Well DevOps and DevSecOps are two hotshot skills in the market for sure. And it is but obvious that if you are involved with security by any means then knowing the in and out of DevSecOps flow would keep you at par. Well, I am an AppSec guy with AWS knowledge. And I will talk about Certified DevSeOps Professional (CDP) course review in this post.

During this lockdown, I was just thinking what I need to learn to hone my skills and which is related to my domain i.e CyberSecurity.

How I decided to go for Practical DevSecOps CDP (Certified DevSecOps Professional) certification

I was well aware that everyone is moving towards “Everything as a Code”, be it infrastructure, compliance, SAST/DAST etc. And Knowing how you would integrate security in DevOps is one of the skills that you want to learn. I went through few hours of online courses in LinkedIn Learn and Udemy. But, I was not confident enough to say that I know DevSecOps and can visualise the whole flow.

One fine day I started checking the course contents of Practical DevSecOps for CDP certification. It just deals with real world scenario step by step. That caught my attention. Moreover, I have seen Imran’s progress towards DevSecOps through his twitter and it gave me extra confidence that I should learn DevSecOps in this lockdown. This is what it’s officially says in the portal:

In this course, you will learn:

• DevSecOps processes, tools, and techniques.
• Major components in a DevOps Pipeline.
• How to create and maintain DevSecOps pipelines using CSA, SAST, DAST, and Security as Code.
• How to mature an organization’s DevSecOps Program.

This DevSecOps Certification Course is practical in nature with 30+ guided hands-on exercises in our state of the art online labs.

What I learned from Certified DevSecOps Professional (CDP) course

I enrolled for the course and joined it’s slack channel. I rolled the sleeves and started going through its videos and Lab manual first. It was actually very insightful and when I started to hands-on, it gave me real satisfaction that now I understand

1. How Gitlab CICD works, how to write your own CICD using .gitlab-ci.yml
2. How SCA, SAST and DAST works in pipeline
3. How to use docker commands with passwordless ssh to scan the code
4. Learned the implementation of scanning various languages based source code, scanning for secrets
5. Got hands-on in Ansible for Infra as a code concept and
6. Inspec to work on compliance as a code
7. Even did linux hardening based on the output
8. DefectDojo is for vulnerability management

How I prepared myself ready for Certified DevSecOps Professional (CDP) Exam

It took me around 30 days to complete the course, learning around 1–2 hours on regular basis for 4 weeks and repeating the labs 2–3 times helped me to pass the CDP Certification exam. Here is my badge at youracclaim, which I achieved on 27th April, 2020.

Understanding few docker commands with -v, — rm, -it etc took time. Went back to docker basics to make myself comfortable with these commands.

Ansible, Inspec were really new for me. So I followed the tutorials and references mentioned in video course.

Their Slack channel helped instantly to understand if there is anything which you didn’t understand in hands-on lab or video.

Please note that I was aware and comfortable with Linux, ssh, docker and knew the basics of DevSecOps which made it easier to follow through the courses. But if you novice in all these then I would recommend to learn at least:

1. Necessary docker commands
2. gitlad cicd documentation, anyways they explained it well in the course.
3. understand how ssh works and possible passwordless ssh
4. Follow it’s manual and instructions as it is mentioned, it would make you to learn comfortably and faster.

My 2 cents for CDP Certification

I would highly recommend if you are planning to learn DevSecOps with lots of real world scenarios, you should enroll for CDP. They have even CDE and CDA for more advanced users in DevSecOps world.

Few pointers in this domain which will help you to excel not only in this certification but in your job interview and work as well, because it actually helped me.

1. github link for awesome devsecops
2. Securing DevOps book by Manning
3. Ansible for DevOps Book
4. gitlab cicd pipeline documentation
5. Youtube Video to understand DevSecOps (Hari explained well in very simple but in realistic way).
6. Security Automation with Ansible 2 (ch5 and ch9 specially)

Always remember security is everyone’s responsibility and you should do your part as well. World is going towards everything as a code by keeping automation as much as possible in mind. So, keep updating yourself with latest technologies and skills through appropriate channels.

All the best for those who are preparing for CDP exam and please share your feedback about this exam as well. Please share what you think about DevSecOps and about this certification through comments.

Note: This was first published in Medium