Close Cookies Alert

This website uses cookies to learn and improve. More info in our Privacy Policy.

Security for DevOps Training

Comprehensive 5-day security program for DevOps, L2, and L3 support engineers. Learn to integrate security into operations, cloud infrastructure, CI/CD pipelines, and application delivery with hands-on labs and practical tools.

Sign Up
Secure DevOps Practices Training

Modern DevOps teams manage complex infrastructure and deployment pipelines that are prime targets for attackers. With security training for DevOps engineers, we help organizations integrate security throughout their operations, cloud infrastructure, and application delivery lifecycle.

Training Details

Course level

Beginner to Intermediate

Effort

Five three-hour long sessions with hands-on labs

Format

Private recordings available on YouTube

Language

English or Ukrainian

Price

Price

5 000 EUR (ex. VAT) for a group of 15-25 students

Suitable for

Suitable for

DevOps, L2/L3 support engineers, and operations teams managing cloud infrastructure and CI/CD pipelines.

Feedback & Support

Feedback & Support

Private chat to interact with trainers during and after the course.

Why do DevOps Teams Need Security Training?

Modern DevOps teams are responsible for the entire application delivery pipeline, from infrastructure provisioning to deployment and monitoring. This makes them critical stakeholders in organizational security, yet many lack the specialized knowledge to identify and mitigate security risks in their daily operations.

Without proper security training, DevOps engineers may unknowingly introduce vulnerabilities through misconfigured cloud resources, insecure CI/CD pipelines, exposed secrets, or inadequate monitoring. This training bridges that gap by providing practical, hands-on security knowledge tailored specifically for operations teams.

Training Program

This comprehensive 5-day security program progressively covers core areas of IT operations, cloud infrastructure, and application security. The focus is on making DevOps teams more security-aware and equipping them with practical tools to prevent, detect, and respond to threats throughout the software delivery lifecycle.

  • Security for Support Engineers

    Introduction to fundamental security concepts, access control, password management, MFA, secrets handling, security logging and monitoring, and incident handling basics for operational teams.

  • Cloud Security and Configuration

    Shared responsibility model, infrastructure types (IaaS, PaaS, SaaS), cloud misconfigurations, core controls including encryption, backups, IAM, network segmentation, and tools like TruffleHog for security scanning.

  • CI/CD & GitOps Security

    CI/CD security fundamentals, "shift left" principles, DevSecOps practices, supply chain security, SAST/DAST tools, dependency scanning, and infrastructure as code security with hands-on Jenkins and Docker labs.

  • Threat Modeling

    Why and how to do threat modeling, building data flow diagrams, identifying trust boundaries, simplifying complex architectures, and hands-on threat modeling exercises using real-world case studies.

  • Application Security

    Security testing of applications, OWASP Top 10, Web Security Testing Guide, ASVS security verification standard, secure coding practices, dynamic and static testing, and hands-on vulnerability labs.

The training combines theoretical sessions with practical hands-on labs, demos, and real-world case studies. Participants practice with actual security tools and simulate real attacks to understand both defensive and offensive perspectives.

Sign Up
Sign Up

Training Benefits

High DevOps Engagement

We keep DevOps teams engaged by applying hands-on training with real infrastructure and pipeline scenarios. Practical tasks keep the students excited and help them better absorb security concepts.

Only Crucial Security Practices

We share the knowledge we are practicing day-to-day in DevOps environments: no theorizing or "best practice" mumbo-jumbo, only the practical security tools and techniques.

Real-World DevSecOps Focus

We use real cloud environments, actual CI/CD pipelines, and genuine security tools like TruffleHog, SAST/DAST scanners in our hands-on DevOps security training.

No Prior Knowledge Required

We offer the training to DevOps, L2/L3 support, and operations teams, so there are no specific security requirements for infrastructure professionals.

In cyber security, offense and defense are both operations. Our training helps engineers understand how attackers think and how defenders respond, so they can build software that resists real-world threats. The true mastery of security lies in learning from both sides and passing that knowledge on.

Vlad Styran

VLAD STYRAN

CISSP CISA OSCP, Co-founder

Training Schedule

Day 1

Security for DevOps Engineers

  • Introduction to fundamental security concepts and access control mechanisms.
  • Password management best practices, multi-factor authentication (MFA) implementations.
  • Secrets handling in operational environments, credential management.
  • Security logging and monitoring for sontinuous development environments.
  • Incident handling basics for operational teams, response procedures.

#itsecurity #accesscontrol #mfa #secrets #monitoring

Day 2

Cloud Security and Configuration

  • Shared responsibility model in cloud environments (AWS, Azure, GCP).
  • Infrastructure types (On-premises, IaaS, PaaS, SaaS) explained with pizza analogy.
  • Cloud misconfigurations as leading security risks, major prevention strategies.
  • Core controls and principles: encryption, backups, disaster recovery, IAM, least privilege.
  • Network segmentation, WAF, DDoS protection, preventing secrets leaks.

