Bootstrap Themes

Training Program

Unlock the Potential of Modern Technology Expertise

Join our comprehensive training programs and gain hands-on knowledge in Cloud Services, DevOps methodologies, and cutting-edge technologies. Enhance your professional capabilities with our industry-leading instructors and practical training approach.

DevSecOps Programs


Certified DevSecOps Professional

  • DevOps fundamentals and building blocks
  • DevOps principles and benefits
  • CI/CD pipeline workflow
  • Blue/Green deployment strategy
  • Designing a web application CI/CD pipeline
  • Case studies of DevOps at tech giants

  • Gitlab/Github
  • Docker
  • Gitlab CI/Github Actions/Circle CI/Jenkins/Travis
  • OWASP ZAP
  • Ansible
  • Inspec

  • Secure SDLC overview
  • Security requirements
  • Threat modeling
  • Static analysis and secure by default
  • Dynamic analysis
  • OS and web/application hardening
  • Security monitoring and compliance
  • DevSecOps Maturity Model

  • Introduction to Software Component Analysis
  • Challenges in SCA
  • SCA tools and their selection
  • Embedding SCA tools in the pipeline

  • Introduction to Static Application Security Testing (SAST)
  • Challenges in SAST
  • Embedding SAST tools in the pipeline
  • Secrets scanning and custom checks

  • Introduction to Dynamic Application Security Testing (DAST)
  • Challenges in DAST
  • Embedding DAST tools in the pipeline
  • SSL misconfiguration and server misconfiguration testing
  • Creating baseline scans

  • Introduction to Infrastructure as Code (IaC)
  • Benefits of Infrastructure as Code
  • Introduction to Ansible
  • Push-based and pull-based configuration management systems
  • Hands-on: Using Ansible for infrastructure management
  • Tools and services for Infrastructure as Code

  • Approaches to handle compliance requirements at scale
  • Using configuration management for compliance
  • Managing compliance using tools like Inspec/OpenScap
  • Hands-on: Creating compliance checks using Inspec profile

  • Approaches to manage vulnerabilities in the organization
  • Hands-on: Using Defect Dojo for vulnerability management

Certified DevSecOps Expert

  • DevOps Building Blocks- People, Process and Technology
  • DevOps Principles – Culture, Automation, Measurement and Sharing (CAMS)
  • Benefits of DevOps – Speed, Reliability, Availability, Scalability, Automation, Cost and Visibility
  • Overview of the DevSecOps critical toolchain
  • Repository management tools
  • Continuous Integration and Continuous Deployment tools

  • What is Threat Modelling?
  • STRIDE vs DREAD approaches
  • Threat modeling and its challenges
  • Classical Threat modeling tools and how they fit in CI/CD pipeline
  • Hands-On Labs: Automate security requirements as code
  • Hands-On Labs: Using ThreatSpec to do Threat Modelling as Code

  • Why pre-commit hooks are not a good fit in DevSecOps
  • Writing custom rules to improve the quality of results
  • Various approaches to write custom rules in free and paid tools
  • Regular expressions, Abstract Syntax Trees, Graphs (Data and Control Flow analysis)
  • Hands-On Labs: Writing custom checks in the bandit for your enterprise applications

  • Embedding DAST tools into the pipeline
  • Leveraging QA/Performance automation to drive DAST scans
  • Using Swagger (OpenAPI) and ZAP to scan APIs iteratively
  • Ways to handle custom authentications for ZAP Scanner
  • Using Zest Language to provide better coverage for DAST scans
  • Hands-On Labs: Using ZAP + Selenium + Zest to configure in-depth scans
  • Hands-On Labs: Using Burp Suite Pro to configure per commit/weekly/monthly scans
  • Note: Students need to bring their Burp Suite Pro License to use in CI/CD

  • What is Runtime Analysis Application Security Testing?
  • Differences between RASP and IAST
  • Runtime Analysis and challenges
  • RASP/IAST and its suitability in CI/CD pipeline
  • Hands-On Labs: A commercial implementation of the IAST tool

  • Configuration management (Ansible, Chef, Puppet)
  • Infrastructure as Code (Terraform)
  • Security considerations in IaC
  • Automated scanning of IaC templates
  • Hands-On Labs: Integrating security scanning in IaC pipelines
  • Hands-On Labs: Automating infrastructure security using tools like Terraform

  • Containerization (Docker, Kubernetes)
  • Container security challenges
  • Container vulnerability scanning
  • Best practices for securing containerized applications
  • Hands-On Labs: Scanning container images for vulnerabilities
  • Hands-On Labs: Implementing security practices for containerized applications

  • Cloud infrastructure and services (AWS, Azure, Google Cloud)
  • Cloud security challenges
  • Securing cloud resources
  • Identity and Access Management (IAM)
  • Hands-On Labs: Implementing security controls in cloud deployments

  • Creating a DevSecOps culture
  • Security champions and cross-functional collaboration
  • Building security into the development process
  • Building security into the development process
  • Implementing security training and awareness programs
  • Collaboration between security, development, and operations teams
  • Hands-On Labs: Integrating security into the CI/CD workflow

