DevOps Course

course overview

Click to View dates & book now


DevSecOps has been described as 'security as code', 'a marriage of DevOps and Security' and 'Shifting security to the left'. Traditional security approaches are inefficient and largely ineffective for organisations using Agile, DevOps and Cloud - as illustrated by the massive amount of recent data breaches. DevSecOps is a new approach which embeds security to each DevOps team, with automated security testing at all stages of the software development lifecycle. Security infrastructure, policies, controls, compliance, audit and even secure operations are all coded and automated, with almost no manual processes.

This three day hands-on course begins with an overview of the DevSecOps approach, framework and DevSecOps toolkit, then looks at application security, the elements of a secure software development lifecycle, and the use of automated application security tests as part of the continuous integration / continuous deployment pipeline. Next we move on to cloud security, infrastructure as code, and potential security issues which can arise from the agile DevOps process. We cover the implementation of security controls as code, ranging from security policies, secrets management, encryption, identity and access management, to logging, monitoring and alerting. Containers and serverless architectures are introduced and potential security issues highlighted, with a review of container security technologies. A DevSecOps approach is used to integrate automated security tests and mitigate security risks. Continuous compliance as code is covered, using different approaches and appropriate DevSecOps tools for prevention, detection and remediation, leading to the concept of audit as code.

A new model for Security Operations is presented with security incident identification, management and response as code, making use of big data analysis, artificial intelligence and machine learning, alongside more traditional techniques such as signature detection and threat intelligence feeds. Finally, we look at the people aspect of DevSecOps, moving away from technology and code, to organisational and cultural aspects, skills development, team effectiveness and recruitment approaches.

The course is delivered through presentations, practical demonstrations and labs. You will gain practical hands-on experience of DevSecOps tools, automated security tests and serverless applications. You will implement security improvements to infrastructure as code, and deploy continuous compliance tools to provide ongoing security assurance for a cloud environment.

Skills Gained

Delegates will learn about the following topics:

  • DevSecOps approach, framework and toolkit
  • Automated application security testing integrated to CI/CD pipeline
  • Cloud security, infrastructure as code, unit and integration tests
  • Containers, security issues and container security solutions
  • Continuous compliance as code
  • Serverless functions, architectures, automated remediation
  • A DevSecOps model for security operations
  • People aspects of DevSecOps


This course is primarily aimed at:

  • Application developers, DevOps engineers, team leaders and managers wishing to improve their knowledge of security and DevSecOps
  • Security and information risk professionals looking to develop their understanding of DevSecOps framework and tools, coding, automation and the changes needed to ensure effective security in a DevOps culture

There are no particular pre-requisites, however delegates will benefit from any knowledge and experience of DevOps, application and infrastructure security.




  • Introductions
  • Objectives of course
  • Agenda

DevSecOps Approach, Framework and Toolkit

  • DevOps fundamentals
  • Lab: Application Development Pipeline
  • Why a traditional security approach doesn't work
  • What is DevSecOps?
  • DevSecOps approach
  • DevSecOps framework
  • DevSecOps toolkit

Automated Application Security Testing

  • OWASP Top 10
  • Secure Software Development Lifecycle
  • Application Security Testing Tools
  • Lab: Integrate Application Security Test to Pipeline

Infrastructure as Code and Unit Tests

  • Infrastructure as Code
  • Unit Tests
  • Lab: InSpec


Cloud Security

  • AWS EC2
  • Lab: Infrastructure as Code
  • AWS Security
  • Cloud automation
  • Secrets management

Continuous Compliance

  • Continuous Compliance Framework
  • Policy as code
  • Audit as code
  • Lab: Cloud Compliance
  • Lab: Discover Secrets
  • Demo: Policy as code in Azure



  • Concept of containers
  • Docker
  • Security Issues of containers
  • Orchestration
  • Container security solutions
  • Integration to CI / CD pipeline
  • Lab: Container security


  • Concept of serverless
  • AWS Lambda, Azure Cloud Functions, Google Cloud Functions
  • Serverless application architecture
  • Security implications
  • Lab: Deploy serverless application to cloud using CI / CD pipeline

A DevSecOps model for Security Operations

  • Why the traditional Security Operations Center is no longer effective
  • Data analysis, security incident identification and analysis as code
  • Elastic stack (formerly ELK stack)
  • Artificial Intelligence, machine learning and data discovery tools
  • Security Incident Response as code
  • Red Teams and Blue Teams
  • Real-life Cloud Security Issues
  • Demonstrations of real-life cloud security issues

People aspects of DevSecOps

  • Culture
  • Organisation
  • Skills and training
  • Security champions
  • Recruitment
  • Team effectiveness

Talk to an expert

Thinking about Onsite?

If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. Its a cost effective option. One on one training can be delivered too, at reasonable rates.

Submit an enquiry from any page on this site and let us know you are interested in the requirements box, or simply mention it when we contact you.

All $ prices are in USD unless it’s a NZ or AU date

SPVC = Self Paced Virtual Class

LVC = Live Virtual Class

Please Note: All courses are availaible as Live Virtual Classes

Trusted by over 1/2 million students in 15 countries

Our clients have included prestigious national organisations such as Oxford University Press, multi-national private corporations such as JP Morgan and HSBC, as well as public sector institutions such as the Department of Defence and the Department of Health.