DevOps Security: Creating a DevOps Security Strategyのトレーニングコース

OVERVIEW

This course is designed for participants who are engaged in the design, implementation, and management of DevOps deployment pipelines and toolchains that support Continuous Integration, Continuous Delivery, Continuous Testing and potentially Continuous Deployment. The course highlights underpinning processes, metrics, APls and cultural considerations with Continuous Delivery.

Key benefits of Continuous Delivery will be covered including increased velocity to assist organizations to respond to market changes rapidly, thus being able to outmaneuver competition, reduce risk and lower costs while releasing higher quality solutions. Increased productivity and employee morale by having more activities performed by pipelines instead of humans so teams can focus on vision while pipelines do the execution.

Built upon the principles and practices highlighted in bestselling books such as “Continuous Delivery,” “Accelerate: The Science of Lean Software and DevOps: Building and Scaling High Performing Technology Organizations,” and more written by thought leaders in the DevOps movement. The Continuous Delivery Ecosystem Foundation course equips IT professionals with the broad-based competencies necessary in architecting and orchestrating effective and efficient automated deployment pipelines.

The course materials will include practical artifacts, templates, and lexicons collected by the author, Marc Hornbeek to assist learners post-class.

This certification positions learners to successfully complete the Continuous Delivery Ecosystem Foundation (CDEF) exam.

COURSE OBJECTIVES

The learning objectives for CDEF include a practical understanding of:

• Goals, history, terminology, and pipeline
• The importance, practices, and transformation of a DevOps collaborative culture
• Design practices, such as modular design and microservices
• Continuous Integration (Cl), such as version control, builds, and remediation
• Tenets and best practices of Continuous Testing (CT)
• Continuous Delivery and Deployment (CD): packaging, containers, and release
• Continuous Monitoring (CM): monitoring and analysis infrastructure, process, and apps
• Infrastructure and tools: frameworks, tools, and infrastructure as code
• Security Assurance: DevSecOps
• The opportunity to hear and share real-life scenarios

LEARNER MATERIALS

• 2 days of instructor-led training and exercise facilitation
• Digital Learner Manual (excellent post-class reference)
• Participation in exercises designed to apply concepts
• Sample documents, templates, tools and techniques
• Access to additional sources of information and communities

CERTIFICATION EXAM

Successfully passing (65%) the 60-minute examination, consisting of 40 multiple-choice questions, leads to the candidate’s designation as a certified DevOps Continuous Delivery Ecosystem Foundation (CDEF). The certification is governed and maintained by the DevOps Institute.

OVERVIEW 

This comprehensive course addresses testing in a DevOps environment and covers concepts such as the active use of test automation, testing earlier in the development cycle, and instilling testing skills in developers, quality assurance, security, and operational teams. 

The course is relevant for every modern IT professional involved in defining or deploying a DevOps testing strategy for their organization, as test engineering is the backbone of DevOps and the primary key for successful DevOps pipeline to support digital transformation. 

Actionable and exciting exercises will be used to apply the concepts covered in the course and sample documents, templates, tools, and techniques will be provided to leverage after the class. 

This certification positions learners to successfully complete the Continuous Testing Foundation exam. 

COURSE OBJECTIVES

The learning objectives for CTF include a practical understanding of:

• The purpose, benefits, concepts, and vocabulary of DevOps testing
• How DevOps testing differs from other types of testing
• DevOps testing strategies, test management, and results analysis
• Strategies for selecting test tools and implementing test automation
• Integration of DevOps testing into Continuous Integration and Continuous Delivery workflows
• How DevOps testers fit with a DevOps culture, organization, and roles

LEARNER MATERIALS 

• 2 days of instructor-led training and exercise facilitation 
• Digital Learner Manual (excellent post-class reference) 
• Participation in exercises designed to apply concepts 
• Sample documents, templates, tools and techniques
• Access to additional sources of information and communities

CERTIFICATION EXAM

Successfully passing (65%) the 60-minute examination, consisting of 40 multiple-choice questions, leads to the candidate’s designation as Continuous Testing Foundation (CTF) certified. The certification is governed and maintained by the DevOps Institute. 

OVERVIEW

DevOps is a complex maze that has many leaders frustrated. Many enterprises struggle with their DevOps journey, or even knowing where to start. There are many layers of people, process and technologies across each organization that are instrumental to engineering a successful DevOps solution. DevOps is not something you go get a quote for and simply buy. It’s an evolving journey.

