Orange Cyberdefense SensePost will be launching a new information security training course aimed at enriching software developers with security thinking. The SecDevOps course has been developed by penetration testers who test the security of applications, IT environments, CI/CD pipelines and often review source code for development houses.
The training has been designed to teach software developers how to integrate security seamlessly into their existing software development life cycles – whether that be following Agile or traditional Waterfall models.
Scheduled to take place virtually for the first time this September, the course addresses a growing industry need: to ensure security is embedded throughout the development life cycle and not as a last-minute add-on just to tick a box or pass an audit. It will be taught over two days 16-17 September and is open to both enterprises and the public to register.
Orange Cyberdefense training co-ordinator, Darryn Cull, says this course delivers a comprehensive introduction to SecDevOps, spanning core security principles and best practices through to the most up-to-date tools and technologies.
“This course is not intended to teach developers how to write secure code, but rather to help them ingrain security guardrails into their day-to-day workflows or broader CI/CD processes. It is ideal for developers or security analysts and IT specialists wanting to gain entry into the SecDevOps sphere,” he explains.
Cull says security can no longer wait until the final stages of development. “With SecDevOps, developers will learn how to embed automated security checks into each sprint, reducing last-minute fire drills and ensuring safer, more reliable software from day one.”
Over the course of 16 instructor-led hours, participants will explore both theoretical content and practical applications of key concepts in a secure lab environment. Attendees will work through 10 core modules, ranging from threat modelling with STRIDE to gaining exposure to key security tools that could be integrated into new or existing CI/CD pipelines.
They will also complete more than a dozen hands-on exercises using industry-standard tools and gain knowledge of common security-based methodologies.
The curriculum’s 40/60 split between conceptual overview and practical exercises ensures attendees not only understand how security can be integrated into their development efforts, but gain exposure to tooling that could immediately aid them.
The SecDevOps course is ideal for development houses and in-house teams frustrated by monolithic, five-day security assessments at the end of projects. It empowers participants to integrate their own security checks into weekly or monthly sprints, making security a continuous part of the development cycle.
He stresses that the training is explicitly tailored for software developers and pipeline maintainers in their early DevOps transition. "Non-technical personnel like security managers and IT managers are advised to seek alternative offerings."
In addition to expert guidance from active penetration testers and security analysts, each attendee will receive an isolated lab environment in which a CI/CD pipeline with security guardrails has already been established.
By submitting source code with known vulnerabilities into the pipeline, the attendees will be able to experience and explore the workings of the security guardrails. Not to mention, gain insight into what the guardrails are doing and why they exist.
“Through practical exposure to secure coding techniques and automated security tooling, attendees will be equipped to identify and address security issues earlier and quickly in their code bases – streamlining their development processes and strengthening the overall security posture,” he concludes.
Registration for this course is currently open. Prospective participants must bring a laptop running Chrome or Firefox, have basic familiarity with Linux or Windows command-line interfaces, have some development experience with .NET or equivalents, and arrange access to Zoom or Microsoft Teams. A Discord account will be used for course collaboration and resources.
To register or learn more, access the brochure here or e-mail training@orangecyberdefence.com
Share
Orange Cyberdefense
Orange Cyberdefense is the expert cybersecurity business unit of the Orange Group, providing managed security services, security assessments, IT security advisory services and hacking training to organisations around the globe.
Originally called SensePost, Orange Cyberdefense South Africa was founded in 2000 and is headquartered in Pretoria.
We believe strongly that technology alone is not a solution. We help our customers achieve superior security outcomes via our 3000+ security professionals, partnerships with top-tier vendors, threat intelligence and in-house R&D including a CERT and Epidemiology Lab.
We are proud of our high-end security research unit, thanks to which we regularly publish white papers, articles and tools on cybersecurity. Our research is widely recognised and used throughout the industry, including conferences such as Infosec, RSA Conference, BlackHat and DEFCON.