Curriculum
- 17 Sections
- 68 Lessons
- 10 Weeks
Expand all sectionsCollapse all sections
- PHASE 0: FOUNDATIONAL PREREQUISITE SKILLS (Weeks 1-2)Goal: Bridge knowledge gaps and ensure all students start Phase 1 with essential technical skills0
- Week 1: Linux & Command Line Mastery5
- 2.1Module 0.1: Linux Fundamentals & Distributions (Ubuntu, CentOS)
- 2.2Module 0.2: File System Navigation & Permissions (chmod, chown, ACLs)
- 2.3Module 0.3: Process Management & System Monitoring (ps, top, htop)
- 2.4Module 0.4: Networking Commands (netstat, ss, curl, wget, iptables basics)
- 2.5Module 0.5: Text Processing (grep, sed, awk, cut) & Shell Scripting Basics
- Hands-on Lab:0
- Week 2: Programming & Networking Fundamentals6
- 4.1Module 0.6: Python for Security Automation (Syntax, Data Types, Loops, Functions)
- 4.2Module 0.7: Working with APIs & JSON/XML Parsing
- 4.3Module 0.8: Web Fundamentals (HTTP/S, REST APIs, Headers, Cookies)
- 4.4Module 0.9: Networking Concepts (OSI Model, TCP/IP, Subnetting, DNS, Firewalls)
- 4.5Module 0.10: Basic Git Operations (Clone, Commit, Push, Pull, Branching)
- 4.6Hands-on Lab: Writing Python scripts for log analysis, creating API clients, building simple web applications
- PHASE 1: DEVOPS FOUNDATIONS & SECURITY MINDSET (Weeks 3-6)Goal: Establish DevOps culture and core practices with security integration from day one0
- Week 3: DevOps Principles & Culture5
- 6.1Module 1.1: DevOps Philosophy & Three Ways (Flow, Feedback, Continuous Learning)
- 6.2Module 1.2: DevSecOps Evolution & Business Value
- 6.3Module 1.3: Shift-Left Security Methodology
- 6.4Module 1.4: Advanced Git Security (Branch Protection, Signed Commits, Hooks)
- 6.5Hands-on Lab: Setting up secure Git workflows with branch protection, signed commits, and pre-commit hooks
- Week 4: Infrastructure as Code (IaC) Security5
- 7.1Module 2.1: Terraform/CloudFormation Security Best Practices
- 7.2Module 2.2: IaC Scanning Tools (Checkov, tfsec, cfn_nag)
- 7.3Module 2.3: Configuration Management Security (Ansible, Puppet, Chef)
- 7.4Module 2.4: Policy as Code (Open Policy Agent, Sentinel)
- 7.5Hands-on Lab: Building secure infrastructure with automated compliance checks
- Week 5: Container & Orchestration Security5
- 8.1Module 3.1: Docker Security Best Practices (Image signing, user namespace, seccomp)
- 8.2Module 3.2: Container Image Scanning (Trivy, Clair, Docker Scout)
- 8.3Module 3.3: Kubernetes Security Hardening (RBAC, Pod Security Standards, Network Policies)
- 8.4Module 3.4: Service Mesh Security (Istio, Linkerd mTLS implementation)
- 8.5Hands-on Lab: Deploying secure Kubernetes cluster with admission controllers
- Week 6: Cloud Platform Security Foundations6
- 9.1Module 4.1: AWS/Azure/GCP Identity & Access Management
- 9.2Module 4.2: Cloud Security Posture Management (CSPM) Tools
- 9.3Module 4.3: Serverless Security Considerations
- 9.4Module 4.4: Secrets Management (HashiCorp Vault, AWS Secrets Manager)
- 9.5Hands-on Lab: Implementing cloud security controls across multi-cloud environment
- 9.6End of Phase 1 Project: Secure Infrastructure Pipeline with compliance gates
- PHASE 2: SECURE CI/CD PIPELINE CONSTRUCTION (Weeks 7-10)Goal: Build automated pipelines with integrated security at every stage0
- Week 7: CI/CD Pipeline Architecture & Security5
- 11.1Module 5.1: Pipeline Design Patterns (Blue/Green, Canary, Feature Flags)
- 11.2Module 5.2: Jenkins Security Hardening (Master/Agent, Credentials, RBAC)
- 11.3Module 5.3: GitLab CI/CD Security Features
- 11.4Module 5.4: GitHub Actions Security Best Practices
- 11.5Hands-on Lab: Building Jenkins pipeline with security plugins and secure configuration
- Week 8: SAST & SCA Integration5
- 12.1Module 6.1: Static Application Security Testing (SonarQube, Fortify, Checkmarx)
- 12.2Module 6.2: Software Composition Analysis (OWASP Dependency-Check, Snyk, WhiteSource)
- 12.3Module 6.3: License Compliance Scanning (FOSSA, Black Duck)
- 12.4Module 6.4: Custom Rule Development for SAST
- 12.5Hands-on Lab: Integrating multiple SAST tools with failure thresholds in pipeline
- Week 9: DAST & Runtime Security5
- 13.1Module 7.1: Dynamic Application Security Testing (OWASP ZAP, Burp Suite)
- 13.2Module 7.2: Interactive Application Security Testing (IAST) Tools
- 13.3Module 7.3: API Security Testing (Postman, Swagger, API Fortress)
- 13.4Module 7.4: Runtime Application Self-Protection (RASP) Concepts
- 13.5Hands-on Lab: Automated DAST scanning in staging environments with risk-based assessment
- Week 10: Security Gates & Quality Gates5
- PHASE 3: ADVANCED DEVSECOPS PRACTICES & EC-COUNCIL FRAMEWORK (Weeks 11-14)6
- 15.1Week 11: Threat Modeling & Secure Design
- 15.2Module 9.1: STRIDE, DREAD, PASTA Threat Modeling Methodologies
- 15.3Module 9.2: Threat Modeling Tools (Microsoft Threat Modeling Tool, IriusRisk)
- 15.4Module 9.3: Architecture Risk Analysis
- 15.5Module 9.4: Secure Coding Standards & Guidelines
- 15.6Hands-on Lab: Conducting threat modeling sessions for microservices architecture
- Week 12: Compliance as Code & Audit Automation5
- 16.1Module 10.1: Regulatory Frameworks (NIST, ISO 27001, SOC 2, PCI-DSS)
- 16.2Module 10.2: Compliance as Code Tools (InSpec, Chef Compliance)
- 16.3Module 10.3: Continuous Compliance Monitoring
- 16.4Module 10.4: Audit Evidence Automation
- 16.5Hands-on Lab: Building automated compliance checks for PCI-DSS requirements
- Week 13: Incident Response & Chaos Engineering5
- 17.1Module 11.1: DevSecOps Incident Response Planning
- 17.2Module 11.2: Security Chaos Engineering (Netflix’s Chaos Monkey, Gremlin)
- 17.3Module 11.3: Digital Forensics in Container Environments
- 17.4Module 11.4: Blameless Postmortems & Continuous Improvement
- 17.5Hands-on Lab: Running chaos experiments on production-like environments