NTU-Scantist DevSecOps Professional & Tools

Course Provider

Centre for Professional and Continuing Education (PaCE@NTU)

Certification

Continuing Education and Training Certificate

Introduction

The NTU-Scantist DevSecOps Professional & Tools course is offered in collaboration with Cyber Security Research Centre @ NTU (CYSREN), with a focus on addressing cybersecurity risks at the software development level. 

This course leverages NTU’s core research competencies in cybersecurity and combines it with the industry expertise of Scantist. It provides a comprehensive understanding of the DevSecOps (DevOps Security) process from a strategic as well as executive standpoint - covering the why, how and what of DevSecOps. The course also provides hands-on experience by exposing participants to over half-dozen state-of-the-art tools that are essential to architecting DevSecOps pipelines.

Participants would walk away with the ability to lead DevSecOps initiatives within their organisations. This would allow them to automate and help improve the security posture and cyber hygiene across the software development process. At the end of this course, participants who passed the course assessment will be rewarded with a coupon to attempt the industry recognised DevSecOps Foundation (DSOF) exam. 


Course Schedule

Day 1
9am - 10am: (Virtual session) Briefing
10am - 5pm: (e-Learning) Offline reading

Day 2 - 4
9am - 5pm: (Virtual session) Lecture and Hands-on Lab

Course Availability

  • Date(s): 28 Sep 2022 to 03 Oct 2022

    Time: 9:00AM to 5:00PM (Day 1: Asynchronous, Day 2-4: Synchronous)

    Venue: Virtual (Online) & NTU e-Learning Platform

    Registration is closed.

  • Date(s): 26 to 31 Oct 2022

    Time: 9:00AM to 5:00PM (Day 1: Briefing and Self-learning, Day 2-4: Facilitated learning)

    Venue: Virtual (Online) & NTU e-Learning Platform

    Registration Closing Date: 14 Oct 2022

  • Understand DevSecOps history, processes and models
  • Understand Risk management techniques and threat modeling for software development
  • Establish target DevSecOps outcomes and manage organizational stakeholders
  • Architecting a DevSecOps pipeline according to best practices
  • Implementing a baseline DevOps pipeline from scratch
  • Securing DevOps pipeline using security and monitoring tools to achieve DevSecOps outcome
  • Ensuring DevSecOps continuity, reliability and compliance

Application Security and Compliance

  • Vulnerability management and triaging
    • Common Vulnerabilities and Exposures (CVE)
    • Risk based vulnerability management process
    • Triage: Deep Dive and Best Practices
    • Vulnerability risk assessment using CVSS
    • Vulnerability Remediation Strategies
  • Cybersecurity Security Considerations
    • Application Security
    • Operational Security
    • Importance and management of SBOMs
  • Governance, Risk, Compliance (GRC) and Audit
    • Logging, Monitoring, and Response

  

DevOps Institute Certification (DevSecOps Foundation)

  • Realizing DevSecOps Outcomes
    • Origins of DevOps
    • Evolution of DevSecOps
    • DevSecOps in the real world
  • Defining the Cyberthreat Landscape
    • What is a cyber threat and the threat landscape?
    • What do we protect, from whom and why?
    • Fundamentals of security
  • Building a Responsive DevSecOps Model
    • Demonstrate Model
    • Technical, business and human outcomes
    • Measuring outcomes and planning for success
  • Integrating DevSecOps Stakeholders
    • The DevSecOps Stakeholders
    • Participating in the DevSecOps model
  • Establishing DevSecOps Best Practices
    • Start where you are
    • Integrating people, process and technology and governance
    • DevSecOps operating model
    • Communication practices and boundaries
    • Focusing on outcomes
  • Best Practices to get Started
    • The Three Ways
    • Identifying target states
    • Value stream-centric thinking
  • DevOps Pipelines and Continuous Compliance
    • The goal of a DevOps pipeline
    • Why continuous compliance is important
    • Archetypes and reference architectures
    • Coordinating DevOps Pipeline construction
    • DevSecOps tool categories, types and examples
  • Learning Using Outcomes
    • Security Training Options
    • Training as Policy
    • Experiential Learning
    • Cross-Skilling
    • The DevSecOps Collective Body of Knowledge
    • Preparing for the DevSecOps Foundation certification exam

 

DevSecOps Toolchains

  • Software Composition Analysis Tools (SCA) - Scantist
  • Static Application Security Testing (SAST) - Sonarqube
  • Dynamic Application Security Testing (DAST) - OWASP ZAP
  • Version Control Systems (VCS) - Git
  • Continuous Integration (CI) - Jenkins
  • Security Orchestration (SOAR) - DefectDojo
  • Issue Management and Tracking (ITS) – JIRA

 

