What you'll learn:
- DevSecOps tooling e.g. SAST, DAST, SCA, CNAPP, Git explained
- How to add security testing to pipelines - turn a DevOps pipeline into a DevSecOps pipeline
- Key security principles explained such as defence in depth and least privilege
- YAML explained and how to use it in CI/CD pipelines
- What is OWASP and key OWASP projects explained such as OWASP Top 10 and ASVS
- Other key security related organisations and projects such as CISA, CVEs and CIS benchmarks
- Linux security fundamentals explained
- What you need to focus on to enable security testing in CI/CD pipelines
- Docker explained. How to use, build and secure Docker containers
- Kubernetes (k8s) explained. How to use and secure your Kubernetes cluster
- Terraform explained. How to use and secure your Terraform code
- How to secure your third party dependencies (and what they are)
- Jenkins explained. How to use and secure your Jenkins instances
- And much more e.g. how to secure TLS, SSH, HTTP headers and more!
Curious about DevSecOps?Want to learn all about DevSecOps? This is the course for you. This course will cover everything you need know to get started and be successful in DevSecOps.
Why This Course Is Different:
Real-World Learning: Follow along with hands-on demos around actual apps—no stale theory here.
Fast & Focused: This course won't take you weeks to finish. Learn what you need to know to get started. Quickly.
Lab-Ready Assets: Downloadable source code, YAML etc. so you can practice in your own environment.
Tool-Agnostic: The core security principles and techniques apply to any CI/CD platform.
Expert-Driven Content: Learn directly from a Principal Security Engineer with nearly 20 years experience—these are lessons learned in the field, not just theory.
By the end of this course, you will:
Launch Your DevSecOps Journey: Grasp what DevSecOps is, why it matters, and how to get started on Day 1. Transform any DevOps pipeline into a secure, automated DevSecOps workflow (complete YAML examples included).
Command Core Security Principles: Apply CIA triad, defence-in-depth, least-privilege across Linux, Docker & Kubernetes; harden SSH, sudo, file perms, updates and more.
Master Industry-Leading Tools: Scan and secure code with SAST, DAST, SCA, CNAPP & Git; build, scan and lock down containers in Docker; deploy and protect Kubernetes clusters with real-world demos and best-practice recommendations.
Automate & Enforce Security at Scale: Implement Terraform and Jenkins securely—learn infrastructure-as-code and CI/CD pipeline hardening side by side.
Understand Pen Tests & VAs: Grasp the methodology behind penetration testing and vulnerability assessments, and see how they integrate into your DevSecOps lifecycle. Interpret and prioritise findings using CVSS, EPSS scores
Understand the Cybersecurity Ecosystem: Leverage OWASP (Top 10, ZAP, ASVS), CIS Benchmarks, CISA advisories and key open-source projects; identify and remediate common web-application security issues as you build.
What’s Inside:
Downloadable Labs & Source Code to follow along on your local machine
Hands-On Demos & walkthrough videos for each tool, plus ready-to-use YAML configurations
End-of-Module Quizzes to reinforce your learning and track progress
Links to every tool, organization and project we cover
Ready to Secure Your Pipeline?
Enroll now and start building your DevSecOps expertise—no fluff, just field-tested best practices.
