📋
A Journey From IT to IT Security
  • IT Training Resources
  • IT Security Roles
    • Web Application Security Specialist
      • Training Guide
      • Self-hosted Training Lab
        • Vulnerable Web Apps
      • Web Security testing Methodology
        • 1 Footprinting
        • 2 Scanning
        • 3 Enumeration
        • 4 Gaining Access
        • 5 Maintain Access
        • 6 Covering Tracks
        • 7 Vulnerability assessment
    • DevSecOps Engineer
      • Training Guide
      • Building a DevSecOps CD/CI Pipeline
        • Self-hosted DevOps CD/CI platforms
        • Software Component Analysis (SCA)
        • Static Application Security Testing (SAST)
        • Dynamic Application Security Testing (DAST)
        • System Hardening
        • System Compliance Analysis
        • Vulnerability Analysis
      • Ready-to-use and train DevSecOps CD/CI Pipeline
    • Chief Information Security Officer (CISO)
    • Digital Forensics Investigator
      • Forensics Methodology
    • Cloud Security Engineer
      • Getting started with kubernetes
  • Resources
    • IT Basics
      • Networking Basics Study Guide
      • RBAC / ABAC
      • Anonymous Surfing
      • Python Programming
      • Infrastructure as code
      • Containers
        • Docker
        • Docker security
      • The Security Development Lifecycle (SDL)
    • Literature
    • Useful Tool Tutorials
    • Useful Online Tools
    • Exploits
  • Unsorted
    • Gitlab-ci with docker-compose
Powered by GitBook
On this page
  1. IT Security Roles
  2. DevSecOps Engineer

Training Guide

What Certifications make sense?

These certifications make sense for DevSecOps:

Development: I don't think that you need a certification for a programming language or as a software engineer. It helps though to know what a fullstack developer is doing on a daily basis.

Security: In IT Sec companies want to see that you have a certification. It is absolutely necessary to prove your knowledge on the job market. I specify in Web Applicaton Testing and opted for the WEB-300 course and a certification attempt. If you need a broader knowledge you should consider the Comptia Security+ and CISSP certifications. For Penetration testing (not only web) look for offers from Offensive Security (for instance PEN-200) or EC-Council's courses and certifications. Offensive Security works with kali linux and EC-Council with parrotOS.

  • Comptia Security + (basic / broad security and network knowledge)

  • CISSP (basic / broad security and methodology knowledge)

  • Offensive Security PEN-200 (basic pentesting knowledge, kali linux)

  • EC-Council CEH (advanced pentesting knowledge, parrotOS)

  • Offensive Security WEB-300 (advanced web application pentesting knowledge)

Operations:

All of these certification are in demand. They all specify in one tool.

  • Docker Certified Associates (DCA) by docker.com

  • Ansible Certification by Red Hat

  • Certified Jenkins Engineer

  • AWS DevOps Certification by amazon cloud solutions

  • Certified Kubernetes Security Specialist (CKS) from the Cloud Native Computing Foundation

  • Microsoft Certified: DevOps Engineer Expert (AZ-400)

DevSecOps:

I would recommend you to get certified if you quickly need hands-on experience and confidence. If not, you should at least learn one CD/CI tool and how to create build pipelines and integrate build steps with secruity tools.

  • Certified DevSecOps Professional (CDP) from Professional DevSecOps: it is an awesome guided hands-on and complete training with remote assistance. You level up quickly.

  • Pentesters Academy DevSecOps training: content is the same as Professionnal DevSecOps, I doubt they have the same infrastructure for great hands-on training, but maybe I am wrong.

PreviousDevSecOps EngineerNextBuilding a DevSecOps CD/CI Pipeline

Last updated 3 years ago