Zero-To-Hero Developer Security Operations Course

In this course you will learn how to create a state of the art developer security operations program.

What you'll learn

Developer Security Operations Zero-to-Hero
Understand the fundamentals of leveraging the Veracode Platform as a Security Engineer.
Apply the security engineering concepts to a real use case scenario.
Work with industry recognized standard tooling from Veracode.
Work with industry recognized standard tooling from Burp Suite.
Work with industry recognized standard tooling from Elasticsearch.
Work with industry recognized standard tooling from JFROG Artifactory.
Requirements

There aren't any specific requirements for taking this course. We aim to teach novice information security professionals and experienced professionals. The audience for this curriculum range from CISOs, Security Team Leads, and Security Engineers.

Description
Our approach to culture, automation, and platform design integrates security as a shared responsibility throughout the entire IT life cycle. Our curriculum integrates automated Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Container Scanning, Penetration Testing, and systematic logging evaluate scanning results. Our training program teaches your team the necessary skills for implementing "shift-left" development processes. These skills, along with industry-recognized certifications and executive dashboards to monitor program progress, will help keep your assets safe. The proposed course is supported by industry recognized certificates from Veracode. At this time, there is only one research paper that describes a DevSecOps program which incorporates humanistic management principles and automated security by Shripad Nadgowda. We have developed a system that not only leverages state-of-the-art security tools, but can provide an automated system that ensures accountability and open communication amongst teams. The Net Forward Energy Ratio (NeFER) strategy principle provides a systematic process of questions that encourages individuals to take accountability for their work and encourages them to take steps in a forward direction as outlined by Bob Moore. The ideal client for this training program is a Security Engineer who works for a midsize corporation with roughly 40-50 employees.We plan to offer the best training coupled with state of the art technology and research based management practices. The target audience for this training program fall into three categories they are either a CISO, Security Team Lead, or a Security Engineer.
Overview

Section 1: Veracode

Lecture 1 Introduction to Veracode

Lecture 2 Security Champion

Lecture 3 Dynamic Analysis

Lecture 4 Understanding Dashboards

Lecture 5 Custom Dashboard Filters

Lecture 6 Customize Visualizations

Lecture 7 Save and Share Dashboards

Lecture 8 Software Composition Analysis

Lecture 9 Static Analysis

Lecture 10 Security Report

Lecture 11 Knowledge Check

Section 2: Penetration Testing

Lecture 12 Getting Started with Burp Suite

Lecture 13 Burp Proxy

Lecture 14 Burp Repeater

Lecture 15 Burp Intruder

Lecture 16 Burp Collaborator Client

Lecture 17 Burp Scanner and Summary

Section 3: Monitoring

Lecture 18 Elastic SIEM

Lecture 19 Getting Started

Lecture 20 Filebeat

Lecture 21 Filebeat AWS Module and Summary

Section 4: Center For Internet Security (CIS) Benchmark

Lecture 22 CIS Foundations Benchmark AWS IAM

Lecture 23 Storage

Lecture 24 Logging

Lecture 25 Monitoring

Lecture 26 Networking and Summary

Lecture 27 AWS IAM

Lecture 28 AWS SNS

Lecture 29 AWS S3

Lecture 30 AWS Config

Lecture 31 AWS CloudTrail

Lecture 32 AWS CloudWatch

Lecture 33 AWS CloudWatch Metrics

Lecture 34 AWS KMS

Lecture 35 Amazon SQS

Lecture 36 AWS VPC

Lecture 37 AWS Organizations

Section 5: Automated Build Scanning with Xray

Lecture 38 JFROG Xray

The purpose of this curriculum is to teach security engineering fundamentals. The concepts covered will enable individuals to be able to work independently. After establishing the processes described in the table of contents a security engineer will be able to manage the fundamental aspects of security for a company and influence organizational change. The typical timeframe for implementation is 3 months.