevSecOps training?

As per Neuvoo, individuals holding DevSecOps certifications have the potential to earn salaries ranging from $70,000 to $205,000. TotalJobs reports that DevSecOps professionals in the UK can earn from £30,000 to exceeding £150,000. Earnings are influenced by the candidate's position, geographical location, and level of expertise.

What other frameworks can complement DevSecOps?

DevSecOps is compatible with various frameworks including ITIL 4, PMP, and PRINCE2.

Partner Statement

The DevSecOps Foundation (DSOF)SM course is provided by GEL, an ATO of PeopleCert.

Copyright Statement

DSOF SM is a registered trademark of PeopleCert. Used under licence from PeopleCert. All rights reserved.

Equality policy

PeopleCert provides a Special Considerations Policy for exam accommodations. Candidates requiring accommodations should refer to the PeopleCert terms and policies at PeopleCert Special Considerations Policy.