Length: 3 Days
Print Friendly, PDF & Email

DevSecOps Workshop, DevSecOps for DoD Professionals

DevSecOps Workshop, DevSecOps for DoD Professionals training workshop will help you master the art and science of improving the development and operational activities of your entire DoD team. You will build expertise  in continuous deployment, using configuration management tools such as Puppet, SaltStack, Ansible, and more. DoD Enterprise DevOps and DevSecOps, Department of Defense (DoD) focuses on DOD needs DevOps to accelerate IT service delivery.

DoD’s legacy software acquisition and development practices and processes do not provide the agility to deploy new software “at the speed of operations”. In addition, security is often an afterthought, not built in from the beginning of the lifecycle of the application and underlying infrastructure. DevOps and DevSecOps are the industry best practice for rapid, secure software development.

DevSecOps is an organizational software engineering culture and practice that aims at unifying software development (Dev), security (Sec) and operations (Ops). The main characteristic of DevSecOps is to automate, monitor, and apply security at all phases of the software lifecycle: plan, develop, build, test, release, deliver, deploy, operate, and monitor. In DevSecOps, testing and security are shifted to the left through automated unit, functional, integration, and security testing – this is a key DevSecOps differentiator since security and functional capabilities are tested and built simultaneously.
The benefits of adopting DevSecOps include:

  • Reduced mean-time to production: the average time it takes from when new software
    features are required until they are running in production;
  • Increased deployment frequency: how often a new release can be deployed into the
    production environment;
  • Fully automated risk characterization, monitoring, and mitigation across the application
    lifecycle;
  • Software updates and patching at “the speed of operations”

The course covers DoD Enterprise DevSecOps Reference Design descring the DevSecOps lifecycle, supporting pillars, and DevSecOps ecosystem; lists the tools and activities for DevSecOps software factory and ecosystem; introduces the DoD enterprise DevSecOps container service that provides hardened DevSecOps tools and deployment templates to the program application DevSecOps teams to select; and showcases a sampling of software factory reference designs and application security operations.

DoD Enterprise DevSecOps Reference Design provides implementation and operational guidance to Information Technology (IT) capability providers, IT capability consumers, application teams, and Authorizing Officials.

Participants will enhance their knowledge and skills in the DevOps field via a comprehensive curriculum covering the concepts of DevOps, Git and GitHub, CI/CD with Jenkins, configuration management, Docker, Kubernetes, and many others. You will learn the benefits of adopting DevOps include:

  • Reduced mean-time to production
  • Reducing the average time it takes from when new software features are required until they are running in production;
  • Increased deployment frequency
  • New software releases can be deployed into the production environment more frequently;
  • Apply fully automated risk characterization, monitoring, and mitigation across the application lifecycle;
  • Software updates and patching at “the speed of operations”

WHO SHOULD ATTEND

DevSecOps Workshop, DevSecOps for DoD Professionals is designed for DoD and contractors who wants to gain knowledge of how to participate and use an effective and systematic approach to manage and complete DevOps projects, from engineers to program and project managers, and more:

  • Developers
  • Application Team
  • Software Engineers, Managers and Directors
  • IT Executives
  • Operations Managers
  • QA and Test Engineers and  Managers
  • Project Managers
  • Release and Configuration Managers
  • ScrumMasters

HOW YOU WILL BENEFIT

  • Learn how to build DevOps skills to meet the needs of your teams.
  • Increase your knowledge and skills in
  • DevOps Methodology
  • Increase the productivity of yourself and your team to gain a competitive edge by applying Continuous Integration and Continuous Delivery (CI/CD)
  • Establish and deepen knowledge on Configuration Management and Containerization
  • Learn about Github, Chef, Jenkins, ChefSpec, Inspec, Test Kitchen, Groovy, Maven, and JFrog Artifactory
  • Learn about DevOps on Cloud, Source Control, Deployment Automation and Cloud Platforms