This course explains the many aspects of DevOps engineering that leaders and practitioners can execute upon. While DevOps Foundation provides an overview of DevOps, this course will provide a closer look at the implementation process from an engineering perspective. It is an in depth view of the major aspects of engineering DevOps. An engineering approach is critical to DevOps journeys. This course provides the foundations of knowledge, principles and practices from a technical perspective needed to engineer a successful DevOps solution.

This course positions learners to successfully complete the DevOps Engineering Foundation exam.

COURSE OBJECTIVES

The learning objectives for DevOps Engineering Foundation include an understanding of:

• How to engineer DevOps solutions
• DevOps Technologies
• Applications Architectures
• Continuous Integration
• Continuous Testing
• Ephemeral Elastic Infrastructures
• Continuous Delivery and Deployment
• Metrics, Monitoring, Observability and Governance
• DevOps Humans
• Future Trends

LEARNER MATERIALS

• 2 days of instructor-led training and exercise facilitation
• Learner Manual (excellent post-class reference)
• Participation in unique exercises designed to apply concepts
• Sample exam and exam requirements guidelines
• Access to additional sources of information and communities

CERTIFICATION EXAM

Successfully passing (65%) the 60-minute exam, consisting of 40 multiple-choice questions, leads to the candidate’s designation as DevOps Engineering Foundation certified. The certification is governed and maintained by DevOps Institute.

OVERVIEW

As organizations are facing new entrants in their respective markets, they need to stay competitive and release new and updated products on a regular basis rather than one or two times a year. 

The DevOps Foundation course provides a baseline understanding of key DevOps terminology to ensure everyone is talking the same language and highlights the benefits of DevOps to support organizational success.

The course includes the latest thinking, principles and practices from the DevOps community including real-world case studies from high performing organizations including ING Bank, Ticketmaster, Capital One, Alaska Air, Target, Fannie Mae, Societe Generale, and Disney that engage and inspire learners, leveraging multimedia and interactive exercises that bring the learning experience to life, including the Three Ways as highlighted in the Phoenix Project by Gene Kim and the latest from the State of DevOps and DevOps Institute Upskilling reports.

Learners will gain an understanding of DevOps, the cultural and professional movement that stresses communication, collaboration, integration, and automation to improve the flow of work between software developers and IT operations professionals.

The course is designed for a broad audience, enabling those on the business side to obtain an understanding of microservices and containers. Those on the technical side will obtain an understanding as to the business value of DevOps to reduce cost (15-25% overall IT cost reduction) with increased quality (50-70% reduction in change failure rate) and agility (up to 90% reduction in provision and deployment time) to support business objectives in support of digital transformation initiatives.

Unique and exciting exercises will be used to apply the concepts covered in the course and sample documents, templates, tools, and techniques will be provided to use after the class.

This certification positions learners to successfully complete the DevOps Foundation examination.

COURSE OBJECTIVES

The learning objectives for DevOps Foundation include an understanding of:

• DevOps objectives and vocabulary
• Benefits to the business and IT
• Principles and practices including Continuous Integration, Continuous Delivery, testing, security and the Three Ways
• DevOps relationship to Agile, Lean and ITSM
• Improved workflows, communication and feedback loops
• Automation practices including deployment pipelines and DevOps toolchains
• Scaling DevOps for the enterprise
• Critical success factors and key performance indicators 
• Real-life examples and results

LEARNER MATERIALS 

• 2 days of instructor-led training and exercise facilitation 
• Learner Manual (excellent post-class reference) 
• Participation in unique exercises designed to apply concepts 
• Sample documents, templates, tools and techniques 
• Access to additional value-added resources and communities

CERTIFICATION EXAM 

Successfully passing (65%) the 60-minute examination, consisting of 40 multiple-choice questions, leads to the DevOps Foundation Certificate. The certification is governed and maintained by the DevOps Institute.

OVERVIEW 

The DevOps Leader course is a unique and practical experience for participants who want to take a transformational leadership approach and make an impact within their organization by implementing DevOps. Leading people through a DevOps evolution requires new skills, tools, innovative thinking, and transformational leadership. Leaders up, down and across an organization must align and collaborate to break down silos and evolve the organization.

The course highlights the human dynamics of cultural change and equips participants with practices, methods, and tools to engage people across the DevOps spectrum through the use of real-life scenarios and case studies. Upon completion of the course, participants will have tangible takeaways to leverage when back in the office such as understanding Value Stream Mapping. 

The course was developed by leveraging key DevOps leadership sources to extract real-life best practices in leading DevOps initiatives and has been designed to teach the key differences and emerging practices for DevOps ways of working through leadership in a fast-paced DevOps and Agile environment. 

