1. Home
  2. Implementing DevSecOps

Implementing DevSecOps

Build security into your DevOps process

Explore security within a DevSecOps pipeline in an informal and interactive workshop setting. Attendees will gain practical experience through both group discussions and hands-on exercises.

Full Description and Outline

Upcoming Classes

= Guaranteed to Run
Dates
Mode
Location
Price
May 13May 14, 2025
Live Virtual
Virtual Classroom
Virtual Classroom
$1,495
Attend
Oct 21Oct 22, 2025
Live Virtual
Virtual Classroom
Virtual Classroom
$1,495
Attend
Call to Schedule
Anytime
On-Site / Private
Your Location
Your Location
Request a Quote
Contact Us
Select a learning mode button (Public, Live Virtual, etc.) for pricing, details, and a downloadable fact sheet.
Ways to Save

Career Upskilling Sale - 25% Off Training Through June 30, 2025

Ready to gain critical skills to move your career forward? FGet 25% off virtual training classes and our AI Training Week DC through June 30, 2025. Use code UPSKILL25 at registration. This discount can not be combined with any other discounts. This is a limited-time offer, so act now.

*Classes not included in this offer:

  • All pre-conference training classes at STAREAST and AIConUSA
  • Acceptance Testing—ISTQB Software Testing Certification Training (March 3-4)
  • Mobile Application Testing—ISTQB Software Testing Certification Training (March 5-6)
  • Advanced Level Test Analyst—ISTQB Software Testing Certification Training (March 10-12 & June 2-4)
  • Advanced Level Security Testing—ISTQB Software Testing Certification Training (March 24-26)
  • Advanced Level Agile Technical Testing—ISTQB Software Testing Certification Training (March 27-28)
  • Performance Testing—ISTQB Software Testing Certification Training (March 31-April 1)
  • Model-Based Testing—ISTQB Software Testing Certification Training (April 14-15)
  • Usability Testing—ISTQB Software Testing Certification Training (April 16-17)
 

 
Description
  • Learn how to build security into your DevOps process
  • Learn how to use security requirements to plan your testing efforts
  • Explore key aspects of security testing – web security, threat modeling, risk assessment
  • Learn how security testing can be effectively leveraged within a DevOps pipeline
  • Understand how DevSecOps builds upon DevOps practices
  • Understand how technical and automation skills can be leveraged in your DevSecOps efforts
  • Develop practical experience through the completion of hands-on exercises

Your organization has started moving toward a DevOps way of thinking and working, and you have started to set up a delivery pipeline. However, you realize that security testing is missing from your pipeline, and you know that testing for security early and often is an important part of ensuring that your system is free from vulnerabilities.

If you are looking for a way to include security testing in your pipeline and turn your DevOps practice into a DevSecOps practice, then this course is for you. You will learn how DevSecOps builds upon the principles and practices of DevOps and how to integrate security testing tools into the various stages of the pipeline. This course will give you hands-on practice with configuring and using these tools so that you will be prepared to introduce DevSecOps to your own organization.

Who Should Attend?
This course is appropriate for software professionals who are involved with development, testing, security, and operations and who want to incorporate security testing into their organization’s pipeline. Because this course has a heavy focus on hands-on exercises, it is most appropriate for practitioners and will not be tailored toward management or leadership.

Laptop Required
This class involves hands-on activities using sample software to better facilitate learning. Each student should bring a laptop with an SSH or PuTTY client preinstalled. Connection specifics and credentials will be supplied during class. Please verify permissions with your IT Admin before class. If you or your Admin have questions about the specific applications involved, contact our Client Support team.
Questions? 929.777.8102 [email protected]
Course Outline
DevOps Refresher
Description
Purpose
Goals
Dev vs. Ops
DevOps Principles
 
Security Refresher
Definition of Information Security
History of Information Security
CIA++
State of Application Security
 
DevSecOps Overview
Definition
Relevant Terms
Purpose
Benefits and Drawbacks
Tool Types
 
Risk Assessment
Importance of Software Security
Understanding Risk
Risk Assessment Exercise
 
Threat Modeling
Microsoft STRIDE
Architectural and Design Reviews
Threat Modeling Exercise
 
Software Composition Analysis (SCA)
Description
Motivation
Tools
SCA Exercise
 
Static Application Security Testing (SAST)
What It Is
Why We Need It
Goals
Pros and Cons
Tools
SAST Exercise
 
