The SANS SEC540 DevSecOps training course prepares security professionals to secure cloud-native and DevOps environments by implementing security controls in automated pipelines. It addresses challenges like insecure CI/CD pipelines, misconfigurations, and Kubernetes vulnerabilities while providing hands-on labs to develop practical skills. The course equips students with a DevSecOps mindset to enhance cloud infrastructure security and resilience.
Secure Your Systems at Cloud Native Speed
Common security challenges for organizations struggling with DevOps culture include issues such as:- Malicious code, credential theft, and compromised extensions from improperly protected continuous integration and delivery pipelines.
- Unenforced peer code reviews and security approvals that do not meet change approval and audit requirements.
- False positives, noise, and build failures from incorrectly automated security scanners.
- Configuration drift between environments, resource misconfigurations, and public data exposure from insufficiently managed cloud infrastructure.
- Failure to standardize golden virtual machine and container base images across the organization.
- Ignoring software supply chain vulnerabilities inherited from malicious libraries, third-party software, and compromised build artifacts.
- Granting too many permissions to Kubernetes clusters and workloads running inside them.
- Operating Kubernetes services without policies that prevent lateral movement between workloads and centrally and monitoring cluster activity.
- Lacking inventory and visibility between microservices and serverless systems.
- Failing to release patches and close vulnerability windows due to code freezes and failed deployments.
- Inability to consolidate, verify, and enforce policy for pipelines and workloads running across the organization.
Hands-On DevSecOps Automation Training
- 35 Unique, Immersive, Hands-On Labs
- 3 CI/CD security labs
- 16 Kubernetes and cloud native security labs running in AWS
- 16 Kubernetes and cloud native security labs running in Microsoft Azure
CloudWars Bonus Challenges
SEC540 training goes well beyond traditional lectures and immerses students in hands-on application of techniques during each section of the course. Each lab includes a step-by-step guide to learning and applying hands-on techniques, as well as a "no hints" approach for students who want to stretch their skills and see how far they can get without following the guide. This allows students, regardless of background, to choose the level of difficulty they feel is best suited for them -- always with a frustration-free fallback path. Immersive hand-on labs ensure that students not only understand theory, but how to configure and implement each security control.The SEC540 lab environment simulates a real-world DevOps environment, with more than 10 automated pipelines responsible for building DevOps container images, cloud infrastructure, automating gold image creation, orchestrating Kubernetes workloads, deploying serverless functions, executing security and audit scans, and enforcing compliance standards. Students are challenged to sharpen their technical skills and automate more than 20 security-focused challenges using a variety of command line tools, programming languages, and markup templates.
The SEC540 course labs come in both AWS and Azure versions. Students will choose one cloud provider at the beginning of class to use for the duration of the course. Both options leverage Terraform for Infrastructure as Code (IaC) and the cloud provider's managed Kubernetes for container orchestration. Students are welcome to do labs for the alternate cloud provider on their own time once they finish the first set of labs.
For students who want an extra challenge, 2 hours of CloudWars Bonus Challenges are available during extended hours each day. These CloudWars challenges provide additional opportunities for hands-on experience with the cloud and DevOps toolchain.
- Section 1: Attacking the DevOps Toolchain, Version Control Security, Automating Code Analysis, Protecting Secrets with Vault, CloudWars (Section 1): Cloud Native & DevSecOps Automation Bonus Challenges
- Section 2: Infrastructure as Code Network Hardening, Gold Image Creation, Container Image Hardening, Container Supply Chain Security, CloudWars (Section 2): Cloud Native & DevSecOps Automation Bonus Challenges
- Section 3: Container Registry Security, Kubernetes Role-Based Access Control (RBAC), Kubernetes Workload Identity, Kubernetes Admission Control, CloudWars (Section 3): Cloud & DevOps Bonus Challenges
- Section 4: Microservice Security, Serverless Security, Kubernetes Blue / Green Deployment, OpenTelemetry Observability, CloudWars (Section 4): Cloud Native & DevSecOps Automation Bonus Challenges
- Section 5: Cloud and Kubernetes Compliance, Vulnerability Aggregation and Correlation, Automated Remediation, CloudWars (Section 5): Cloud Native & DevSecOps Automation Bonus Challenges
Syllabus Summary
- Section 1: Attacking and Hardening the DevOps Toolchain
- Section 2: Securing Cloud Infrastructure, Container Images, and the Software Supply Chain
- Section 3: Securing Container Registries and Kubernetes
- Section 4: Securing Microservices, Serverless, and Observability
- Section 5: Automating Compliance, Policy, and Remediation
Author Statement
"DevOps, cloud, Kubernetes, and cloud native tools are radically changing the way that organizations design, build, deploy, and operate online systems. Leaders like Amazon, Netflix, Microsoft, and Google deploy hundreds or even thousands of changes every day, continuously learning, improving, and growing - and leaving their competitors far behind. With DevSecOps moving from Internet 'Unicorns' and cloud providers into the enterprise, it is more important than ever for security teams to understand how these systems work."Traditional approaches to security can't come close to keeping up with this rate of accelerated change. Engineering and operations teams that have broken down the 'walls of confusion' in their organizations are increasingly leveraging new kinds of automation, including Infrastructure as Code, Continuous Delivery and Continuous Deployment, Kubernetes, microservices, containers, and cloud native services. The question is: How can security take advantage of these tools and automation to better secure its systems?
"Security must be reinvented in a DevOps and cloud native world."
What You’ll Learn
- Understand DevOps principles for secure workflows
- Integrate security scanning into CI/CD pipelines
- Manage secrets and automate infrastructure with IaC
- Harden and monitor containers and Kubernetes
- Secure software supply chain with SBOMs and artifact signing
- Automate compliance with policy guardrails and remediation
Business Takeaways
- Build a security team skilled in cloud-native security and DevSecOps
- Collaborate with DevOps to integrate security early in development
- Utilize cloud-native services for deployment, hardening, and monitoring
- Prepare for container and Kubernetes migrations with adaptability
- Enhance security with cloud monitoring and automated threat response
- Implement centralized audit pipelines and compliance-as-code
![Certified Exploit Development Professional [CEDP]](/data/resource_icons/0/128.jpg?1753658993){kind=icon}