This certification positions learners to successfully complete the DevOps Leader exam. 

COURSE OBJECTIVES

The learning objectives for DOL include a practical understanding of:

• DevOps and time to value
• Mindset and mental models
• Key differences between DevOps IT and traditional IT
• Target operating models and organizational design
• Performance management, rewards and motivation
• Preparing investment cases
• Focusing on value outcomes
• Ideas for organizing workflows
• Empowerment and participation
• Defining meaningful metrics
• Value stream mapping
• Driving cultural and behavioral change

LEARNER MATERIALS 

• 2 days of instructor-led training and exercise facilitation 
• Learner Manual (excellent post-class reference) 
• Participation in unique exercises designed to apply concepts 
• Sample documents, templates, tools and techniques 
• Access to additional value-added resources and communities 

CERTIFICATION EXAM

Successfully passing (65%) the 60-minute examination, consisting of 40 multiple-choice questions, leads to the candidate’s designation as a certified DevOps Leader (DOL). The certification is governed and maintained by DevOps Institute.   

OVERVIEW

The Value Stream Management Foundation course from Value Stream Management Consortium, and offered in partnership with DevOps Institute, is an introductory course taking learners through a value stream management implementation journey. It considers the human, process, and technology aspects of this way of working and explores how optimizing value streams for flow and realization positively impacts organizational performance.

LEARNING OBJECTIVES

• Describe the origins of value stream management and key concepts such as flow, value, and delivery
• Describe what value stream management is, why it’s needed and the business benefits of its practice
• Describe how lean, agile, DevOps, and ITSM principles contribute to value stream management
• Identify and describe value streams, where they start and end, and how they interconnect
• Identify value stream roles and responsibilities
• Express value streams visually using mapping techniques, define current and target states and hypothesis backlog
• Write value stream flow and realization optimization hypotheses and experiments
• Apply metrics such as touch/processing time, wait/idle time, and cycle time to value streams
• Understand flow metrics and how to access the data to support data-driven conversations and decisions
• Examine value realization metrics and aligning to business outcomes, and how to sense and respond to them (outcomes versus outputs)
• Architect a DevOps toolchain alongside a value stream and data connection points
• Design a continuous inspection and adaptation approach for organizational evolution

LEARNER MATERIALS

• 2 days of live instructor-led training via the DevOps Institute Education Partner network
• Digital Learner Manual including:
  • Course slideware 
  • Value-Added Resources
  • Interactive exercises and discussions designed to apply concepts 
  • Case stories
  • Glossary
  • Sample exam(s)
• Access to additional sources of information
• Option to join the DevOps Institute and Value Stream Management Consortium membership communities

CERTIFICATION EXAM

Successfully passing (65%) the 60-minute examination, consisting of 40 multiple-choice questions, leads to the candidate receiving their Value Stream Management Foundation certification and digital badge. The certification is governed and maintained in partnership with DevOps Institute

OVERVIEW 

As companies deploy code faster and more often than ever, new vulnerabilities are also accelerating. When the boss says, “Do more with less”, DevOps practices adds business and security value as an integral, strategic component.  Delivering development, security, and operations at the speed of business should be an essential component for any modern enterprise.

Course topics covered include how DevSecOps provides business value, enhancing your business opportunities, and improving corporate value.  The core DevSecOps principles taught can support an organizational transformation, increase productivity, reduce risk, and optimize resource usage.

This course explains how DevOps security practices differ from other approaches then delivers the education needed to apply changes to your organization. Participants learn the purpose, benefits, concepts, vocabulary and applications of DevSecOps.  Most importantly, students learn how DevSecOps roles fit with a DevOps culture and organization. At the course’s end, participants will understand “security as code” to make security and compliance value consumable as a service.

No course would be complete without practical application and this course teaches the steps to integrate security programs from the developers and operators through the business C-level.  Every stakeholder plays a part and the learning material highlights how professionals can use these tools as the primary means of protecting the organization and customer through multiple case studies, video presentations, discussion options, and exercise material to maximize learning value.  These  real-life scenarios create tangible takeaways participants can leverage upon their return to the home office.

This course positions learners to pass the DevSecOps Foundation exam. 

