Kim will lead the class through the tools, techniques and thought processes of both red and blue teams along with how to combine these attributes into the purple team focussing on security, productivity, and tasked with continuously delivering sustainable maintainable technical solutions to market.
Kim will explain the roles of ‘T’ shaped professionals, including placement of security champions to create your purple Development Teams.
We will work through how to implement the Sensible Security Model (SSM) within each and every Sprint, including:
Kim will discuss how and where Agile Development Teams often fail, along with how to succeed with security with a familiar anecdote. Then augmenting your Scrum process within each and every Sprint, with a collection of development focussed processes and practises, tools and techniques that have proven their value at drastically reducing defects before production deployment.
Kim will walk us through the SSM threat modelling process with theory and hands on exercises in areas such as Physical, People, VPS, Network, Cloud and Web Applications. Including sub topics such as Docker, Serverless, PowerShell and many others.
Training material will be augmented with Extracts from Kim’s interviews on Software Engineering Radio with security experts such as Diogo Mónica (Docker Security Team Lead) and Haroon Meer (creator of Canary tools and tokens).
Copies of the first two parts of Kim’s book series “Holistic Info-Sec for Web Developers” (weighing in at approximately 700 pages) which this training is based on, will be provided as: companion course material to accompany the training, ongoing self learning, and as a valuable reference resource long after the training has finished.
Coverage of topic chapters: