DevSecOps Coaching

duration
1 to 2 Days

Category
Defensive

where
In-house or remote
language
German or English

Hands-on AppSec-Pipeline

This fully packed hands-on coaching workshop gives insight into automation capabilities of security scans, which perfectly fit into many build pipelines. Taking into account frontends (Web) as well as backends (APIs), you will learn which steps of a security analysis can be automated – and how.

By focusing on open-source solutions, you will get a tool arsenal with different automation options ready to test your application’s security on every build. During this workshop we will enhance a typical CI/CD pipeline (every attendee will have an individual server in the cloud ready to use with multiple levels of tool integrations) step by step into a full-fledged awesome DevSecOps AppSecPipeline!

All exercises are executed against an attendee-individual training environment, which I prepare and individually spawn for each attendee in my cloud.

Individual Coaching vs. Workshop

I started conducting this training as a workshop, which used my individually prepared training application as test candidate, applying SAST and DAST scans (along with false-positive handling), as part of a Jenkins-based CI/CD build-pipeline. That way I was able to create a blueprint AppSec-Pipeline architecture as part of a great hands-on training.

But sometimes customers have other kinds of CI/CD setups or just want, as part of an in-house training, the whole concept directly applied to their individual real applications. Therefore I’ve shifted this workshop’s content a bit, so that it either still uses my blueprint setup with my training application, or (for the more individual customers) it takes your CI/CD infrastructure and your existing applications into account. With this kind of customization your attending team not only learns the generic concepts of a working DevSecOps solution, but also has this setup built up and running with your individual CI/CD piepline and applications.

Questions about this individual DevSecOps coaching? Let’s talk

What attendees will receive

All my trainings can be held in German (native speaker) or English (business fluent).

Attendees receive the following along with my training:

  • Access to cloud-based training environments (individually spawned for each attendee).
  • All slides and workshop material as a set of PDFs.
  • Lifetime access to GitHub and DockerHub repos with my training environments in order to recap all exercises with a working setup (including freshly added stuff in the future).
  • Support via mail for setup and exercise handling afterwards.
  • Printed and signed Certificate of Attendance listing the training contents (in German or English depending on the training language chosen).

Training Certificates

Different Options

As always in life, there is no one-fits-all solution. So regarding the concrete setup and execution of my trainings and workshops, you have different options and variants to choose from.

Fully customizable training agenda

In case you want certain aspects of your technology stack or specific internal process or tools covered during the training: Let’s talk

The training agenda can be customized to your needs, resulting in an individual setup and content.

On-site or Remote? – Choice is yours!

My trainings and workshops can be executed on-site (either directly at your office or at one of my training sites) as well as fully remote for home-office workers. Even hybrid variants are possible, where some remote-only workers can join online, while I execute the training on-site for the majority of the attendees.

I’ve already conducted numerous online-based variants of my trainings, even for bigger audience groups. In case you prefer an online-based variant, I can either use your corporate conferencing system to make it as seamless as possible for the attendees. Or you can access the conferencing solution that I prefer (after having tested many I’ve a nice excellent working solution ready) including live-editing of shared whiteboards for workshop exercises.

Either way, attendees just need a browser as nothing needs to be installed locally, since my training runs with attendee-individual environments in my cloud.

Alternative option: Professional training recording

In case you would like to have a customized version for your company recorded as a set of chapters and lessons for your in-house video-based electronic learning platform: Let’s talk

I can record a customized training session (without attendees) and provide you with professionally cut chapters exported as SCORM, MPEG, and other formats. This package includes digital training slides and the runnable training environment for local offline training.

That way several companies have successfully enriched their own internal video-based training offers with my hands-on security workshops imported into their own electronic learning platforms.

Professional Recording

Testimonials

What Customers Are Saying

Ein tolles Seminar. Inhalte und Methodik bitte unverändert lassen!

Training Attendee

Auf diesem Wege noch einmal Feedback zu den vergangenen drei Tagen: Die Schulung entsprach absolut meinen Vorstellungen. Die Themen die behandelt wurden sowie die Mischung zwischen praktischen und theoretischen Teilen waren absolut passend. Da merkt man deine jahrelange Erfahrung.

Training Attendee

Fachlich sehr fit, ist sehr gut auf Rückfragen eingegangen.

Training Attendee

Thank you very much for your training! It was very interesting and bit too short though for such a pile of knowledge :-) People of the team have learnt a lot and talk positively about it.

Training Attendee

Fachlich sehr gut — sehr gute Präsentation

Training Attendee

Insiderwissen aus dem Security-Pentesting Bereich wurde echt gut vermittelt. Fachlich in der Thematik sehr breit und top aufgestellt. Er ist speziell eingegangen auf die bei uns eingesetzten Technologien. Trainer ist fachlich, didaktisch und persönlich spitze. Geht gut auf Fragen ein. Guter Aufbau der Fortbildung.

Training Attendee

Sehr intensives Seminar, sehr gut und klar dargestellt!

Training Attendee

Hervorragende Beispiel-Anwendungen. Dozent kann sehr gut erklären.

Training Attendee

Sehr hohe Fachkompetenz! Didaktisch sehr gut. Interessant mit vielen praktischen Übungen. Ein vermeintlich “trockenes”, aber sehr wichtiges Thema, wurde sehr gut transportiert und weitervermittelt.

Training Attendee

Sehr interessant, sehr praxisnah, kurzweilig & auf alles eine Antwort ;)

Training Attendee

Die Teilnehmer waren von der Schulung begeistert, kaum eine Umfrage fällt so gut aus! Wir freuen uns, dass die Rückmeldungen so positiv ausgefallen sind und die Teilnehmer sich derart für das Thema begeistern konnten! Wir hoffen sehr, dass wir in Zukunft noch mal (und hoffentlich oft) die Gelegenheit haben werden zusammenzuarbeiten!

Training Company

Es wurde auf sehr viele Themen hingewiesen, die mir neu waren und für meine Arbeit wichtig sind.

Training Attendee

Vielen Dank nochmal für den sehr sehr guten Workshop heute. Ich wollte nochmal ein großes Lob zu deinen Vorträgen und deinem Workshop aussprechen, wirklich sehr gelungen! Man möchte einfach damit loslegen und es selbst ausprobieren. Einfach klasse!

Training Attendee

Die Fortbildung war absolut klasse. Ich habe mittlerweile fast 10 Jahre Berufserfahrung und in all den Jahren ist die Fortbildung eine der besten gewesen, die ich absolvieren konnte.

Training Attendee

Jeder Entwickler sollte die Schulung mal gehabt haben.

Training Attendee

Ich möchte mich nochmals für das spannende Training von letzter Woche bedanken. Die vermittelten Inhalte waren sehr gut aufbereitet und das Training ergab ein gut geschnürtes Paket.

Training Attendee

Dein Workshop bei uns hat Wirkung gezeigt: Viele Teilnehmer haben versucht, in ihren Projekten Schwachstellen zu finden, auch mit Erfolg.

Training Attendee

Vielen Dank noch einmal für das hervorragende Intensivtraining diese Woche.

Training Attendee

Erst noch einmal recht herzlichen Dank für die 3 sehr inspirierenden Tage. Deinen Vortrag empfand ich sowohl didaktisch als auch inhaltlich sehr, sehr gut. Die vielen Workshop-Übungen haben zudem viel zum besseren Grundverständnis der Theorie beigetragen.

Training Attendee