DevSecOps

Who is This For?

This guide is written primarily for individual contributors who are not currently security engineers, but are interested in learning ways to improve how they implement security practices in their code and how they interact with their security teams and/or consultants. The focus of this guide is to define DevSecOps and dive into ways to support it within an organization.

What is Covered?

Introduction

• What is DevSecOps, its benefits, and how to implement
• Security Terminology

Cultural Changes

Building Empathy & Team Interactions

• Walk A Mile: Shadowing
• Full-Service Ownership
• Security Champions Program
• Meet Needs to Gain Momentum
• Team Interactions

Implementation

Shift Left

• Identify Your Needs With a Security Assessment
• Assessment Frameworks

Training and Education

• Threat Modeling Exercises
• Capture the Flag Games
• Establish Trust: Don't Do Gotchas
• Socially Engineer Security Trainings

Additional Information

• Secure Software Development Life Cycle
• Resources and References

License

This documentation is provided under the Apache License 2.0. In plain English, that means you can use and modify this documentation and use it both commercially and for private use. However, you must include any original copyright notices and the original LICENSE file.

Whether you are a Dreamers of Day customer or not, we want you to have the ability to use this documentation internally at your own company. You can view the source code for all of this documentation on our GitHub account. Feel free to fork the repository and use it as a base for your own internal documentation.