Dynamic Application Security Testing (DAST)
What It Is
Goals
How DAST Tools Work
Pros and Cons
Tools
DAST Exercise

 

Log Management
Description
Motivation
Tools
Log Management Exercise
 
Monitoring
Description
Motivation
Tools
Monitoring Exercise
 
Security Information and Event Management (SIEM)
Description
Motivation
Tools
SIEM Exercise
 
Security Requirements Testing
Functional vs. Non-functional Requirements
Misuse and Abuse Cases
Testing Security Requirements
Security Requirements Exercise
 
Advanced Techniques: IAST, RASP, and HAST
What They Are
Goals
How These Tools Work
Pros and Cons
Tools
 
Penetration Testing
What It Is
When It Should be Performed
How It Works
Enumeration and Footprint Analysis
Tool Categories
Pen Testing Exercise
 
Related Courses
GitHub Advanced Security (GHAS) Security Team Training

Specialized GitHub Advanced Security (GHAS) training for security teams.Learn more

Big Data on AWS

Designed for solutions architects, SysOps administrators, data analysts, and more, this course introduces you to cloud-based big data solutions...Learn more

Clone of GitHub Advanced Security (GHAS) Certification Bootcamp

This hands-on course prepares software developers and security experts for the GitHub Advanced Security (GHAS) certification exam.Learn more

Don't see a date that fits your schedule? Contact us for scheduling options at 929.777.8102
Download Fact Sheet
Price: $1,545 USD
Course Duration: 2 Days
Description
  • Learn how to build security into your DevOps process
  • Learn how to use security requirements to plan your testing efforts
  • Explore key aspects of security testing – web security, threat modeling, risk assessment
  • Learn how security testing can be effectively leveraged within a DevOps pipeline
  • Understand how DevSecOps builds upon DevOps practices
  • Understand how technical and automation skills can be leveraged in your DevSecOps efforts
  • Develop practical experience through the completion of hands-on exercises

Your organization has started moving toward a DevOps way of thinking and working, and you have started to set up a delivery pipeline. However, you realize that security testing is missing from your pipeline, and you know that testing for security early and often is an important part of ensuring that your system is free from vulnerabilities.

If you are looking for a way to include security testing in your pipeline and turn your DevOps practice into a DevSecOps practice, then this course is for you. You will learn how DevSecOps builds upon the principles and practices of DevOps and how to integrate security testing tools into the various stages of the pipeline. This course will give you hands-on practice with configuring and using these tools so that you will be prepared to introduce DevSecOps to your own organization.

Who Should Attend?
This course is appropriate for software professionals who are involved with development, testing, security, and operations and who want to incorporate security testing into their organization’s pipeline. Because this course has a heavy focus on hands-on exercises, it is most appropriate for practitioners and will not be tailored toward management or leadership.

Laptop Required
This class involves hands-on activities using sample software to better facilitate learning. Each student should bring a laptop with an SSH or PuTTY client preinstalled. Connection specifics and credentials will be supplied during class. Please verify permissions with your IT Admin before class. If you or your Admin have questions about the specific applications involved, contact our Client Support team.

 

Questions? 929.777.8102 [email protected]
Course Outline
DevOps Refresher
Description
Purpose
Goals
Dev vs. Ops
DevOps Principles
 
Security Refresher
Definition of Information Security
History of Information Security
CIA++
State of Application Security
 
DevSecOps Overview
Definition
Relevant Terms
Purpose
Benefits and Drawbacks
Tool Types
 
Risk Assessment
Importance of Software Security
Understanding Risk
Risk Assessment Exercise
 
Threat Modeling
Microsoft STRIDE
Architectural and Design Reviews
Threat Modeling Exercise
 
Software Composition Analysis (SCA)
Description
Motivation
Tools
SCA Exercise
 
Static Application Security Testing (SAST)
What It Is
Why We Need It
Goals
Pros and Cons
Tools
SAST Exercise
 
Dynamic Application Security Testing (DAST)
What It Is
Goals
How DAST Tools Work
Pros and Cons
Tools
DAST Exercise

 

Log Management
Description
Motivation
Tools
Log Management Exercise
 
Monitoring
Description
Motivation
Tools
Monitoring Exercise
 
Security Information and Event Management (SIEM)
Description
Motivation
Tools
SIEM Exercise
 
Security Requirements Testing
Functional vs. Non-functional Requirements
Misuse and Abuse Cases
Testing Security Requirements
Security Requirements Exercise
 
Advanced Techniques: IAST, RASP, and HAST
What They Are
Goals
How These Tools Work
Pros and Cons
Tools
 
Penetration Testing
What It Is
When It Should be Performed
How It Works
Enumeration and Footprint Analysis
Tool Categories
Pen Testing Exercise
 
Class Schedule
Sign-In/Registration 7:30 - 8:30 a.m.
Morning Session 8:30 a.m. - 12:00 p.m.
Lunch 12:00 - 1:00 p.m.
Afternoon Session 1:00 - 5:00 p.m.
Times represent the typical daily schedule. Please confirm your schedule at registration.
 
