Skip to content
Vladimir Chavkov

DevSecOps and Security Automation Training

Master DevSecOps with this comprehensive 3-day training. Learn to shift security left, automate security testing, and integrate security practices throughout the DevOps lifecycle.

Training Details

Section titled “Training Details”
Duration3 days (24 hours)
LevelIntermediate
DeliveryIn-person, Live online, Hybrid
CertificationN/A

Who Is This For?

Section titled “Who Is This For?”
  • DevOps engineers implementing security
  • Security engineers automating practices
  • Platform engineers building secure systems
  • SREs responsible for security

Learning Outcomes

Section titled “Learning Outcomes”

After completing this training, participants will be able to:

  • Implement security in CI/CD pipelines
  • Automate security testing
  • Scan code and dependencies for vulnerabilities
  • Implement secrets management
  • Configure security policies as code
  • Monitor and respond to security events
  • Implement compliance automation

Detailed Agenda

Section titled “Detailed Agenda”

Day 1: Security in Pipelines

Section titled “Day 1: Security in Pipelines”

Module 1: DevSecOps Fundamentals

  • Shift-left security
  • Security in DevOps lifecycle
  • Threat modeling
  • Hands-on: Security assessment

Module 2: SAST and Code Security

  • Static application security testing
  • SonarQube and Semgrep
  • Code quality and security
  • Hands-on: Integrate SAST

Module 3: Dependency Scanning

  • Software composition analysis
  • Vulnerability databases
  • Dependency management
  • Hands-on: Scan dependencies

Day 2: Container and Infrastructure Security

Section titled “Day 2: Container and Infrastructure Security”

Module 4: Container Security

  • Container image scanning
  • Trivy and Clair
  • Runtime security
  • Hands-on: Secure containers

Module 5: Infrastructure Security

  • IaC security scanning
  • tfsec and Checkov
  • Cloud security posture
  • Hands-on: Scan infrastructure code

Module 6: Secrets Management

  • Vault integration
  • Secrets in CI/CD
  • Secret rotation
  • Hands-on: Implement secrets management

Day 3: Compliance and Operations

Section titled “Day 3: Compliance and Operations”

Module 7: Policy as Code

  • Open Policy Agent (OPA)
  • Kyverno for Kubernetes
  • Policy enforcement
  • Hands-on: Implement policies

Module 8: Compliance Automation

  • Compliance frameworks
  • Audit automation
  • Evidence collection
  • Hands-on: Automate compliance

Module 9: Security Monitoring

  • Security event monitoring
  • SIEM integration
  • Incident response automation
  • Hands-on: Monitor security

Prerequisites

Section titled “Prerequisites”
  • DevOps fundamentals
  • Understanding of security concepts
  • CI/CD pipeline experience
  • Cloud security basics

Delivery Formats

Section titled “Delivery Formats”
FormatDescription
In-PersonOn-site at your company’s location, hands-on with direct interaction
Live OnlineInteractive virtual sessions with screen sharing and real-time labs
HybridCombination of on-site and remote sessions, flexible scheduling

All formats include hands-on labs, course materials, security checklists, and post-training support.