COURSE OBJECTIVES

The learning objectives include a practical understanding of:

• The purpose, benefits, concepts, and vocabulary of DevSecOps
• How DevOps security practices differ from other security approaches
• Business-driven security strategies and Best Practices
• Understanding and applying data and security sciences
• Integrating corporate stakeholders into DevSecOps Practices
• Enhancing communication between Dev, Sec, and Ops teams
• How DevSecOps roles fit with a DevOps culture and organization

LEARNER MATERIALS 

• Digital Learner Manual (excellent post-class reference)
• Participation in exercises designed to apply concepts
• Sample documents, templates, tools and techniques
• Access to additional sources of information and communities

CERTIFICATION EXAM

Successfully passing (65%) the 60-minute examination, consisting of 40 multiple-choice questions, leads to the candidate’s designation as DevSecOps Foundation (DSOF) certified. The certification is governed and maintained by DevOps Institute.    

OVERVIEW

The DevSecOps Practitioner course is intended as a follow-on to the DevSecOps Foundation course. The course builds on previous understanding to dive into the technical implementation. Each section highlights useful metrics as well as integrating new techniques into differing practices. These modules offer suggestions on how to overcome people, process, and technological issues to develop better DevSecOps outcomes. Beginning with a deeper dive into the surrounding concepts, the course then considers either using existing metrics or developing unique expressions suitable to each DevOps experience. The middle section looks at architecture transitions, building an infrastructure, and tuning the CI/CD pipeline to best effect. Finally, the course offers ways to get the best from your experimentation practices and considers where the future of DevSecOps may lead.

The DevsecOps Practitioner course introduces more advanced ways to explore DevSecOps in your organization. Each section covers practical maturity guides, and then discusses how people, process and technology can be combined to improve outcomes.

The course aims to equip participants with the practices, methods, and tools to engage people across the organization involved in reliability through the use of real-life scenarios and case stories. Upon completion of the course, participants will have tangible takeaways to leverage when back in the office such as implementing DevSecOps practices to their organizational structure, building better pipelines in distributed systems, and having a common technological language.

The course is developed by leveraging key DevSecOps sources, engaging with thought-leaders in the space and working with organizations to extract real-life best practices and has been designed to teach the key principles & practices necessary for successful DevSecOps practices.

This course positions learners to successfully complete the DevSecOps Practitioner certification exam.

Please note: The DevOps Institute DevSecOps Foundation certification is a prerequisite to the DevSecOps Practitioner exam.

COURSE OBJECTIVES

At the end of the course, the following learning objectives are expected to be achieved:

1. Comprehend the underlying principles of DevSecOps
2. Distinguish between the technical elements used across DevSecOps practices
3. Demonstrate how practical maturity concepts can be extended across multiple areas.
4. Implement metric-based assessments tied to your organization.
5. Recognize modern architectural concepts including microservice to monolithtransitions.
6. Recognize the various languages and tools used to communicate architectural concepts.
7. Contrast the options used to build a DevSecOps infrastructure through Platform as a Service, Server-less construction, and event-driven mediums
8. Prepare hiring practices to recognize and understand the individual knowledge, skills, and abilities required for mature Dev.
9. Identify the various technical requirements tied to the DevSecOps pipelines and how those impact people and process choices.
10. Review various approaches to securing data repositories and pipelines.
11. Analyze how monitoring and observability practices contribute to valuable outcomes.
12. Comprehend how to implement monitoring at key points to contribute to actionable analysis.
13. Evaluate how different experimental structures contribute to the 3 rd Way.
14. Identify future trends that may affect DevSecOps

LEARNER MATERIALS

• 3 days of instructor-led training and exercise facilitation
• Learner Manual (excellent post-class reference)
• Participation in unique exercises designed to apply concepts
• Sample documents, templates, tools, and techniques
• Access to additional value-added resources and communities

CERTIFICATION EXAM

Successfully passing (65%) the 90-minute examination, consisting of 40 multiple-choice questions, leads to the SRE Practitioner certificate. The certification is governed and maintained by DevOps Institute.

OVERVIEW 

The SRE (Site Reliability Engineering) Foundation course is an introduction to the principles & practices that enable an organization to reliably and economically scale critical services. Introducing a site-reliability dimension requires organizational re-alignment, a new focus on engineering & automation, and the adoption of a range of new working paradigms. 

The course highlights the evolution of SRE and its future direction, and equips participants with the practices, methods, and tools to engage people across the organization involved in reliability and stability evidenced through the use of real-life scenarios and case stories. Upon completion of the course, participants will have tangible takeaways to leverage when back in the office such as understanding, setting and tracking Service Level Objectives (SLO’s). 

The course was developed by leveraging key SRE sources, engaging with thought-leaders in the SRE space and working with organizations embracing SRE to extract real-life best practices and has been designed to teach the key principles & practices necessary for starting SRE adoption.