Course Content

Introduction to DevSecOps

  • Background and Purpose of DevOps
  • DevOps Foundations
  • DevOps Key Concepts and Key Terms
  • Why DevOps?
  • DevOps Delivery Pipeline
  • DevOps Ecosystem
  • DevSecOps Ecosystem Reference Designs
  • Containerized Software Factory
  • Hosting Environment.
  • Serverless Support
  • DoD Applications
  • DevOps and Culture
  • DevOps Processes
  • Continuous Integration and Delivery
  • DevOps Tools

DoD DevSecOps Conceptual Model

  • DevOps Lifecycle
  • DevOps Pillars
  • Organization 20
  • Process
  • Technology
  • Governance
  • Management Structure

DoD DevSecOps Ecosystem

  • Planning
  • Software Factory
  • Operations
  • External Systems
  • DevOps on Cloud

DevSecOps Tools and Activities

  • Planning Tools and Activities
  • Software Factory Tools and Activities
  • CI/CD Orchestrator
  • Develop
  • Build
  • Test
  • Release and Deliver
  • Production Operation Tools and Activities
  • Deploy
  • Virtual Machine deployment
  • Container deployment
  • Operate
  • Monitor
  • Security Tools and Activities
  • Configuration Management Tools and Activities
  • Database Management Tools and Activities

DevSecOps Implementation

  • Implementing a CI/CD Pipeline
  • Continuous Integration and Continuous Deployment
  • Version Control with Git
  • Git and Source Control Management
  • Terraform for Infrastructure control (optional with 5-day delivery)
  • Chef and Configuration Management
  • Inspec for Cookbook Testing
  • Jenkins and Continuous Integration
  • Docker for Containerization (optional for 4-day delivery)
  • Terraform for Infrastructure Automation
  • Git, Jenkins, and Maven Integration
  • Continuous Integration with Jenkins
  • Continuous Testing using Selenium
  • Continuous Deployment: Containerization with Docker
  • Containerization with Docker
  • Continuous Deployment: Configuration Management with Puppet
  • Configuration Management using Ansible
  • Containerization with Kubernetes
  • Continuous Monitoring with Nagios

DoD Enterprise DevSecOps Container Service 

  • DoD Enterprise DevSecOps Container Factory
  • DoD Hardened Containers
  • Container Hardening Process
  • Select the Container Base Image
  • Harden the Container
  • Store the Hardened Container
  • Documentation
  • Continuous Engineering
  • Cybersecurity
  • DoD Centralized Artifact Repository
  • DevSecOps Ecosystem Reference Designs
  • Containerized Software Factory
  • Hosting Environment
  • Container Orchestration
  • Software Factory Using Hardened Containers
  • DoD Applications
  • Software Factory using Cloud DevSecOps Services
  • Serverless Support
  • Application Security Operations
  • Continuous Deployment
  • Continuous Operation
  • Continuous Monitoring
  • Sidecar Container Security Stack

Overview of DevOps and DevSecOps Product Stack

  • Source Repository
  • Container Management technologies
  • API Gateways
  • Networking
  • Artifacts
  • Programming Languages
  • Databases
  • Message bus/Streams
  • Proxy
  • Visualization
  • Logs
  • Webservers
  • Cloud storage
  • Docker base images OS
  • Helm charts
  • Serverless
  • Message bus/Streams
  • Proxy
  • Visualization
  • Logs
  • Webservers
  • Cloud storage
  • Docker base images OS
  • Helm charts
  • Serverless
  • Build
  • Tests suite
  • Test coverage
  • CI/CD Orchestration
  • Jenkins plugins
  • Configuration Management / Delivery
  • Security
  • Monitoring
  • Scale
  • Collaboration
  • Plan
  • Secrets
  • Modeling
  • Documentation
  • Agents
  • Performance

 

Request More Information

Please enter contact information followed by your questions, comments and/or request(s):
  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.