Realising DevSecOps Outcomes• Origins of DevOps• Evolution of DevSecOps• CALMS• The Three WaysDefining the Cyberthreat Landscape• What is the Cyber Threat Landscape?• What is the threat?• What do we protect from?• What do we protect, and why?• How do I talk to security?Building a Responsive DevSecOps Model• Demonstrate Model• Technical, business and human outcomes• What’s being measured? • Gating and thresholdingIntegrating DevSecOps Stakeholders• The DevSecOps State of Mind• The DevSecOps Stakeholders• What’s at stake for who?• Participating in the DevSecOps modelEstablishing DevSecOps Best Practices• Start where you are• Integrating people, process and technology and governance• DevSecOps operating model• Communication practices and boundaries• Focusing on outcomes Best Practices to get Started• The Three Ways• Identifying target states• Value stream-centric thinkingDevOps Pipelines and Continuous Compliance• The goal of a DevOps pipeline• Why continuous compliance is important• Archetypes and reference architectures• Coordinating DevOps Pipeline construction• DevSecOps tool categories, types and examplesLearning Using Outcomes• Security Training Options• Training as Policy• Experiential Learning• Cross-Skilling• The DevSecOps Collective Body of Knowledge.

On completion of this course, the following learning outcomes will be achieved:The purpose, benefits, concepts, and vocabulary of DevSecOpsHow DevOps security practices differ from other security approachesBusiness-driven security strategiesUnderstanding and applying data and security sciencesThe use and benefits of Red and Blue TeamsIntegrating security into Continuous Delivery workflowsHow DevSecOps roles fit with a DevOps culture and organisation.

The target audience for this course are professionals involved in DevSecOps, such as:Anyone involved or interested in learning about DevSecOps strategies and automationAnyone involved in Continuous Delivery toolchain architecturesCompliance TeamDelivery StaffDevOps EngineersBusiness ManagersIT Security Professionals, Practitioners and ManagersMaintenance and support staffManaged Service ProvidersProject & Product ManagersQuality Assurance TeamsRelease ManagersScrum MastersSite Reliability EngineersSoftware EngineersTesters.

Course ID:

TGS-2023018890

Course duration:

3 days, 9am – 6pm

We offer flexible learning options (online, instructor-led, hybrid) to fit your learning style

Certifications

Meet your Trainers

Lionel Seaw

Principal Consultant Sapience Consulting

Lionel Seaw

Principal Consultant Sapience Consulting

DevSecOps Foundation

Synopsis

As companies are pushing code faster and more often than ever, the rate of vulnerabilities in our systems is accelerating. As we are being asked to do more with less, DevOps has shown immense value to business and security as an integral component that needs to be integrated into the strategy.

Topics covered in the course include how DevSecOps provides the business value of DevOps and the ability DevOps has to enable the business and support an organisational transformation with the ultimate goal of increasing productivity, reducing risk, and optimising cost in the organisation.

This course explains how DevOps security practices differ from other security approaches and provides the education needed to understand and apply data and security sciences. Participants learn the purpose, benefits, concepts, and vocabulary of DevSecOps; particularly how DevSecOps roles fit with a DevOps culture and organisation. At the end of this course, participants will understand using “security as code” with the intent of making security and compliance consumable as a service.

The course is designed to teach practical steps on how to integrate security programs into DevOps practices and highlights how professionals can use data and security science as the primary means of protecting the organisation and customer.

Outlines

Realising DevSecOps Outcomes
• Origins of DevOps
• Evolution of DevSecOps
• CALMS
• The Three Ways
Defining the Cyberthreat Landscape
• What is the Cyber Threat Landscape?
• What is the threat?
• What do we protect from?
• What do we protect, and why?
• How do I talk to security?
Building a Responsive DevSecOps Model
• Demonstrate Model
• Technical, business and human outcomes
• What’s being measured?
• Gating and thresholding
Integrating DevSecOps Stakeholders
• The DevSecOps State of Mind
• The DevSecOps Stakeholders
• What’s at stake for who?
• Participating in the DevSecOps model
Establishing DevSecOps Best Practices
• Start where you are
• Integrating people, process and technology and governance
• DevSecOps operating model
• Communication practices and boundaries
• Focusing on outcomes
Best Practices to get Started
• The Three Ways
• Identifying target states
• Value stream-centric thinking
DevOps Pipelines and Continuous Compliance
• The goal of a DevOps pipeline
• Why continuous compliance is important
• Archetypes and reference architectures
• Coordinating DevOps Pipeline construction
• DevSecOps tool categories, types and examples
Learning Using Outcomes
• Security Training Options
• Training as Policy
• Experiential Learning
• Cross-Skilling
• The DevSecOps Collective Body of Knowledge.

Objectives

On completion of this course, the following learning outcomes will be achieved:

The purpose, benefits, concepts, and vocabulary of DevSecOps
How DevOps security practices differ from other security approaches
Business-driven security strategies
Understanding and applying data and security sciences
The use and benefits of Red and Blue Teams
Integrating security into Continuous Delivery workflows
How DevSecOps roles fit with a DevOps culture and organisation.

Audiences

The target audience for this course are professionals involved in DevSecOps, such as:

Anyone involved or interested in learning about DevSecOps strategies and automation
Anyone involved in Continuous Delivery toolchain architectures
Compliance Team
Delivery Staff
DevOps Engineers
Business Managers
IT Security Professionals, Practitioners and Managers
Maintenance and support staff
Managed Service Providers
Project & Product Managers
Quality Assurance Teams
Release Managers
Scrum Masters
Site Reliability Engineers
Software Engineers
Testers.

Certification and Exam Info

Participants who successfully complete the course and pass the examination will be recognized as DevSecOps Foundation (DSOF) certified which issued and governed by DevOps Institute. Delegates who do not attain a passing score for the examination would be awarded a course attendance certificate only.

EXAMINATION FORMAT

40 Multiple Choice
1 mark per correct answer
26 marks required to pass (out of 40 available) – 65%
Sixty minutes duration
Web-based open-book examination.

Pre-requisites

There are no prerequisites to attending the DevSecOps Foundation course or sitting the certification examination. Familiarity with DevOps definitions and principles are essential.

Funding Available

SSG Funding

Please visit our SkillsFuture Singapore (SSG) Funding page for full details.

Terms and conditions apply.

PSEA Funding

Please visit our IBF STS programme page for full details. PSEA page for more info.

Terms and conditions apply.

SkillsFuture Credit

Please visit our SkillsFuture Credit page for full details.

Terms and conditions apply.

Supported by UTAP

NTUC members can use the Union Training Assistance Programme (UTAP) to partially cover the cost of their training.
Visit our UTAP page for more info.

Terms and conditions apply.

Schedule

03/24/2026 03/26/2026