Comprehensive 5-day security program for DevOps, L2, and L3 support engineers. Learn to integrate security into operations, cloud infrastructure, CI/CD pipelines, and application delivery with hands-on labs and practical tools.
Modern DevOps teams manage complex infrastructure and deployment pipelines that are prime targets for attackers. With security training for DevOps engineers, we help organizations integrate security throughout their operations, cloud infrastructure, and application delivery lifecycle.
Our instructors work daily with CI/CD pipelines, cloud environments, and container orchestration—the same tools your team uses. Your engineers learn from real-world attack scenarios through hands-on labs, gaining skills they can apply to harden infrastructure, secure pipelines, and detect threats before they reach production.
This comprehensive 5-day security program progressively covers core areas of IT operations, cloud infrastructure, and application security. The focus is on making DevOps teams more security-aware and equipping them with practical tools to prevent, detect, and respond to threats throughout the software delivery lifecycle.
Introduction to fundamental security concepts, access control, password management, MFA, secrets handling, security logging and monitoring, and incident handling basics for operational teams.
Shared responsibility model, infrastructure types (IaaS, PaaS, SaaS), cloud misconfigurations, core controls including encryption, backups, IAM, network segmentation, and tools like TruffleHog for security scanning.
CI/CD security fundamentals, "shift left" principles, DevSecOps practices, supply chain security, SAST/DAST tools, dependency scanning, and infrastructure as code security with hands-on Jenkins and Docker labs.
Why and how to do threat modeling, building data flow diagrams, identifying trust boundaries, simplifying complex architectures, and hands-on threat modeling exercises using real-world case studies.
Security testing of applications, OWASP Top 10, Web Security Testing Guide, ASVS security verification standard, secure coding practices, dynamic and static testing, and hands-on vulnerability labs.
The training combines theoretical sessions with practical hands-on labs, demos, and real-world case studies. Participants practice with actual security tools and simulate real attacks to understand both defensive and offensive perspectives.
Beginner to Intermediate
Five three-hour long sessions with hands-on labs
Private recordings available on YouTube
English or Ukrainian
5 000 EUR (ex. VAT) for a group of 15-25 students
DevOps, L2/L3 support engineers, and operations teams managing cloud infrastructure and CI/CD pipelines.
Private chat to interact with trainers during and after the course.
Real AWS, Azure, and Kubernetes environments where engineers exploit misconfigurations and fix them—not just slides and theory.
Learn to secure Jenkins, GitLab CI, and GitHub Actions pipelines—from secret management to dependency scanning and deployment hardening.
Taught by OSCP, OSEP, and CISSP-certified engineers who audit cloud infrastructure and CI/CD pipelines daily.
Labs adapted to your cloud provider, container platform, and CI/CD tooling for maximum relevance to your team's daily work.
Online or on-site delivery in English or Ukrainian. All sessions recorded so team members can review material anytime.
Private chat with instructors during and after the course for ongoing Q&A, implementation guidance, and incident response help.
Real AWS, Azure, and Kubernetes environments where engineers exploit misconfigurations and fix them—not just slides and theory.
Learn to secure Jenkins, GitLab CI, and GitHub Actions pipelines—from secret management to dependency scanning and deployment hardening.
Taught by OSCP, OSEP, and CISSP-certified engineers who audit cloud infrastructure and CI/CD pipelines daily.
Labs adapted to your cloud provider, container platform, and CI/CD tooling for maximum relevance to your team's daily work.
Online or on-site delivery in English or Ukrainian. All sessions recorded so team members can review material anytime.
Private chat with instructors during and after the course for ongoing Q&A, implementation guidance, and incident response help.
The communication was organized and the highest level possible using modern tools available. Berezha Security was able to discuss all cybersecurity topics. Although the topics were complex, our staff was able to comprehend the lecturer's lessons. Altogether, the team did a tremendous job.
The audience remained highly engaged during the workshop. The trainer's delivery radically differed from what we expected based on previous experience with CBT security awareness courses. As a result, the audience learned a lot and was able to clear out every pre-existing ambiguity in the corporate security requirements and countermeasures with a professional third-party expert.
Berezha Security conducted effective training sessions. They demonstrated various penetration testing tools to great success, so our team is now familiar with new frameworks. The Berezha team was responsive and communicative; it's comprised of professional experts who know their field well.