Certified Security Plus

  • Training Orientation
  • Review of Key Cyber Security Concepts related to SOC (Network Protocols, Firewalls, Social Engineering and Advanced Attacks, Advanced Network Security, etc.)
  • Introduction to Security Operation Center (SOC) Analysis
  • Levels of SOC and Responsibilities

  • Essential Terminology
  • Incident Assignment, Update, and Escalation
  • Incident and Event Categorization
  • Third Party Resolution and Escalation
  • Service Operations and Continuous Service Improvement
  • Introduction to Incident Response
  • Introduction to Ticketing Systems (JIRA, Remedy, Service Now, Archer, etc.)

  • Introduction to the Intrusion Kill Chain Model
  • Introduction to SIEM Tools
  • Different SIEM Tools
  • Splunk Searches and Splunk Enterprise Security (ES)
  • FireEye Tools and FireEye Alerts Analysis (NX & CM)
  • IOCs Evaluation and Analysis
  • Sender’s Email Fingerprinting and Domain Analysis using Open Source Tools

  • Introduction to Network Intrusion, Investigation, and Analysis of Network Processes
  • IP Scanning and Analysis using OSINT
  • MacAfee Web Gateway Proxy and Web Access Requests Processing
  • Blocking Malicious IPs, Hashes, Files, Email Addresses, and Domains (URL)
  • Cisco Source Fire and Source Fire Alerts
  • Other SIEM Tools, Alerts, and SOPs
  • Review of Accidental Disclosure Requests following Standard Operating Procedure

  • Introduction to Application Intrusion and Phishing Email Analysis
  • Malicious Email Alert Analysis
  • Email Header Analysis
  • URL (Domain/Link) Scan Tools and Open Sources
  • DLP Tools and DLP Alerts
  • FireEye Tools and FireEye Alerts Analysis (ETP, EX & CM)
  • IRON PORT Tool and IRON PORT Alerts Analysis (WSA & ESA)
  • Google Admin, Google Vault & Google DLP Alerts and Application Processing
  • Tenable Application and OS Vulnerability Processing
  • Overall Review of Concepts and Practical
  • Further IOCs Evaluation and Analysis using Open Source Tools

  • Introduction to Endpoint Security (OS)
  • FireEye HX
  • Cylance Antivirus Application

  • Resume Building and Interview Preparations
  • Questions and Answers
  • Enhancements on SIEM Tools

  • Processing Threat Intel (TI)
  • Analyzing malicious activities and phishing emails from incident to resolution
  • Using ticketing systems (JIRA, Archer, Remedy, Service Now) for incident handling
  • Source code leakages analysis with MacAfee DLP Manager
  • Splunk searches on Firewall, sys, and network IPS logs
  • Monitoring malicious activities with IDS tools like SPLUNK ES
  • Blocking malicious IP, URL, & Hashes with MacAfee Web Proxy
  • Analyzing and granting web access with MacAfee Web Proxy
  • Resume building and interview preparation
  • Individual appointments for personal concerns

  • Network-Based SIEM Tools: Cisco Firepower, Cisco Snort, FireEye NX, Firewall, Splunk ES
  • Host-Based SIEM Tools: Cisco IronPort, FireEye EX/ETP, McAfee DLP Manager, McAfee Web Gateway Proxy, Akamai, Splunk Search and Reporting, Splunk Enterprise Security (ES)
  • Endpoint Host-Based SIEM Tools: FireEye HX, McAfee Antivirus, Cylance, Trend Micro, Sematec Antivirus, Sophos Antivirus, etc.

Why Choose Our Training Programs?

Become a Certified DevSecOps Expert

Unlock your potential with hands-on training. Learn from industry experts. Secure software development processes.

Get A Quote

Comprehensive Curriculum

Gain in-depth knowledge of DevSecOps practices through a wide range of topics and industry-relevant content.

Hands-On Learning

Apply theory to real-world scenarios with practical labs, enabling you to confidently implement DevSecOps practices.

Expert Instructors

Learn from experienced industry professionals who provide valuable insights, best practices, and guidance throughout the training.

Cloud and DevOps Programs


AWS Professional

  • Overview of AWS services and offerings
  • AWS global infrastructure and regions
  • Understanding AWS architecture and components
  • Identity and Access Management (IAM) in AWS

  • Networking fundamentals in AWS
  • Creating and configuring Virtual Private Cloud (VPC)
  • Subnetting and routing in VPC
  • Connecting VPCs and VPN connectivity

  • Overview of EC2 instances and instance types
  • Auto Scaling for dynamic workload management
  • Elastic Load Balancing for high availability
  • Containerization with AWS ECS and EKS
  • Hands-on: Launching and managing EC2 instances

  • AWS storage services: S3, EBS, EFS, and Glacier
  • Data archiving and backup strategies
  • Content Delivery Networks (CDNs) with CloudFront
  • Data transfer and import/export options
  • Hands-on: Configuring S3 buckets and managing data

