• Course Goals
• Course Agenda

• Key Terms and Concepts
• Why DevSecOps is important
• 3 Ways to Think About DevOps+Security
• Key Principles of DevSecOps

• Key Terms and Concepts
• Incentive Model
• Resilience
• Organizational Culture
• Generativity
• Erickson, Westrum, and LaLoux
• Exercise: Influencing Culture

• Key Terms and Concepts
• How Much Security is Enough?
• Threat Modeling
• Context is Everything
• Risk Management in a High-velocity World
• Exercise: Measuring For Success

• Avoiding the Checkbox Trap
• Basic Security Hygiene
• Architectural Considerations
• Federated Identity
• Log Management

• Key Terms and Concepts
• IAM Basic Concepts
• Why IAM is Important
• Implementation Guidance
• Automation Opportunities
• How to Hurt Yourself with IAM
• Exercise: Overcoming IAM Challenges

• Application Security Testing (AST)
• Testing Techniques
• Prioritizing Testing Techniques
• Issue Management Integration
• Threat Modeling
• Leveraging Automation

• Key Terms and Concepts
• Basic Security Hygiene Practices
• Role of Operations Management
• The Ops Environment
• Exercise: Adding Security to Your CI/CD Pipeline

• Key Terms and Concepts
• What is GRC?
• Why Care About GRC?
• Rethinking Policies
• Policy as Code
• Shifting Audit Left
• 3 Myths of Segregation of Duties vs. DevOps
• Exercise: Making Policies, Audit and Compliance

• Key Terms and Concepts
• Setting Up Log Management
• Incident Response and Forensics
• Threat Intelligence and Information Sharing

• Where We Started
• What We Covered
• Key Reminders of What’s Important
• Exercise: Creating a Personal Action Plan

• Exam Requirements, Question Weighting and

• Sample Exam Review

• Course Goals
• Course Agenda

• Key Terms and Concepts
• Why DevSecOps is important
• 3 Ways to Think About DevOps+Security
• Key Principles of DevSecOps

• Key Terms and Concepts
• Incentive Model
• Resilience
• Organizational Culture
• Generativity
• Erickson, Westrum, and LaLoux
• Exercise: Influencing Culture

• Key Terms and Concepts
• How Much Security is Enough?
• Threat Modeling
• Context is Everything
• Risk Management in a High-velocity World
• Exercise: Measuring For Success

• Avoiding the Checkbox Trap
• Basic Security Hygiene
• Architectural Considerations
• Federated Identity
• Log Management

• Key Terms and Concepts
• IAM Basic Concepts
• Why IAM is Important
• Implementation Guidance
• Automation Opportunities
• How to Hurt Yourself with IAM
• Exercise: Overcoming IAM Challenges

• Application Security Testing (AST)
• Testing Techniques
• Prioritizing Testing Techniques
• Issue Management Integration
• Threat Modeling
• Leveraging Automation

• Key Terms and Concepts
• Basic Security Hygiene Practices
• Role of Operations Management
• The Ops Environment
• Exercise: Adding Security to Your CI/CD Pipeline

• Key Terms and Concepts
• What is GRC?
• Why Care About GRC?
• Rethinking Policies
• Policy as Code
• Shifting Audit Left
• 3 Myths of Segregation of Duties vs. DevOps
• Exercise: Making Policies, Audit and Compliance

• Key Terms and Concepts
• Setting Up Log Management
• Incident Response and Forensics
• Threat Intelligence and Information Sharing

• Where We Started
• What We Covered
• Key Reminders of What’s Important
• Exercise: Creating a Personal Action Plan

• Exam Requirements, Question Weighting and

• Sample Exam Review

TARGET AUDIENCE