Class Fee Includes
• Digital course materials
• Continental breakfasts and refreshment breaks
• Lunches
• Letter of completion
Instructors
Tom-Stiehm

Tom Stiehm

Tom Stiehm is a 20 year veteran of the Information Technology industry. He has spent the past 10 years managing, designing and implementing software products and applications using agile software development methods. Prior to Coveros, Tom held a variety of CTO and architect positions at software development companies. Tom is...Learn More

Jonathan Kauffman

Jonathan Miller Kauffman

Jonathan Miller Kauffman works as an agile software development and test consultant at Coveros. In this role, Jonathan has helped both government and commercial organizations develop and test high-quality applications, and he has gained his experience by working with healthcare, biomedical device, and research organizations. Jonathan also presents at and...Learn More

= Guaranteed to Run
Dates
Mode
Location
Price
May 13May 14, 2025
Live Virtual
Virtual Classroom
Virtual Classroom
$1,495
Attend
Oct 21Oct 22, 2025
Live Virtual
Virtual Classroom
Virtual Classroom
$1,495
Attend
Download Fact Sheet
Price: $1,495 USD
Course Duration: 3 Days / 2 Days
Ways to Save

Career Upskilling Sale - 25% Off Training Through June 30, 2025

Ready to gain critical skills to move your career forward? FGet 25% off virtual training classes and our AI Training Week DC through June 30, 2025. Use code UPSKILL25 at registration. This discount can not be combined with any other discounts. This is a limited-time offer, so act now.

*Classes not included in this offer:

  • All pre-conference training classes at STAREAST and AIConUSA
  • Acceptance Testing—ISTQB Software Testing Certification Training (March 3-4)
  • Mobile Application Testing—ISTQB Software Testing Certification Training (March 5-6)
  • Advanced Level Test Analyst—ISTQB Software Testing Certification Training (March 10-12 & June 2-4)
  • Advanced Level Security Testing—ISTQB Software Testing Certification Training (March 24-26)
  • Advanced Level Agile Technical Testing—ISTQB Software Testing Certification Training (March 27-28)
  • Performance Testing—ISTQB Software Testing Certification Training (March 31-April 1)
  • Model-Based Testing—ISTQB Software Testing Certification Training (April 14-15)
  • Usability Testing—ISTQB Software Testing Certification Training (April 16-17)
 

 
Description
  • Learn how to build security into your DevOps process
  • Learn how to use security requirements to plan your testing efforts
  • Explore key aspects of security testing – web security, threat modeling, risk assessment
  • Learn how security testing can be effectively leveraged within a DevOps pipeline
  • Understand how DevSecOps builds upon DevOps practices
  • Understand how technical and automation skills can be leveraged in your DevSecOps efforts
  • Develop practical experience through the completion of hands-on exercises

Your organization has started moving toward a DevOps way of thinking and working, and you have started to set up a delivery pipeline. However, you realize that security testing is missing from your pipeline, and you know that testing for security early and often is an important part of ensuring that your system is free from vulnerabilities.

If you are looking for a way to include security testing in your pipeline and turn your DevOps practice into a DevSecOps practice, then this course is for you. You will learn how DevSecOps builds upon the principles and practices of DevOps and how to integrate security testing tools into the various stages of the pipeline. This course will give you hands-on practice with configuring and using these tools so that you will be prepared to introduce DevSecOps to your own organization.

Who Should Attend?
This course is appropriate for software professionals who are involved with development, testing, security, and operations and who want to incorporate security testing into their organization’s pipeline. Because this course has a heavy focus on hands-on exercises, it is most appropriate for practitioners and will not be tailored toward management or leadership.

Laptop Required
This class involves hands-on activities using sample software to better facilitate learning. Each student should bring a laptop with an SSH or PuTTY client preinstalled. Connection specifics and credentials will be supplied during class. Please verify permissions with your IT Admin before class. If you or your Admin have questions about the specific applications involved, contact our Client Support team.