#cloudsecurity #misconfigurations #waf #ddos

Day 3

CI/CD & GitOps Security

  • Fundamentals of Continuous Integration/Continuous Delivery (CI/CD) security.
  • Security "shift left" principle – moving security checks earlier in pipelines.
  • DevSecOps practices, secure DevOps implementation strategies.
  • Supply chain security risks, real cases of build pipeline compromises.
  • Hands-on labs with Jenkins, Git, Docker simulating real attacks and exploits.

#cicd #devsecops #shiftleft

Day 4

Threat Modeling

  • Why and how to do threat modeling for DevOps environments.
  • Building data flow diagrams, identifying trust boundaries.
  • Practicing with a vulnerable HR application as case study.
  • Simplifying complex architectures for effective threat modeling.
  • Hands-on card game to generate and discuss cyber threats.

#threatmodeling #dataflow #trustboundaries

Day 5

Application Security

  • Security testing of applications, why testing is necessary.
  • OWASP Top 10 limitations and practical usefulness.
  • OWASP Web Security Testing Guide practical test cases.
  • OWASP ASVS security verification standard.
  • Dynamic and static testing, secret management, dependency scanning labs.

#appsec #owasp #sast #dast

Start building more secure and resilient infrastructure: enroll your DevOps team for security training.

Sign Up

Trainers

Our training is delivered by BSG's senior security consultants who have extensive experience in security governance, large scale environments, cloud security, and application security testing. They bring real-world expertise from hundreds of security assessments and implementations across diverse industries.

Andriy Varusha
Andriy Varusha

Co-founder & COO CISSP

BSG services, operations, and quality leader.
IT auditor and cybersecurity consultant.

LinkedIn
Andriy Varusha
Co-founder & COO

Andriy is an accomplished manager with 10+ years of experience in various industry verticals. He has started his IT audit and consulting career and continued in enterprise IT and custom software development services.

Andriy has experience in leading customer relationships within the US, UK, and Western Europe geographies, responsible for distributed teams and permanent engagements of different scales.

Andriy has stood at the root of the Ukrainian cybersecurity professional community and has joined BSG to advance his contribution to the cybersecurity industry's development.
At BSG, Andriy acts the Chief Services Officer and a security consulting practice lead.

https://www.linkedin.com/in/andriyvarusha/
/public/images/team/Andriy-Varusha_big.jpg
Serhii Korolenko
Serhii Korolenko

Security Consultant, Training Lead

OSCP, eWPTX, eMAPT

Penetration tester. CTF game master. OWASP Kyiv chapter leader.

LinkedIn
Serhii Korolenko
Security Consultant, Training Lead

Serhii is an information security professional with vast experience in Application Security and Penetration Testing. He manages the full spectrum of appsec and pentesting engagements in the BSG portfolio.

As the BSG Training Lead, he is always up to date on the latest security trends and is passionate about organizing conferences and speaking publicly. He presented and volunteered at BruCON, OWASP Ukraine, NoNameCon, and TestingStage, among many others.

Serhii is fond of sports videogames and loves riding the drone and taking footage of his picturesque travels.

https://www.linkedin.com/in/sergiy-korolenko-82b2ab46/
/public/images/team/Serhii-Korolenko_big.jpg

Our Certificates

All of BSG's mid to senior-level professionals possess esteemed cybersecurity certifications, with a majority being OSCP-certified. These independent certifications validate our team's expertise in application security, penetration testing, and top-tier security consulting services.

Related Services

Application Security Services

You might require application security services if you need to quickly pentest an app, start building an SDLC, or bootstrap the DevSecOps pipeline. Aside from Security for DevOps training, you can outsource application security practices to an appsec service provider.

Learn more

Secure Development Training

We share our application security knowledge and train software developers to build secure applications. In this course, we teach secure development practices that complement DevOps security training by covering the full software development lifecycle.

Learn more

FAQ

Who should attend this DevOps security training?

This training is designed for DevOps engineers, L2/L3 support engineers, operations teams, and anyone responsible for managing cloud infrastructure, CI/CD pipelines, and application deployment processes. It's suitable for both technical and non-technical team members who want to improve their security awareness.

Do I need prior security experience for this course?

No prior security experience is required. The course starts with fundamental security concepts and progressively builds up to advanced topics. We design the training for operational teams who want to integrate security into their daily DevOps practices, regardless of their current security knowledge level.

What security tools will we learn in this training?

You'll get hands-on experience with industry-standard security tools including TruffleHog for secret detection, SAST/DAST scanners for code analysis, Jenkins for secure CI/CD pipelines, Docker security practices, threat modeling tools, and comprehensive OWASP resources and testing guides.

Can this training be delivered remotely?

Yes, we offer both online and on-site delivery options. Remote sessions include recorded materials, interactive labs, live demonstrations, and hands-on exercises. All participants get access to cloud-based lab environments and can interact with trainers through private chat channels during and after the course.

Team member photo