cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
iluom
Contributor II

DevSecOps certification

Hi all,

 

 

Can anyone suggest well recognized certification body for DevSecOps?

 

Thanks

 

Chandra Mouli, CISSP, CCSP, CSSLP
19 Replies
gaius
Newcomer I

Also consider https://www.giac.org/certifications/cloud-security-automation-gcsa/, it should be well-recognised and have a good amount of learning behind it from GIAC/SANS reputation. 

King69
Newcomer I

Earn the Certified DevSecOps Professional certification by passing a 12-hour practical exam. Prove to employers and peers, the practical understanding of the DevSecOps and Secure SDLC. Course participants should have basic understanding of application Security practices like OWASP Top 10.

My HT Space

Beads
Advocate I

Problem with DevOps or DevSecOps is that I haven't designed two the same way. I will say I now remove security from DevOps due to the headwinds I get from Developer types.

 

As for a certification for even vanilla DevOps I know of vendor specific certs from AWS and Azure but nothing vendor neutral.

 

https://learn.microsoft.com/en-us/credentials/certifications/devops-engineer/

 

https://aws.amazon.com/certification/certified-devops-engineer-professional/

 

If past experience is any measure either exam should be fairly easy when you have a year or two of real world practice.

 

- B/Eads

marcoperson250
Newcomer I

The International Association of Privacy Professionals (IAPP) offers credible DevSecOps certificates, such as CIPT. The CCSP is focused on cloud security.

Dan1010
Newcomer II

Sorry to be that guy. Honestly. Experience and Github or SourceForge. This isn't a certification recommendation, but what exactly does a certification intend to achieve. Do, show that you did, and people will be interested in what you can do for them. This also helps to overcome typical shenanigans of resumes. Less talk, let people see what you can do. I am dev. This might be a very dev way to look at things. (If Github or SourceForge arent exactly the places, there must be some popular project-hosting sites that can asssit to show off your work.)

I've done DevSecOps on and off based on what companies need. The need of every company is very, very different. Someone mentioned no two builds are the same. BINGO. And the amount of available solutions and innovation these days; a certification just wouldn't tell me much about the strength of someone. And it tells me nothing about the personality / mindset, which I think are more critical than the knowledge. We can create engineers; we cannot fix a difficult person, haha.

 

This book is amazing. It says everything I wish I could in a precise and accurate manner. https://www.amazon.com/gp/product/0134049845/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1


Beyond what is perceived as DevSecOps, how do we truly make change and influence those around us to work together to do something great? Automation, ci/cd pipelines, quality gates, process control, etc. All good, but it starts at people. The most success I have had in making positive changes that had great results affecting DevSecOps criteria were through my own actions in how I interact with people.

https://www.amazon.com/gp/product/0671027034/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1

https://www.amazon.com/gp/product/0761513698/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1

Very difficult content to embody, but it certainly pays off. Watching a lot of the ISC2 Think Tanks, I suspect many still struggle with this and perhaps aren't aware of it.

Cool discussion! I could be 100% wrong. Let us know what has worked for you!

ober72
Viewer

Hi Everyone,

 

If you want Kubernetes security then the CKS and the beginner KCSA are available over at the Linux Foundation https://www.cncf.io/training/certification/

alfiedane47
Viewer II

I recently passed CISSP provisionally. The exam was tough. My confidence in the answers went up and down throughout the exam because a couple of in several questions could have been the right one and I had to spend more time on several questions than I had planned. My exam lasted for around 2.5 hours. I flagged less than 15 questions for a second review and changed my answer on just 3 questions. Here is resource: ExamforSure.

Caute_cautim
Community Champion

Hi @alfiedane47   Is this in the correct conversation and channel? 

 

Regards

 

Caute_Cautim

waliji
Contributor I

An authentic and acceptable DevSecOps certification is need of the job market

___________________________________________________________________________________________________
I am an experienced Information Security Professional with over 25 years of expertise in diverse industries, including Telecom, Banking, Education and Financial Institutions.
I am ISC2 CISSP certified along with other Information Security certifications.
liam788fh
Viewer II

This certification emphasizes the importance of collaboration between development, security, and operations teams to ensure that security is an inherent part of the development process rather than an afterthought. It covers key principles such as continuous integration and continuous delivery (CI/CD), automated security testing ICC Men, threat modeling, and compliance.