 

Questions? 929.777.8102 [email protected]
Course Outline
DevOps Refresher
Description
Purpose
Goals
Dev vs. Ops
DevOps Principles
 
Security Refresher
Definition of Information Security
History of Information Security
CIA++
State of Application Security
 
DevSecOps Overview
Definition
Relevant Terms
Purpose
Benefits and Drawbacks
Tool Types
 
Risk Assessment
Importance of Software Security
Understanding Risk
Risk Assessment Exercise
 
Threat Modeling
Microsoft STRIDE
Architectural and Design Reviews
Threat Modeling Exercise
 
Software Composition Analysis (SCA)
Description
Motivation
Tools
SCA Exercise
 
Static Application Security Testing (SAST)
What It Is
Why We Need It
Goals
Pros and Cons
Tools
SAST Exercise
 
Dynamic Application Security Testing (DAST)
What It Is
Goals
How DAST Tools Work
Pros and Cons
Tools
DAST Exercise

 

Log Management
Description
Motivation
Tools
Log Management Exercise
 
Monitoring
Description
Motivation
Tools
Monitoring Exercise
 
Security Information and Event Management (SIEM)
Description
Motivation
Tools
SIEM Exercise
 
Security Requirements Testing
Functional vs. Non-functional Requirements
Misuse and Abuse Cases
Testing Security Requirements
Security Requirements Exercise
 
Advanced Techniques: IAST, RASP, and HAST
What They Are
Goals
How These Tools Work
Pros and Cons
Tools
 
Penetration Testing
What It Is
When It Should be Performed
How It Works
Enumeration and Footprint Analysis
Tool Categories
Pen Testing Exercise
 
Class Schedule
3-Day Daily Schedule: 12:30pm-4:30pm ET/9:30am-1:30pm PT
2-Day Daily Schedule: 10:30am-5:00pm ET/8:00am-2:00pm PT
Times represent the typical daily schedule. Please confirm class schedule at registration.
 

 

Class Fee Includes
  • Easy course access: Attend training right from your computer and easily connect your audio via computer or phone. Easy and quick access fits today’s working style and eliminates expensive travel and long days in the classroom.
  • Live, expert instruction: Instructors are sought-after practitioners, highly-experienced in the industry who deliver a professional learning experience in real-time.
  • Valuable course materials: Courses cover the same professional content as our classroom training, and students have direct access to valuable materials.
  • Rich virtual learning environment: A variety of tools are built in to the learning platform to engage learners through dynamic delivery and to facilitate a multi-directional flow of information.
  • Hands-on exercises: An essential component to any learning experience is applying what you have learned. Using the latest technology, your instructor can provide hands-on exercises, group activities, and breakout sessions.
  • Real-time communication: Communicate real-time directly with the instructor. Ask questions, provide comments, and participate in the class discussions.
  • Peer interaction: Networking with peers has always been a valuable part of any classroom training. Live Virtual training gives you the opportunity to interact with and learn from the other attendees during breakout sessions, course lecture, and Q&A.
  • Convenient schedule: Course instruction is divided into modules no longer than four hours per day. This schedule makes it easy to get the training you need without taking days out of the office and setting aside projects.
  • Small class size: Live Virtual courses are limited in small class size to ensure an opportunity for personal interaction.
Instructors
Tom-Stiehm

Tom Stiehm

Tom Stiehm is a 20 year veteran of the Information Technology industry. He has spent the past 10 years managing, designing and implementing software products and applications using agile software development methods. Prior to Coveros, Tom held a variety of CTO and architect positions at software development companies. Tom is...Learn More

Jonathan Kauffman

Jonathan Miller Kauffman

Jonathan Miller Kauffman works as an agile software development and test consultant at Coveros. In this role, Jonathan has helped both government and commercial organizations develop and test high-quality applications, and he has gained his experience by working with healthcare, biomedical device, and research organizations. Jonathan also presents at and...Learn More

Bring this course to your team at your site. Contact us to learn more at 929.777.8102.