Our training is delivered by BSG's senior security consultants who have extensive experience in security governance, large scale environments, cloud security, and application security testing. They bring real-world expertise from hundreds of security assessments and implementations across diverse industries.
Co-founder & COO CISSP
BSG services, operations, and quality leader.
IT auditor and cybersecurity consultant.
Andriy is an accomplished manager with 10+ years of experience in various industry verticals. He has started his IT audit and consulting career and continued in enterprise IT and custom software development services.
Andriy has experience in leading customer relationships within the US, UK, and Western Europe geographies, responsible for distributed teams and permanent engagements of different scales.
Andriy has stood at the root of the Ukrainian cybersecurity professional community and has joined BSG to advance his contribution to the cybersecurity industry's development.
At BSG, Andriy acts the Chief Services Officer and a security consulting practice lead.
Security Consultant, Training Lead
OSCP, Burp Suite Certified Practitioner, eWPTX, eMAPTPenetration tester. CTF game master. OWASP Kyiv chapter leader.
Serhii is an information security professional with vast experience in Application Security and Penetration Testing. He holds industry-recognized certifications including OSCP, Burp Suite Certified Practitioner, eWPTX, and eMAPT, demonstrating comprehensive expertise across web and mobile application security. He manages the full spectrum of appsec and pentesting engagements in the BSG portfolio.
As the BSG Training Lead, he is always up to date on the latest security trends and is passionate about organizing conferences and speaking publicly. He presented and volunteered at BruCON, OWASP Ukraine, NoNameCon, and TestingStage, among many others.
Serhii is fond of sports videogames and loves riding the drone and taking footage of his picturesque travels.
Our team holds the industry's most demanding security certifications, independently validating expertise in penetration testing, application security, cybersecurity consulting, and red team operations.
OSEP
Offensive Security Experienced Penetration Tester
CISSP
(ISC)2 Certified Information Systems Security Professional
OSCP
Offensive Security Certified Professional
CISA
ISACA Certified Information Systems Auditor
CRTP
Certified Red Team Professional
CRTE
Certified Red Team Expert
Burp
Burp Suite Certified Practitioner
eWPTX
INE Security Web Application Penetration Tester eXtreme
eMAPT
INE Security Mobile Application Penetration Tester
eCPPT
INE Security Certified Professional Penetration Tester
CEH
EC-Council Certified Ethical Hacker
In cyber security, offense and defense are both operations. Our training helps engineers understand how attackers think and how defenders respond, so they can build software that resists real-world threats. The true mastery of security lies in learning from both sides and passing that knowledge on.
This training is designed for DevOps engineers, L2/L3 support engineers, operations teams, and anyone responsible for managing cloud infrastructure, CI/CD pipelines, and application deployment processes. It's suitable for both technical and non-technical team members who want to improve their security awareness.
No prior security experience is required. The course starts with fundamental security concepts and progressively builds up to advanced topics. We design the training for operational teams who want to integrate security into their daily DevOps practices, regardless of their current security knowledge level.
You'll get hands-on experience with industry-standard security tools including TruffleHog for secret detection, SAST/DAST scanners for code analysis, Jenkins for secure CI/CD pipelines, Docker security practices, threat modeling tools, and comprehensive OWASP resources and testing guides.
Yes, we offer both online and on-site delivery options. Remote sessions include recorded materials, interactive labs, live demonstrations, and hands-on exercises. All participants get access to cloud-based lab environments and can interact with trainers through private chat channels during and after the course.
The full training program spans five days. Each day covers a focused topic area with a mix of lectures, live demonstrations, and hands-on lab exercises. The schedule is designed to minimize disruption to your team's regular workflow while ensuring comprehensive coverage of all key security areas.
Yes. Every module includes practical exercises in cloud-based lab environments. You'll work with real CI/CD pipelines, container orchestration, and infrastructure-as-code templates to practice detecting and remediating security issues in realistic scenarios.
Absolutely. We tailor the course content to match your team's specific tools and cloud providers. Whether you use AWS, Azure, GCP, or on-premises infrastructure, we adjust the examples, labs, and tooling recommendations to be directly applicable to your environment.
All participants receive a certificate of completion at the end of the training. The certificate confirms your participation in the BSG DevOps Security training program and can be used to demonstrate your team's commitment to security best practices.
The training is available in English or Ukrainian, depending on the group's preferences. All course materials, lab documentation, and reference guides are provided in English to ensure compatibility with industry-standard tools and resources.
5.0★