Skip to content
Vladimir Chavkov

DevSecOps and Security Automation Training

Integrate security into the software delivery lifecycle with this 3-day DevSecOps training. Learn how to automate security controls in CI/CD, harden container and cloud delivery workflows, and build practical guardrails without blocking teams.

Training Details

Section titled “Training Details”
Duration3 days (24 hours)
LevelIntermediate
DeliveryIn-person, Live online, Hybrid
CertificationN/A

Who Is This For?

Section titled “Who Is This For?”
  • DevOps engineers adding security controls to delivery workflows
  • Security engineers partnering with platform and engineering teams
  • Platform engineers standardizing secure delivery patterns
  • Technical leads responsible for compliance and software supply chain risk

Learning Outcomes

Section titled “Learning Outcomes”

After completing this training, you’ll be able to:

  • Integrate automated security checks into CI/CD pipelines
  • Scan code, dependencies, containers, and IaC definitions
  • Manage secrets and credentials safely in delivery systems
  • Apply policy as code for deployment governance
  • Improve software supply chain visibility and provenance
  • Reduce security friction with practical automation patterns

Detailed Agenda

Section titled “Detailed Agenda”

Day 1: Secure Delivery Foundations

Section titled “Day 1: Secure Delivery Foundations”

Module 1: DevSecOps Principles

  • Shift-left vs continuous security
  • Threats in modern delivery pipelines
  • Metrics for security automation
  • Hands-on: Map security controls to your pipeline

Module 2: Code and Dependency Security

  • SAST and secret scanning
  • Software composition analysis
  • SBOM generation and dependency governance
  • Hands-on: Add code and dependency scanning

Module 3: Container and Artifact Security

  • Base image hardening
  • Image signing and provenance
  • Registry policies and admission controls
  • Hands-on: Secure a container build flow

Day 2: Pipeline Controls and Governance

Section titled “Day 2: Pipeline Controls and Governance”

Module 4: Secrets and Identity

  • Secret storage and rotation
  • OIDC and short-lived credentials
  • Vault and cloud secret managers
  • Hands-on: Remove static credentials from CI/CD

Module 5: IaC and Policy as Code

  • Scanning Terraform, Kubernetes, and cloud templates
  • OPA, Conftest, and policy enforcement
  • Approval gates and exceptions
  • Hands-on: Enforce deployment policies

Module 6: Runtime and Delivery Protections

  • DAST and API security testing
  • Kubernetes security checks
  • Deployment-time security controls
  • Hands-on: Add runtime security validation

Day 3: Production Security Operations

Section titled “Day 3: Production Security Operations”

Module 7: Supply Chain Security

  • Provenance and attestations
  • Signing workflows and trusted builds
  • Secure build environments
  • Hands-on: Implement artifact trust controls

Module 8: Compliance Automation

  • Mapping controls to frameworks
  • Evidence collection and reporting
  • Continuous compliance patterns
  • Hands-on: Automate compliance evidence

Module 9: Operating Model and Adoption

  • DevSecOps roles and responsibilities
  • Balancing speed with governance
  • Prioritizing controls for maximum impact
  • Hands-on: Build a phased DevSecOps roadmap

Prerequisites

Section titled “Prerequisites”
  • Experience with CI/CD pipelines
  • Familiarity with Git and container workflows
  • Basic understanding of security concepts
  • Comfort working with YAML or IaC definitions

Delivery Formats

Section titled “Delivery Formats”
FormatDescription
In-PersonOn-site at your company’s location, hands-on with direct interaction
Live OnlineInteractive virtual sessions with screen sharing and real-time labs
HybridCombination of on-site and remote sessions, flexible scheduling

All formats include hands-on labs, course materials, security checklists, and post-training support.