DevSecOps Security BootCamp

DevSecOps Security BootCamp

Training Schedule


DevSecOps Security BootCamp
Jun 09th, 2018 | Saturday, 9am to 6pm, Reston VA & OnLine       


DevOps is the evolution of need for speed in software and systems delivery lifecycles. Security is one of the harder non-functional areas to be incorporated into DevOps. This class will teach students the concepts of integrating Enterprise processes with security processes with Automation in mind. Students will then get to automate a few of the DevSecOps security steps within a Jenkins reference pipeline. Though not a pre-requisite, we recommend leveraging our OnRamp to IT security offering to get most out of this class in terms of automation understanding. The AWS Security class will also add value to this class during hands on exercises.


Course Advisor


Srinivasa Kasturi is an expert in the IT industry with a Masters Degree in Computer Engineering from Villanova University and certifications such as CISSP (Certified Information Systems Security Professional), ISSAP(Information Systems Security Architecture Professional) , CSSLP(07-17) (certified Secure Software Lifecycle Professional), TOGAF(03-09), CCSK(Certificate of Cloud Security Knowledge), PMP (Project Management Professional); as well as about twenty five years of experience with network architectures, processes, Conducting thorough risk assessments, providing incident response, and last but not least Cloud Enterprise Security Strategy



The Offering

Individuals

Business

  • RapidLearn BootCamp
  • Experience Heavy (Hands-On)
  • WeekEnd Class (Saturday 9am-6pm)
  • WeekDay Evenings (Mon, Tue, Thu 7pm-10pm)
  • Enhance Job Performance / Support Career Changes
  • InPerson (Reston, VA), and OnLine
  • Instructor-Lead and OnLine
  • Experience Heavy (Hands On)
  • Custom Dates for Businesses
  • Custom Timings for Businesses
  • Enhance Job Performance
  • Business OnSite Option

Who should take this training?

AWS Admins, Security Admins, IT Auditors, IT Project Manager, Software Professionals, Security Testers, IT Monitoring Personnel, programmers, developers, web app developers.


Industry professionals wanting improve their understanding of IT, OT, and cyber security.


Looking to start a new exciting career path? Look no further! CyberForce will give you everything you need to succeed in any technology field!



Key Features / Highlights

60% Interactive Learning Material

Online or InPerson

Work with real tools of the trade!

Learn AWS Cloud Tech.

Coding/Development with Python

Learn How to spot certain attacks.

Instructor Led with 25+ years experience.


Course Description

In this class we will focus on the software development lifecycle and the unique security challenges that it presents. You will have an opportunity to work with the Jenkins reference pipeline and other tools unique to DevSecOps. For those of you who have experienced some of our other courses such as our AWS bootcamp, or IT security OnRamp, you will find that the material in our new course builds upon the skills and concepts that you have learned and perfected in our AWS and IT classes. However, if you have not attended any prior training we do NOT require that you take any prerequisite course.

Value

Improved understanding of cybersecurity, information systems, programming, and development


Skill(s) Learned / Enhanced

Begin learning basic programming, enhance your knowledge of how cloud systems function, improved threat hunting .


What do I learn?

Learn about the software development life cycles and the security challenges attributed to it, as well as learning best practices to ensure your organization limits its vulnerabilities during development.



Course Preview

Our newest course builds on the skills learned in our previous classes yet introducing you to the software development life cycle and the unique security threats that it presents. You will have more hands on experience with our cutting edge AWS cloud technologies while learning about specific DevSec tools such as the Jenkins reference pipeline.


Module 1

What is DevOps? What are the security concerns of DevOps? When and how to check if these concerns can materialize? How to assess the size of impact if these concerns materialize?


Module 2

Understand and execute tasks from an Orchestration Engine used in DevOps. Understand issues with each of shell scripts, plug-ins, loosely coupled invocation of security tools.


Module 2 Lab

Learn Jenkins navigation – and its brief overview of its orchestration ability


Create a job, configure job to invoke a batch file, run the job, review the outputs, create logic based on output data, invoke the next job


Module 3

Understand and execute code review


Module 3 Lab

Sample code review


Review a sample Python application, understand a few code vulnerabilities, understand and run Python Bandit code review tool, review the output, pipe the results back into Jenkins, automate processing of some of the vulnerabilities data, invoke or abort next job based on the results


Module 4

Understand issues caused by third party libraries. Understand issues caused due to issues with your supply chain


Module 4 Lab

Sample libraries review


Review a sample application, understand a few vulnerabilities due to insecure third-party libraries in it, understand and run OWASP Dependency check tool to discover all other vulnerabilities (CVEs), review the output, pipe the results back into Jenkins, automate processing of some of the vulnerabilities data, invoke or abort


Module 5

Understand issues with automatic provisioning of infrastructure (NW, OS, stacks, containers, pods, etc.) that will host your application. Understand infrastructure as code security concerns


Module 5 Lab

Infrastructure review


Review a sample infrastructure; use automatic scripts discovery of a few vulnerabilities in one or more of infrastructure as code, NW, OS, files and directories, and containers (time permitting); review the output; pipe the results back into Jenkins; automate processing of some of the vulnerabilities data; invoke or abort next job based on the results


Module 6

Understand issues with web applications. Understand the impact of such issues on business and data.


Module 6 Lab

Dynamics scans


Review a sample vulnerable python web application; use automatic scan of the application using OWASP ZAP; invoke ZAP as a GUI, via command line invocation, via APIs, and via Jenkins plugin; review the output; pipe the results back into Jenkins; automate processing of some of the vulnerabilities data; invoke or abort next job based on the results



Certificate

CyberForce offers Certificates that confirm your attendance and completion in turn notifying your current or potential employers of your skills and ability.


Our courses will help you achieve your career goals whether it is transitioning to the technology field, or just learning about some of the developments in a field with which you are already familiar.



Pre-requisites

Not enough experience for CISSP? Can’t Become a Certified Ethical Hacker yet? Not to worry, Cyberforce is one of the only cybersecurity training companies that does not penalize you or turn you down due to inexperience. CyberForce is inclusive of everyone from every career path, and every age group. It doesn’t matter if you have never used a computer, or if you have been in tech for years! We want to see you succeed!


All you need is:

A laptop

Notebook and pen for notes

Your desire to learn and excel in the technology field


FAQS

Trainer(s)

Our courses are instructor led by Srinivasa Kasturi who has over twenty five years of experience in IT, Cybersecurity, and Cloud Systems.


What equipment do I need to take the course?

A laptop

Notebook and pen for notes

Your desire to learn and excel in the technology field


Do I get Coffee & Tea if I take the class InPerson?

Bottled water and freshly brewed coffee are available as well as lunch.


Is this live InPerson training?

We do offer live in person training at our headquarters in Reston Virginia, as well as live on-site training for businesses.


Is it live OnLine Training?

We do offer live online training for our remote attendees.