Synopsys Software Integrity Group is now operating as Black Duck Software, Inc., a subsidiary of Synopsys. Click to learn more.

close search bar

Sorry, not available in this language yet

close language selection

DevOps for Security Managers

Course Description

This course is geared toward security executives who own a software security group or are sponsoring a security initiative organization-wide. It covers how to align legacy and net-new necessary security tools and activities with a DevOps culture and its underlying delivery technologies, conventions, and culture. This course prepares security executives to gain and maintain a “seat at the table” with development leadership by providing enough “what” and “how” regarding sw-defined security governance to productively participate—and even drive—sw-defined security governance, or as some say, “the Sec in DevSecOps” that ultimately secures DX.

Learning Objectives

  • Understanding the DevOps movement for organizations and how cloud technology adoption greatly enabled and accelerated CI/CD toolchain and DevOps culture adoption
  • Identify and address common challenges in converting legacy controls to the new culture
  • Plan a culturally compatible approach to addressing these challenges
  • Participate in existing engineering measurement practices, adding security metrics

Details

Delivery Format: eLearning

Duration: 1 hour 30 minutes

Level: Beginner

Intended Audience:

  • Architects

Prerequisites:

Course Outline

Introduction to History

  • History and Evolution
  • Time-to-Market and Self-Service Software Delivery

Software Lifecycle and Challenges

  • How Engineering-Led Initiatives See Their Lifecycle
  • Challenges Security Initiatives Face
  • Maturing Firms May Have It Harder
  • Challenge 1: Cadence
  • Challenge 2: Gating the SDL
  • Challenge 3: Building Using a Federated Workforce
  • Challenge 4: Automation: Reducing Reliance on Human (Manual) Effort
  • Challenge 5: Inventory

Achieving Security Governance: Inventorying Software, Conducting Defect Discovery

  • Introduction and Pillars
  • Inventorying Assets, Scope
  • Discovering Inventory
  • Automating Practice Areas
  • Defect Discovery
  • DevOps Defect Discovery

Security Governance: Process Remediation Workflow, and Gating

  • Alternatives to Gates
  • Remediation Enablement
  • Accountability
  • Continuous Telemetry, with Continuous Delivery

Measurement

  • DORA
  • Security, a Subset of Quality
  • Sample Security Measures

Course Wrap-Up

 

 

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster