DevSecOps Engineering: Automating Security Curriculum

Public curriculum preview for visitors and enrolled students. Use this page to evaluate module scope, outcomes, and learning path.

Download PDFBack to Course
Curriculum

DevSecOps Engineering: Automating Security

Shift security left by integrating it into development pipelines. Master automated security testing, SAST/DAST, container scanning, and compliance.

Duration: 24 Weeks
Level: Advanced
Study Time: 5 hours/week + labs
School: Cybersecurity
⏱️24 Weeks📊Advanced🔐Security Engineering

Welcome to DevSecOps Engineering: Automating Security! 🎓

This curriculum for DevSecOps Engineering: Automating Security follows a Bloom-aligned progression from practical foundations to measurable professional outcomes, with weekly evidence, labs, and portfolio outputs matched to advanced expectations.

Each week advances from comprehension and application toward evaluation and creation, ensuring progressive learning and capstone readiness.

Your success is our priority. By the end of the course, you will be able to design and operate a secure delivery pipeline that balances speed, developer usability, and measurable security controls. You will graduate with a professionally curated portfolio that demonstrates scope, depth, and delivery quality. You will graduate with a professionally curated portfolio that demonstrates scope, depth, and delivery quality. You will graduate with a professionally curated portfolio that demonstrates scope, depth, and delivery quality. You will graduate with a professionally curated portfolio that demonstrates scope, depth, and delivery quality.

Prerequisites

  • Hands-on experience with network protocols, operating system internals, and security control implementation
  • Practical knowledge of reading security logs, alert analysis, and threat detection workflows
  • Comfort with risk documentation, control decisions, and evidence-based compliance mapping
  • Familiarity with at least one SIEM platform, policy tool, or security scanner

Essential Resources

  • NIST Cybersecurity Framework, CIS Controls, and OWASP threat modeling guides
  • Incident simulation datasets, detection rule templates, and control efficacy checklists
  • Security architecture patterns repository and threat modeling workshop materials

Complementary Courses

Incident Response

Master triage, containment, and post-incident forensics workflows

Cloud Security

Extend identity, token, and workload protection into cloud environments

Governance & Compliance

Connect security controls to regulatory mappings and audit documentation

Learning Roadmap

  • Early Weeks: Core controls, identity hardening, and baseline security posture
  • Middle Weeks: Detection engineering, incident handling, and service resilience
  • Late Weeks: Compliance evidence, executive reporting, and capstone defense

Detailed Weekly Curriculum

Each week includes outcomes and practical lab work aligned to the curriculum structure.

Week 1

DevSecOps Foundations

5 hours + labs
Learning Outcomes
  • Analyze the principles of DevSecOps Foundations and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Evaluate DevSecOps Foundations in a guided scenario using realistic tools, constraints, and quality gates.
  • Design trade-offs, risks, and decision points for DevSecOps Foundations, then record rationale for stakeholder review.
  • Justify a portfolio-ready control validation dossier for DevSecOps Foundations with measurable success criteria and next actions.
Lab Exercise
  • Design and execute a concrete DevSecOps Foundations build in DevSecOps Engineering: Automating Security with a clear acceptance checklist.
  • Validate DevSecOps Foundations with objective tests and quality controls before review.
  • Deliver DevSecOps Foundations artifacts with reproducible steps and operational notes.
Week 2

SDLC Security

5 hours + labs
Learning Outcomes
  • Analyze the principles of SDLC Security and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Evaluate SDLC Security in a guided scenario using realistic tools, constraints, and quality gates.
  • Design trade-offs, risks, and decision points for SDLC Security, then record rationale for stakeholder review.
  • Justify a portfolio-ready control validation dossier for SDLC Security with measurable success criteria and next actions.
Lab Exercise
  • Implement baseline controls for SDLC Security and verify enforcement on target systems.
  • Run assessment/scanning for SDLC Security and prioritize findings by exploitability and impact.
  • Close critical findings for SDLC Security and publish re-test evidence.
Week 3

Code Analysis - SAST

5 hours + labs
Learning Outcomes
  • Analyze the principles of Code Analysis - SAST and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Evaluate Code Analysis - SAST in a guided scenario using realistic tools, constraints, and quality gates.
  • Design trade-offs, risks, and decision points for Code Analysis - SAST, then record rationale for stakeholder review.
  • Justify a portfolio-ready control validation dossier for Code Analysis - SAST with measurable success criteria and next actions.
Lab Exercise
  • Design and execute a concrete Code Analysis - SAST build in DevSecOps Engineering: Automating Security with a clear acceptance checklist.
  • Validate Code Analysis - SAST with objective tests and quality controls before review.
  • Deliver Code Analysis - SAST artifacts with reproducible steps and operational notes.
Week 4

Dependency Scanning

5 hours + labs
Learning Outcomes
  • Analyze the principles of Dependency Scanning and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Evaluate Dependency Scanning in a guided scenario using realistic tools, constraints, and quality gates.
  • Design trade-offs, risks, and decision points for Dependency Scanning, then record rationale for stakeholder review.
  • Justify a portfolio-ready control validation dossier for Dependency Scanning with measurable success criteria and next actions.
Lab Exercise
  • Design and execute a concrete Dependency Scanning build in DevSecOps Engineering: Automating Security with a clear acceptance checklist.
  • Validate Dependency Scanning with objective tests and quality controls before review.
  • Deliver Dependency Scanning artifacts with reproducible steps and operational notes.
Week 5

Container Security I

5 hours + labs
Learning Outcomes
  • Analyze the principles of Container Security I and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Evaluate Container Security I in a guided scenario using realistic tools, constraints, and quality gates.
  • Design trade-offs, risks, and decision points for Container Security I, then record rationale for stakeholder review.
  • Justify a portfolio-ready control validation dossier for Container Security I with measurable success criteria and next actions.
Lab Exercise
  • Implement baseline controls for Container Security I and verify enforcement on target systems.
  • Run assessment/scanning for Container Security I and prioritize findings by exploitability and impact.
  • Close critical findings for Container Security I and publish re-test evidence.
Week 6

Container Security II

5 hours + labs
Learning Outcomes
  • Analyze the principles of Container Security II and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Evaluate Container Security II in a guided scenario using realistic tools, constraints, and quality gates.
  • Design trade-offs, risks, and decision points for Container Security II, then record rationale for stakeholder review.
  • Justify a portfolio-ready control validation dossier for Container Security II with measurable success criteria and next actions.
Lab Exercise
  • Implement baseline controls for Container Security II and verify enforcement on target systems.
  • Run assessment/scanning for Container Security II and prioritize findings by exploitability and impact.
  • Close critical findings for Container Security II and publish re-test evidence.
Week 7

Dynamic Testing - DAST

5 hours + labs
Learning Outcomes
  • Analyze the principles of Dynamic Testing - DAST and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Evaluate Dynamic Testing - DAST in a guided scenario using realistic tools, constraints, and quality gates.
  • Design trade-offs, risks, and decision points for Dynamic Testing - DAST, then record rationale for stakeholder review.
  • Justify a portfolio-ready control validation dossier for Dynamic Testing - DAST with measurable success criteria and next actions.
Lab Exercise
  • Design and execute a concrete Dynamic Testing - DAST build in DevSecOps Engineering: Automating Security with a clear acceptance checklist.
  • Validate Dynamic Testing - DAST with objective tests and quality controls before review.
  • Deliver Dynamic Testing - DAST artifacts with reproducible steps and operational notes.
Week 8

CI/CD Pipeline Security

5 hours + labs
Learning Outcomes
  • Analyze the principles of CI/CD Pipeline Security and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Evaluate CI/CD Pipeline Security in a guided scenario using realistic tools, constraints, and quality gates.
  • Design trade-offs, risks, and decision points for CI/CD Pipeline Security, then record rationale for stakeholder review.
  • Justify a portfolio-ready control validation dossier for CI/CD Pipeline Security with measurable success criteria and next actions.
Lab Exercise
  • Implement baseline controls for CI/CD Pipeline Security and verify enforcement on target systems.
  • Run assessment/scanning for CI/CD Pipeline Security and prioritize findings by exploitability and impact.
  • Close critical findings for CI/CD Pipeline Security and publish re-test evidence.
Week 9

