Training Guide

What Certifications make sense?

These certifications make sense for DevSecOps:

Development: I don't think that you need a certification for a programming language or as a software engineer. It helps though to know what a fullstack developer is doing on a daily basis.

Security: In IT Sec companies want to see that you have a certification. It is absolutely necessary to prove your knowledge on the job market. I specify in Web Applicaton Testing and opted for the WEB-300 course and a certification attempt. If you need a broader knowledge you should consider the Comptia Security+ and CISSP certifications. For Penetration testing (not only web) look for offers from Offensive Security (for instance PEN-200) or EC-Council's courses and certifications. Offensive Security works with kali linux and EC-Council with parrotOS.

  • Comptia Security + (basic / broad security and network knowledge)

  • CISSP (basic / broad security and methodology knowledge)

  • Offensive Security PEN-200 (basic pentesting knowledge, kali linux)

  • EC-Council CEH (advanced pentesting knowledge, parrotOS)

  • Offensive Security WEB-300 (advanced web application pentesting knowledge)

Operations:

All of these certification are in demand. They all specify in one tool.

  • Docker Certified Associates (DCA) by docker.com

  • Ansible Certification by Red Hat

  • Certified Jenkins Engineer

  • AWS DevOps Certification by amazon cloud solutions

  • Certified Kubernetes Security Specialist (CKS) from the Cloud Native Computing Foundation

  • Microsoft Certified: DevOps Engineer Expert (AZ-400)

DevSecOps:

I would recommend you to get certified if you quickly need hands-on experience and confidence. If not, you should at least learn one CD/CI tool and how to create build pipelines and integrate build steps with secruity tools.

  • Certified DevSecOps Professional (CDP) from Professional DevSecOps: it is an awesome guided hands-on and complete training with remote assistance. You level up quickly.

  • Pentesters Academy DevSecOps training: content is the same as Professionnal DevSecOps, I doubt they have the same infrastructure for great hands-on training, but maybe I am wrong.

PreviousDevSecOps EngineerNextBuilding a DevSecOps CD/CI Pipeline

Last updated