DevSecOps Resources and Training

tedjames

Can anybody recommend any good resources and training for learning about DevSecOps? I've read most of what Tanya Janca has written. I also know about https://devsecops.org/

I also found this recently, which is very good: https://techbeacon.com/devops/3-ways-qa-pros-can-lead-quality-driven-development-devsecops-world 

Would love to find some actual training.

LonerVamp

I don't know of any training, but you could get training on the various pieces of devsecops, like Puppet specifically or the Atlassian stack.

For Sec, often this can be twisted into the term Secure SDLC and the components shoved into there. I believe Tanya has an ongoing series of posts on Medium about the S-SDLC. You can also then look into something like ISC2's CSSLP cert and any materials around it.

It sort of depends where you're coming into this from, the dev, the sec, or the ops, and which you'll be responsible for.

tedjames

Thanks for the info! I'm coming from the security side. At this point, I'm working with developers to ensure that they write code securely and follow SDLC. I have no real training or experience other than the knowledge I've gained on my own. Where I work, there's not a whole lot of money for training, so I have taken the initiative to learn on my own. It's better this way, actually, because I can create my own training plan and set my own goals.

scasc

https://www.practical-devsecops.com/

Check this out. Heard good things from ppl as it’s pretty interesting with hardcore 24 hour exam around practical concepts. 

tedjames

Thanks for the tip!