Infrastructure as Code (IaC)

5 hours + labs
Learning Outcomes
  • Evaluate the principles of Infrastructure as Code (IaC) and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Design Infrastructure as Code (IaC) in a guided scenario using realistic tools, constraints, and quality gates.
  • Optimize trade-offs, risks, and decision points for Infrastructure as Code (IaC), then record rationale for stakeholder review.
  • Justify a portfolio-ready control validation dossier for Infrastructure as Code (IaC) with measurable success criteria and next actions.
Lab Exercise
  • Design and execute a concrete Infrastructure as Code (IaC) build in DevSecOps Engineering: Automating Security with a clear acceptance checklist.
  • Validate Infrastructure as Code (IaC) with objective tests and quality controls before review.
  • Deliver Infrastructure as Code (IaC) artifacts with reproducible steps and operational notes.
Week 10

Policy as Code

5 hours + labs
Learning Outcomes
  • Evaluate the principles of Policy as Code and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Design Policy as Code in a guided scenario using realistic tools, constraints, and quality gates.
  • Optimize trade-offs, risks, and decision points for Policy as Code, then record rationale for stakeholder review.
  • Justify a portfolio-ready control validation dossier for Policy as Code with measurable success criteria and next actions.
Lab Exercise
  • Design and execute a concrete Policy as Code build in DevSecOps Engineering: Automating Security with a clear acceptance checklist.
  • Validate Policy as Code with objective tests and quality controls before review.
  • Deliver Policy as Code artifacts with reproducible steps and operational notes.
Week 11

Secrets Management

5 hours + labs
Learning Outcomes
  • Evaluate the principles of Secrets Management and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Design Secrets Management in a guided scenario using realistic tools, constraints, and quality gates.
  • Optimize trade-offs, risks, and decision points for Secrets Management, then record rationale for stakeholder review.
  • Justify a portfolio-ready control validation dossier for Secrets Management with measurable success criteria and next actions.
Lab Exercise
  • Design and execute a concrete Secrets Management build in DevSecOps Engineering: Automating Security with a clear acceptance checklist.
  • Validate Secrets Management with objective tests and quality controls before review.
  • Deliver Secrets Management artifacts with reproducible steps and operational notes.
Week 12

Cloud Security

5 hours + labs
Learning Outcomes
  • Evaluate the principles of Cloud Security and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Design Cloud Security in a guided scenario using realistic tools, constraints, and quality gates.
  • Optimize trade-offs, risks, and decision points for Cloud Security, then record rationale for stakeholder review.
  • Justify a portfolio-ready control validation dossier for Cloud Security with measurable success criteria and next actions.
Lab Exercise
  • Implement baseline controls for Cloud Security and verify enforcement on target systems.
  • Run assessment/scanning for Cloud Security and prioritize findings by exploitability and impact.
  • Close critical findings for Cloud Security and publish re-test evidence.
Week 13

Kubernetes Security

5 hours + labs
Learning Outcomes
  • Evaluate the principles of Kubernetes Security and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Design Kubernetes Security in a guided scenario using realistic tools, constraints, and quality gates.
  • Optimize trade-offs, risks, and decision points for Kubernetes Security, then record rationale for stakeholder review.
  • Justify a portfolio-ready control validation dossier for Kubernetes Security with measurable success criteria and next actions.
Lab Exercise
  • Implement baseline controls for Kubernetes Security and verify enforcement on target systems.
  • Run assessment/scanning for Kubernetes Security and prioritize findings by exploitability and impact.
  • Close critical findings for Kubernetes Security and publish re-test evidence.
Week 14

Monitoring & Compliance

5 hours + labs
Learning Outcomes
  • Evaluate the principles of Monitoring & Compliance and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Design Monitoring & Compliance in a guided scenario using realistic tools, constraints, and quality gates.
  • Optimize trade-offs, risks, and decision points for Monitoring & Compliance, then record rationale for stakeholder review.
  • Justify a portfolio-ready control validation dossier for Monitoring & Compliance with measurable success criteria and next actions.
Lab Exercise
  • Implement baseline controls for Monitoring & Compliance and verify enforcement on target systems.
  • Run assessment/scanning for Monitoring & Compliance and prioritize findings by exploitability and impact.
  • Close critical findings for Monitoring & Compliance and publish re-test evidence.
Week 15

