The DevSecOps – Fundamentals course introduces the essential principles of DevSecOps and helps you understand how to integrate security throughout the software lifecycle. In a context where build chains, dependencies, containers, infrastructures and automated deployments increase the exposure surface, DevSecOps aims to bring development, operations and security closer together around shared, continuous and industrialized practices.
A hands-on course to introduce security into your delivery workflows
Throughout this course, you will learn how to understand the principles of shift-left security, identify the main risks in a CI/CD chain, integrate security controls into development and deployment workflows, and better articulate security, automation and delivery. This course is an excellent gateway before more advanced approaches around GitLab, Kubernetes or industrialized DevSecOps chains.
Module 1: Introduction to DevSecOps
Module 2: Security principles in the software lifecycle
Module 3: Risks in a modern CI/CD chain
Module 4: Essential security controls
Module 5: DevSecOps and cloud native environments
Module 6: Best practices and progressive implementation
DevSecOps integrates security at every stage of the software life cycle, from design to production deployment, rather than pushing it to a final review. This approach significantly reduces the cost of vulnerabilities (early detection) and improves the overall security posture without slowing down delivery. In a context where regulatory requirements (GDPR, Swiss nFADP, NIS2) are tightening, DevSecOps has become a standard for mature IT teams.
This training targets profiles already familiar with DevOps (Git, CI/CD, containers) who want to add a security dimension to their practice. It pairs very well with GitLab CI/CD Advanced (GLB-02), Docker Administration (DOCK-02), Kubernetes (KUB-01, KUB-02) and Prometheus (PRM-01). For security-oriented Kubernetes profiles, it logically precedes the preparation for the CKS certification (KUB-14).
Installing a SAST or DAST scan is easy; building a consistent security practice within a team is not. The training helps you understand where each control belongs in the pipeline, how to prioritize vulnerabilities, how to manage secrets, and how to have Dev, Ops and Security collaborate without friction. You leave with a structured approach, not a collection of tools.
Start with the highest impact: automated dependency scanning and solid secret management. Do not try to enable everything at once: each control generates noise that needs to be triaged. Involve security from the pipeline design stage to avoid team pushback. Measure results (fixed vulnerabilities, time to remediation) to demonstrate value.
Do I need to be a cybersecurity expert to attend?
No. The training is designed for DevOps profiles who want to add security to their practice. General security awareness is useful but not mandatory.
Which tools are covered in practice?
The training covers tools representative of each category (SAST, DAST, SCA, container scanning, secret management, policy as code). The goal is to understand the categories rather than become an expert in a specific product.
Does DevSecOps replace a security audit or pentest?
No, it complements them. DevSecOps detects early and reduces common vulnerabilities; audits and pentests still play their role on complex attack scenarios and certifications.
Can the training be applied beyond Kubernetes?
Yes. The principles (shift left, automation, policy as code, secret management) apply to any DevOps chain, even outside Kubernetes. Kubernetes labs remain examples among others.
Monday to Friday
8:30 AM to 6:00 PM
Tel. 058 307 73 00
ITTA
Route des jeunes 35
1227 Carouge, Suisse
Monday to Friday, from 8:30 am to 06:00 pm.