Hands-on Lab

  • Software Composition Analysis Tools (SCA)
  • Static Application Security Testing (SAST)
  • Dynamic Application Security Testing (DAST)

This course is suitable for:

  • Anyone working in or transitioning to a DevOps environment
  • Anyone who wants to understand where to add security checks, testing, and other controls to cloud and DevOps Continuous Delivery pipelines
  • Compliance Team
  • DevOps Engineers
  • Software Engineers Testers

Minimum Entry Requirement

  • Participants should have baseline knowledge and understanding of common DevOps definitions and principles
  • Basic IT knowledge and fundamentals of cybersecurity

Standard Course Fee: S$4,280.00

Course fee payable after SSG funding, if eligible under various schemes

Cat-A SSG Funded Courses

S$1,284.00

Enhanced Training Support for SMEs (ETSS)

S$484.00

Mid-Career Enhanced Subsidy (MCES)

S$484.00

  • All fees stated are inclusive of 7% GST
  • NTU/NIE alumni may utilise their $1,600 Alumni Course Credits. Click  here for more information. 
Read more about funding
Dr Ding Sun

Dr Ding Sun

Dr Ding Sun is the Engineering Head of Scantist. He leads the core engineering team to develop AppSec related products and solutions, including SCA, SAST, DAST and company’s data platform for OSS Intelligence. He oversees the architecture design and involves intensively in the improvement of our DevSecOps process. He currently is a mentor of PowerX Cyber Security Program of SGInnovate.

Ding Sun holds a Ph.D. in software engineering. He works multiple years in cyber security and software industry. He is passionate about translating and implementing science into practice. He bridges the academia research team and development team, accelerates the transformation from research outcomes into technical products.

In this course, Ding Sun would like to share the latest industry trends, best practise and tools for DevSecOps. 

 

Mr Martin Thong

Mr Martin Thong

Martin is an innovative Lecturer who is determined to help students learn through engagement and spur interest through experiential learning. Time-tested demonstration and mnemonics are devised to help students acquire intended information.

Martin has been lecturing at Republic Poly since 2007 on STEM related topics and Programing subjects.He is a creative thinker with flexibility to allow students to guide direction of lectures and achieve most out of interdisciplinary education experience.

Martin is also involved in evangelising the DevSecOps framework with Scantist.

  • Associate Lecturer Republic Poly
    • Lectured Mathematics, Python, C language, Engineering Design and Internet of Things using Problem Based Learning
  • Robotics Trainer Co-developer in Arduino and Raspberry Pi lessons

Mr Rodrigo Bermudez Schettino

Mr Rodrigo Bermudez Schettino

Rodrigo is a Principal Software Engineer at Scantist, where he oversees DevSecOps, process automation and performance optimization. He holds a Master's degree in Computer Science with specialization in AI at the Technical University of Berlin in Germany and graduated from EPFL in Switzerland.

Rodrigo worked at CERN (European Organization for Nuclear Research; birthplace of the World Wide Web) in the Linux and Configuration Support section and served as a mentor at CERN's Webfest 2021 hackathon before joining Scantist.

Rodrigo is passionate about open source and is an avid contributor on GitHub.

 
 

Mr Rohan Sood

Mr Rohan Sood

Rohan is the Head of Operations and founding team member of Scantist and is the founding member of this NTU spin-off. Scantist believes that cyber-security should be an enabler, and not a threat, in the efforts to build a smart society.

Rohan oversees product development and business operations. Rohan is also a fervent champion for the DevSecOps movement and is passionate about web development and the capabilities of big data. Rohan being a fanatic web-developer and Cybersecurity enthusiast, is also part of better.sg https://better.sg . better.sg is a non profit organisation where they build and supercharge innovative digital tools to address societal issues. At the society, Rohan and his committee members help organisations do more social good using technology. 

Rohan also represented Singapore's Cyber-Security start-up ecosystem at the Department of Homeland Security's annual showcase in Washington DC thanks to the PMO's National Research Foundation Singapore. 

 

Dr Liu Yang

Dr Liu Yang

Dr Liu Yang is currently a full professor, director of the cybersecurity lab, Program Director of HP-NTU Corporate Lab and Deputy Director of the National Satellite of Excellence of Singapore. In 2019, he received the University Leadership Forum Chair professorship at NTU.

Dr. Liu specializes in software verification, security and software engineering. His research has bridged the gap between the theory and practical usage of formal methods and program analysis to evaluate the design and implementation of software for high assurance and security. By now, he has more than 300 publications in top tier conferences and journals. He has received a number of prestigious awards including MSRA Fellowship, TRF Fellowship, Nanyang Assistant Professor, Tan Chin Tuan Fellowship, Nanyang Research Award (Young Investigator) 2018, NRF Investigatorship 2020 and 10 best paper awards and one most influence system award in top software engineering conferences like ASE, FSE and ICSE.