SIEM Integration

5 hours + labs
Learning Outcomes
  • Evaluate the principles of SIEM Integration and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Design SIEM Integration in a guided scenario using realistic tools, constraints, and quality gates.
  • Optimize trade-offs, risks, and decision points for SIEM Integration, then record rationale for stakeholder review.
  • Justify a portfolio-ready control validation dossier for SIEM Integration with measurable success criteria and next actions.
Lab Exercise
  • Design and execute a concrete SIEM Integration build in DevSecOps Engineering: Automating Security with a clear acceptance checklist.
  • Validate SIEM Integration with objective tests and quality controls before review.
  • Deliver SIEM Integration artifacts with reproducible steps and operational notes.
Week 16

Incident Response

5 hours + labs
Learning Outcomes
  • Evaluate the principles of Incident Response and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Design Incident Response in a guided scenario using realistic tools, constraints, and quality gates.
  • Optimize trade-offs, risks, and decision points for Incident Response, then record rationale for stakeholder review.
  • Justify a portfolio-ready control validation dossier for Incident Response with measurable success criteria and next actions.
Lab Exercise
  • Design and execute a concrete Incident Response build in DevSecOps Engineering: Automating Security with a clear acceptance checklist.
  • Validate Incident Response with objective tests and quality controls before review.
  • Deliver Incident Response artifacts with reproducible steps and operational notes.
Week 17

Advanced CI/CD

5 hours + labs
Learning Outcomes
  • Design the principles of Advanced CI/CD and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Optimize Advanced CI/CD in a guided scenario using realistic tools, constraints, and quality gates.
  • Architect trade-offs, risks, and decision points for Advanced CI/CD, then record rationale for stakeholder review.
  • Defend a portfolio-ready control validation dossier for Advanced CI/CD with measurable success criteria and next actions.
Lab Exercise
  • Implement a production-style Advanced CI/CD setup using versioned config/code and environment controls.
  • Run validation gates for Advanced CI/CD covering reliability, security, and rollback readiness.
  • Publish Advanced CI/CD execution evidence with logs, metrics, and troubleshooting notes.
Week 18

Supply Chain Security

5 hours + labs
Learning Outcomes
  • Design the principles of Supply Chain Security and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Optimize Supply Chain Security in a guided scenario using realistic tools, constraints, and quality gates.
  • Architect trade-offs, risks, and decision points for Supply Chain Security, then record rationale for stakeholder review.
  • Defend a portfolio-ready control validation dossier for Supply Chain Security with measurable success criteria and next actions.
Lab Exercise
  • Implement baseline controls for Supply Chain Security and verify enforcement on target systems.
  • Run assessment/scanning for Supply Chain Security and prioritize findings by exploitability and impact.
  • Close critical findings for Supply Chain Security and publish re-test evidence.
Week 19

API Security

5 hours + labs
Learning Outcomes
  • Design the principles of API Security and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Optimize API Security in a guided scenario using realistic tools, constraints, and quality gates.
  • Architect trade-offs, risks, and decision points for API Security, then record rationale for stakeholder review.
  • Defend a portfolio-ready control validation dossier for API Security with measurable success criteria and next actions.
Lab Exercise
  • Implement baseline controls for API Security and verify enforcement on target systems.
  • Run assessment/scanning for API Security and prioritize findings by exploitability and impact.
  • Close critical findings for API Security and publish re-test evidence.
Week 20

Automation Best Practices

5 hours + labs
Learning Outcomes
  • Design the principles of Automation Best Practices and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Optimize Automation Best Practices in a guided scenario using realistic tools, constraints, and quality gates.
  • Architect trade-offs, risks, and decision points for Automation Best Practices, then record rationale for stakeholder review.
  • Defend a portfolio-ready control validation dossier for Automation Best Practices with measurable success criteria and next actions.
Lab Exercise
  • Design and execute a concrete Automation Best Practices build in DevSecOps Engineering: Automating Security with a clear acceptance checklist.
  • Validate Automation Best Practices with objective tests and quality controls before review.
  • Deliver Automation Best Practices artifacts with reproducible steps and operational notes.
Week 21