= Guaranteed to Run
Dates
Mode
Location
Price
Call to Schedule
Anytime
On-Site / Private
Your Location
Your Location
Request a Quote
Contact Us
Download Fact Sheet
Course Duration: 2 Days
Description
  • Learn how to build security into your DevOps process
  • Learn how to use security requirements to plan your testing efforts
  • Explore key aspects of security testing – web security, threat modeling, risk assessment
  • Learn how security testing can be effectively leveraged within a DevOps pipeline
  • Understand how DevSecOps builds upon DevOps practices
  • Understand how technical and automation skills can be leveraged in your DevSecOps efforts
  • Develop practical experience through the completion of hands-on exercises

Your organization has started moving toward a DevOps way of thinking and working, and you have started to set up a delivery pipeline. However, you realize that security testing is missing from your pipeline, and you know that testing for security early and often is an important part of ensuring that your system is free from vulnerabilities.

If you are looking for a way to include security testing in your pipeline and turn your DevOps practice into a DevSecOps practice, then this course is for you. You will learn how DevSecOps builds upon the principles and practices of DevOps and how to integrate security testing tools into the various stages of the pipeline. This course will give you hands-on practice with configuring and using these tools so that you will be prepared to introduce DevSecOps to your own organization.

Who Should Attend?
This course is appropriate for software professionals who are involved with development, testing, security, and operations and who want to incorporate security testing into their organization’s pipeline. Because this course has a heavy focus on hands-on exercises, it is most appropriate for practitioners and will not be tailored toward management or leadership.

Laptop Required
This class involves hands-on activities using sample software to better facilitate learning. Each student should bring a laptop with an SSH or PuTTY client preinstalled. Connection specifics and credentials will be supplied during class. Please verify permissions with your IT Admin before class. If you or your Admin have questions about the specific applications involved, contact our Client Support team.

 

Questions? 929.777.8102 [email protected]
Course Outline
DevOps Refresher
Description
Purpose
Goals
Dev vs. Ops
DevOps Principles
 
Security Refresher
Definition of Information Security
History of Information Security
CIA++
State of Application Security
 
DevSecOps Overview
Definition
Relevant Terms
Purpose
Benefits and Drawbacks
Tool Types
 
Risk Assessment
Importance of Software Security
Understanding Risk
Risk Assessment Exercise
 
Threat Modeling
Microsoft STRIDE
Architectural and Design Reviews
Threat Modeling Exercise
 
Software Composition Analysis (SCA)
Description
Motivation
Tools
SCA Exercise
 
Static Application Security Testing (SAST)
What It Is
Why We Need It
Goals
Pros and Cons
Tools
SAST Exercise
 
Dynamic Application Security Testing (DAST)
What It Is
Goals
How DAST Tools Work
Pros and Cons
Tools
DAST Exercise

 

Log Management
Description
Motivation
Tools
Log Management Exercise
 
Monitoring
Description
Motivation
Tools
Monitoring Exercise
 
Security Information and Event Management (SIEM)
Description
Motivation
Tools
SIEM Exercise
 
Security Requirements Testing
Functional vs. Non-functional Requirements
Misuse and Abuse Cases
Testing Security Requirements
Security Requirements Exercise
 
Advanced Techniques: IAST, RASP, and HAST
What They Are
Goals
How These Tools Work
Pros and Cons
Tools
 
Penetration Testing
What It Is
When It Should be Performed
How It Works
Enumeration and Footprint Analysis
Tool Categories
Pen Testing Exercise
 
Class Schedule
Sign-In/Registration 7:30 - 8:30 a.m.
Morning Session 8:30 a.m. - 12:00 p.m.
Lunch 12:00 - 1:00 p.m.
Afternoon Session 1:00 - 5:00 p.m.
Times represent the typical daily schedule. Please confirm your schedule at registration.
Class Fee Includes
• Tuition
• Course notebook
• Letter of completion
Instructors
Tom-Stiehm

Tom Stiehm

Tom Stiehm is a 20 year veteran of the Information Technology industry. He has spent the past 10 years managing, designing and implementing software products and applications using agile software development methods. Prior to Coveros, Tom held a variety of CTO and architect positions at software development companies. Tom is...Learn More

Jonathan Kauffman

Jonathan Miller Kauffman

Jonathan Miller Kauffman works as an agile software development and test consultant at Coveros. In this role, Jonathan has helped both government and commercial organizations develop and test high-quality applications, and he has gained his experience by working with healthcare, biomedical device, and research organizations. Jonathan also presents at and...Learn More

Questions?

Get in Touch Ways To Save

On-Site/Private Training

Let us bring the learning to your team at your location or in an interactive virtual classroom!
Choose from more than 50 courses.

View all courses

Combine World-Class Training and

Certification with a Conference

Maximize Your Learning Potential

STAR Conference logo

AI Con USA logo

Agile + DevOps USA logo