This course positions learners to successfully complete the SRE Foundation certification exam. 

COURSE OBJECTIVES

The learning objectives for the SRE Foundation course include a practical understanding of:

• The history of SRE and its emergence at Google
• The inter-relationship of SRE with DevOps and other popular frameworks
• The underlying principles behind SRE
• Service Level Objectives (SLO’s) and their user focus
• Service Level Indicators (SLI’s) and the modern monitoring landscape
• Error budgets and the associated error budget policies
• Toil and its effect on an organization’s productivity
• Some practical steps that can help to eliminate toil
• Observability as something to indicate the health of a service
• SRE tools, automation techniques and the importance of security
• Anti-fragility, our approach to failure and failure testing
• The organizational impact that introducing SRE brings

LEARNER MATERIALS 

• 2 daysof instructor-led training and exercise facilitation 
• Learner Manual (excellent post-class reference) including:
  • Course slideware
  • Value Added Resources
  • Glossary
• Participation in exercises and discussions designed to apply concepts 
• Case stories
• Access to additional sources of information and communities 

CERTIFICATION EXAM

Successfully passing (65%) the 60-minute examination, consisting of 40 multiple-choice questions, leads to the SRE (Site Reliability Engineering) Foundation certificate. The certification is governed and maintained by the DevOps Institute.

SonarQube is a code quality testing tool developed by SonarSource for performing automatic reviews to detect bugs and security vulnerabilities. It can be integrated easily into existing workflows and build pipelines for continuous code inspection.

This instructor-led, live training (online or onsite) is aimed at DevOps engineers and developers who wish to use SonarQube to run code reviews that are fully-integrated into development tool chains, such as Jenkins, GitHub, Azure DevOps, etc.

By the end of this training, participants will be able to:

• Set up the necessary development environment to start running automatic code reviews.
• Integrate SonarQube with continuous integration tools, such as Jenkins, Azure DevOps, etc.
• Run continuous code inspections to eliminate bugs and security vulnerabilities.
• Collect and analyze data to drive improvements for code cleanup, maintenance, and security.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Argo CD (also referred to as argocd, argo-cd, and argoproj) is a declarative, continuous delivery tool for Kubernetes clusters that simplifies application monitoring and deployment.

This instructor-led, live training (online or onsite) is aimed at system administrators and developers who wish to use Argo CD to automate the deployment and lifecycle management of applications.

By the end of this training, participants will be able to automate, monitor, audit, and roll back their Kubernetes systems using Argo CD.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Spinnaker is an open source multi-cloud continuous delivery platform for releasing software efficiently.

This instructor-led, live training (online or onsite) is aimed at engineers who wish to use Spinnaker to frequently and continuously deploy software to AWS or Kubernetes.

By the end of this training, participants will be able to:

• Install and configure Spinnaker for advanced operations.
• Integrate Spinnaker with existing continuous integration tools such as Jenkins.
• Understand Spinnaker's internal architecture and deployment workflow constructs.
• Create pipelines for deploying software on Kubernetes.
• Create pipelines for deploying software on AWS.
• Troubleshoot common Spinnaker issues.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Kubernetes is an open source container-orchestration system for automating CI/CD management. Spinnaker is an open source multi-cloud CD platform for releasing software with efficiency. With Kubernetes and Spinnaker, users can employ immutable structures, deployment pipelines, and cluster management.

This instructor-led, live training (online or onsite) is aimed at cloud engineers who wish to use Kubernetes and Spinnaker for CI/CD operations.

By the end of this training, participants will be able to:

• Build on the Kubernetes platform to accelerate cloud targeted deployments.
• Integrate Spinnaker with Docker and Git for automating the delivery of code to pipelines.
• Automate and manage CD pipelines, while choosing from a variety of CI tool options.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

By the end of this training, participants will be able to:

• Install and configure Maven.
• Automate Testing using Selenium
• Managing GIT
• Integrating continous integration

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Continuous Integration (CI) is a development practice wherein developers merge changes in their code as often as possible in order to detect and locate errors quickly.

In this instructor-led, live training, participants will learn the basics of Continuous Integration for JavaScript as they step through setting up a Continuous Integration process for a JavaScript project.

By the end of this training, participants will be able to:

• Understand the fundamentals of Continuous Integration
• Build their own Continuous Integration system for their JavaScript projects

Audience

• Developers
• IT Professionals
• DevOps Engineers
• Business Managers

Format of the course

• Part lecture, part discussion, exercises and heavy hands-on practice