Team & Culture

5 hours + labs
Learning Outcomes
  • Design the principles of Team & Culture and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Optimize Team & Culture in a guided scenario using realistic tools, constraints, and quality gates.
  • Architect trade-offs, risks, and decision points for Team & Culture, then record rationale for stakeholder review.
  • Defend a portfolio-ready control validation dossier for Team & Culture with measurable success criteria and next actions.
Lab Exercise
  • Design and execute a concrete Team & Culture build in DevSecOps Engineering: Automating Security with a clear acceptance checklist.
  • Validate Team & Culture with objective tests and quality controls before review.
  • Deliver Team & Culture artifacts with reproducible steps and operational notes.
Week 22

Tools & Integrations

5 hours + labs
Learning Outcomes
  • Design the principles of Tools & Integrations and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Optimize Tools & Integrations in a guided scenario using realistic tools, constraints, and quality gates.
  • Architect trade-offs, risks, and decision points for Tools & Integrations, then record rationale for stakeholder review.
  • Defend a portfolio-ready control validation dossier for Tools & Integrations with measurable success criteria and next actions.
Lab Exercise
  • Design and execute a concrete Tools & Integrations build in DevSecOps Engineering: Automating Security with a clear acceptance checklist.
  • Validate Tools & Integrations with objective tests and quality controls before review.
  • Deliver Tools & Integrations artifacts with reproducible steps and operational notes.
Week 23

Industry Case Studies

5 hours + labs
Learning Outcomes
  • Design the principles of Industry Case Studies and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Optimize Industry Case Studies in a guided scenario using realistic tools, constraints, and quality gates.
  • Architect trade-offs, risks, and decision points for Industry Case Studies, then record rationale for stakeholder review.
  • Defend a portfolio-ready control validation dossier for Industry Case Studies with measurable success criteria and next actions.
Lab Exercise
  • Design and execute a concrete Industry Case Studies build in DevSecOps Engineering: Automating Security with a clear acceptance checklist.
  • Validate Industry Case Studies with objective tests and quality controls before review.
  • Deliver Industry Case Studies artifacts with reproducible steps and operational notes.
Week 24

Capstone: Secure Pipeline

5 hours + capstone
Learning Outcomes
  • Design the principles of Capstone: Secure Pipeline and link them to course outcomes at advanced depth with architecture-level decision quality.
  • Optimize Capstone: Secure Pipeline in a guided scenario using realistic tools, constraints, and quality gates.
  • Architect trade-offs, risks, and decision points for Capstone: Secure Pipeline, then record rationale for stakeholder review.
  • Defend a portfolio-ready control validation dossier for Capstone: Secure Pipeline with measurable success criteria and next actions.
Lab Exercise
  • Design and execute a concrete Capstone: Secure Pipeline build in DevSecOps Engineering: Automating Security with a clear acceptance checklist.
  • Validate Capstone: Secure Pipeline with objective tests and quality controls before review.
  • Deliver Capstone: Secure Pipeline artifacts with reproducible steps and operational notes.

Capstone Projects

Project 1: DevSecOps Engineering: Automating Security Foundation Build

Deliver a concrete foundation implementation covering the first phase of the curriculum.

  • Implement and validate DevSecOps Foundations.
  • Integrate SDLC Security with reusable workflow standards.
  • Publish evidence for Code Analysis - SAST with test and quality artifacts.

Project 2: DevSecOps Engineering: Automating Security Integrated Systems Build

Combine mid-program competencies into a production-style integrated workflow.

  • Build an end-to-end flow around Infrastructure as Code (IaC) and Policy as Code.
  • Add controls, observability, and rollback paths for reliability.
  • Document architecture decisions and trade-offs tied to Secrets Management.

Project 3: DevSecOps Engineering: Automating Security Capstone Delivery

Ship a portfolio-ready capstone with measurable outcomes and stakeholder-ready presentation.

  • Deliver a complete implementation centered on Team & Culture.
  • Validate readiness for Tools & Integrations using objective acceptance checks.
  • Present final defense and roadmap based on Industry Case Studies outcomes.