In this course, students will gain a solid understanding of how DevSecOps provides business value, enhancing your business opportunities, and improving corporate value. The core DevSecOps principles taught can support an organizational transformation, increase productivity, reduce risk, and optimize resource usage. This course explains how DevOps security practices differ from other approaches then delivers the education needed to apply changes to your organization. Participants learn the purpose, benefits, concepts, vocabulary and applications of DevSecOps. Most importantly, students learn how DevSecOps roles fit with a DevOps culture and organization. At the course’s end, participants will understand “security as code” to make security and compliance value consumable as a service. This course prepares you for the DevSecOps Foundation (DSOF) certification.


* Actual course outline may vary depending on offering center. Contact your sales representative for more information.

Learning Objectives

You will learn:

The purpose, benefits, concepts, and vocabulary of DevSecOps
How DevOps security practices differ from other security approaches
Business-driven security strategies and Best Practices
Understanding and applying data and security sciences
Integrating corporate stakeholders into DevSecOps Practices
Enhancing communication between Dev, Sec, and Ops teams
How DevSecOps roles fit with a DevOps culture and organization

  • Realizing DevSecOps Outcomes

  • Origins of DevOps

    Evolution of DevSecOps


    The Three Ways

  • Defining the Cyberthreat Landscape

  • What is the Cyber Threat Landscape?

    What is the threat?

    What do we protect from?

    What do we protect, and why?

    How do I talk to security?

  • Building a Responsive DevSecOps Model

  • Demonstrate Model

    Technical, business and human outcomes

    What’s being measured?

    Gating and thresholding

  • Integrating DevSecOps Stakeholders

  • The DevSecOps State of Mind

    The DevSecOps Stakeholders

    What’s at stake for who?

    Participating in the DevSecOps model

  • Establishing DevSecOps Best Practices

  • Start where you are

    Integrating people, process and technology and governance

    DevSecOps operating model

    Communication practices and boundaries

    Focusing on outcomes

  • Best Practices to get Started

  • The Three Ways

    Identifying target states

    Value stream-centric thinking

  • DevOps Pipelines and Continuous Compliance

  • The goal of a DevOps pipeline

    Why continuous compliance is important

    Archetypes and reference architectures

    Coordinating DevOps Pipeline construction

    DevSecOps tool categories, types and examples

  • Learning Using Outcomes

  • Security Training Options

    Training as Policy

    Experiential Learning


    The DevSecOps Collective Body of Knowledge

    Preparing for the DevSecOps Foundation certification exam


The target audience for the DevSecOps Foundation course are professionals including: Anyone involved or interested in learning about DevSecOps strategies and automation Anyone involved in Continuous Delivery toolchain architectures Compliance Team Business managers Delivery Staff DevOps Engineers IT Managers IT Security Professionals, Practitioners, and Managers Maintenance and support staff Managed Service Providers Project & Product Managers Quality Assurance Teams Release Managers Scrum Masters Site Reliability Engineers Software Engineers Testers




While there are no prerequisites for this course, please ensure you have the right level of experience to be successful in this training. Participants should have baseline knowledge and understanding of common DevOps definitions and principles.


Length: 2.0 days (16 hours)


Not Your Location? Change

Course Schedule:

Schedule select
9:00 AM ET -
5:00 PM ET
Schedule select
9:00 AM ET -
5:00 PM ET