Earn the Certified DevSecOps Professional certification by passing a 12-hour practical exam. Prove to employers and peers, the practical understanding of the DevSecOps and Secure SDLC. Course participants should have basic understanding of application Security practices like OWASP Top 10.

My HT Space

Problem with DevOps or DevSecOps is that I haven't designed two the same way. I will say I now remove security from DevOps due to the headwinds I get from Developer types.

As for a certification for even vanilla DevOps I know of vendor specific certs from AWS and Azure but nothing vendor neutral.

https://learn.microsoft.com/en-us/credentials/certifications/devops-engineer/

https://aws.amazon.com/certification/certified-devops-engineer-professional/

If past experience is any measure either exam should be fairly easy when you have a year or two of real world practice.

- B/Eads

The International Association of Privacy Professionals (IAPP) offers credible DevSecOps certificates, such as CIPT. The CCSP is focused on cloud security.

Sorry to be that guy. Honestly. Experience and Github or SourceForge. This isn't a certification recommendation, but what exactly does a certification intend to achieve. Do, show that you did, and people will be interested in what you can do for them. This also helps to overcome typical shenanigans of resumes. Less talk, let people see what you can do. I am dev. This might be a very dev way to look at things. (If Github or SourceForge arent exactly the places, there must be some popular project-hosting sites that can asssit to show off your work.)

I've done DevSecOps on and off based on what companies need. The need of every company is very, very different. Someone mentioned no two builds are the same. BINGO. And the amount of available solutions and innovation these days; a certification just wouldn't tell me much about the strength of someone. And it tells me nothing about the personality / mindset, which I think are more critical than the knowledge. We can create engineers; we cannot fix a difficult person, haha.

This book is amazing. It says everything I wish I could in a precise and accurate manner. https://www.amazon.com/gp/product/0134049845/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1

Beyond what is perceived as DevSecOps, how do we truly make change and influence those around us to work together to do something great? Automation, ci/cd pipelines, quality gates, process control, etc. All good, but it starts at people. The most success I have had in making positive changes that had great results affecting DevSecOps criteria were through my own actions in how I interact with people.

https://www.amazon.com/gp/product/0671027034/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1

https://www.amazon.com/gp/product/0761513698/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1

Very difficult content to embody, but it certainly pays off. Watching a lot of the ISC2 Think Tanks, I suspect many still struggle with this and perhaps aren't aware of it.

Cool discussion! I could be 100% wrong. Let us know what has worked for you!

I recently passed CISSP provisionally. The exam was tough. My confidence in the answers went up and down throughout the exam because a couple of in several questions could have been the right one and I had to spend more time on several questions than I had planned. My exam lasted for around 2.5 hours. I flagged less than 15 questions for a second review and changed my answer on just 3 questions. Here is resource: ExamforSure.