  • Relational and non-relational databases in AWS
  • Managing databases with RDS and DynamoDB
  • Data warehousing and analytics with Redshift
  • Big data processing with AWS EMR and Athena
  • Hands-on: Setting up and querying databases in AWS

  • Securing AWS resources and services
  • Identity and Access Management (IAM) policies
  • Network security with Security Groups and NACLs
  • Auditing, logging, and monitoring in AWS
  • Hands-on: Configuring security groups and IAM policies

  • Application integration with AWS SQS and SNS
  • Event-driven architectures with AWS Lambda
  • API Gateway for building RESTful APIs
  • Messaging and streaming with Kinesis
  • Hands-on: Building serverless applications with Lambda

  • AWS CloudFormation for infrastructure as code
  • Deployment strategies and blue/green deployments
  • Configuration management with AWS OpsWorks
  • Application orchestration with AWS Elastic Beanstalk
  • Hands-on: Automating infrastructure with CloudFormation

  • Designing for high availability in AWS
  • Load balancing and fault tolerance strategies
  • Data replication and backup options
  • Disaster recovery planning and implementation
  • Hands-on: Implementing high availability and backup solutions

Azure DevOps Expert

  • Overview of Azure DevOps and its key components
  • Understanding DevOps principles and benefits
  • Azure DevOps services and tools
  • Introduction to Agile and Scrum methodologies

  • Working with Azure Repos and Git
  • Branching and merging strategies
  • Managing code reviews and pull requests
  • Integration with IDEs and development environments
  • Hands-on: Setting up and managing Azure Repos

  • Creating and configuring CI/CD pipelines
  • Building, testing, and packaging applications
  • Artifact management and versioning
  • Automated deployments to Azure and other environments
  • Hands-on: Building and deploying applications with Azure Pipelines

  • Managing work items and user stories
  • Creating and tracking project backlogs
  • Agile planning and sprint management
  • Collaboration and communication tools in Azure Boards
  • Hands-on: project management with Azure Boards

  • Creating and managing test plans
  • Test case management and execution
  • Exploratory testing and session-based testing
  • Test result analysis and reporting
  • Hands-on: Test planning and execution with Azure Test Plans

  • Managing package dependencies
  • Creating and publishing packages
  • Versioning and release management
  • Integration with other package managers
  • Hands-on: Package management with Azure Artifacts

  • Security best practices in Azure DevOps
  • Access control and permissions management
  • Implementing security policies and restrictions
  • Auditing and compliance monitoring
  • Hands-on: Configuring security and compliance in Azure DevOps

  • Monitoring and analyzing project metrics
  • Creating custom reports and dashboards
  • Tracking team performance and productivity
  • Integration with Power BI for advanced analytics
  • Hands-on: Analyzing project data with Azure Boards Analytics

  • Extending Azure DevOps with customizations
  • Building and publishing extensions
  • Integration with third-party tools and services
  • Automation and scripting using Azure DevOps APIs
  • Hands-on: Developing and integrating with Azure DevOps

Google Cloud Professional

  • Overview of GCP services and infrastructure
  • Understanding GCP regions, zones, and projects

  • Virtual Machine instances (Compute Engine)
  • Containerized applications (Kubernetes Engine)
  • Serverless computing (Cloud Functions)
  • Hands-on: Creating and managing VM instances

  • Object storage (Cloud Storage)
  • Relational databases (Cloud SQL)
  • NoSQL databases (Cloud Firestore)
  • Hands-on: Storing and retrieving data in Cloud Storage

  • Virtual Private Cloud (VPC) and subnets
  • Load balancing and network routing
  • Network security and firewall rules
  • Hands-on: Configuring network firewall rules

  • Managing user identities and permissions
  • Service accounts and IAM roles
  • Hands-on: Managing IAM roles and permissions

  • Data processing with BigQuery
  • Data streaming with Pub/Sub
  • Data analysis with Dataflow and Dataproc
  • Hands-on: Analyzing data with BigQuery

  • Machine learning services (AutoML, AI Platform)
  • Natural Language Processing (NLP) and Speech Recognition
  • Computer Vision and Image Analysis
  • Hands-on: Building a machine learning model with AutoML

  • GCP security best practices
  • Data encryption and key management
  • Compliance standards and certifications
  • Hands-on: Implementing data encryption at rest

  • Resource monitoring and logging (Stackdriver)
  • Cost management and billing
  • Deployment Manager and Infrastructure as Code
  • Hands-on: Monitoring resource usage with Stackdriver

DC Tech Solutions Logo

At DC Tech Consulting, we take pride in our industry-leading expertise, innovative solutions, and unwavering commitment to client success. We empower businesses to thrive in the digital landscape. Experience the DC Tech advantage today

Get In Touch

7200 Oakley Rd, Glenn Dale, MD, 20769

info@dctechconsulting.com

+1 240 726 2002

Follow Us

© DC Tech Consulting. All Rights Reserved