Course Overview

This class is geared toward helping those that work in the development, security, and operational aspects of a cloud computing environment to understand what tools are at their disposal to create an efficient DevSecOps environment using GitHub and Microsoft Cloud Adoption Framework (CAF). This course introduces best practices, tools, and features of GitHub and Microsoft Azure to support and streamline the development of new apps, secure the Continuous Integration / Continuous Deployment (CI/CD) pipeline, and take advantage of advanced security features to meet with regulatory compliance requirements.

This course has two parts:

  • First Half of week, consisting of in-depth learning of several technologies
  • Second Half of week, consisting of a practical application of what was discussed the first part of the week. A project will be piloted for hands-on implementation and immediate return on classroom learning investment

Key Learning Areas

  • GitHub Actions
  • GitHub Advanced Security
  • DevSecOps concepts and technologies
  • Microsoft Cloud Adoption Framework
  • Microsoft Well-Architected Framework
  • Azure Security Benchmarks
  • Microsoft Defender for Cloud
  • Infrastructure-as-Code using ARM templates, Bicep templates, and Terraform
  • Modern app deployment using containers and Kubernetes

Course Outline

Over this one-week course, we will cover the following agenda points:

First Half of week – Classroom Immersion Learning

Day 1

Introduction to DevOps

  • What DevOps is
  • Why DevOps is needed
  • Development paradigm shift

Introduction to Microsoft Cloud Adoption Framework (CAF)

  • What is the Cloud Adoption Framework?
  • What are the aspects of Cloud Adoption Framework?
  • Getting started with Cloud Adoption Framework

DevSecOps (Secure DevOps)

  • What is DevSecOps?
  • Security shifting left
  • Continuous security validation
  • Threat modeling

Azure Security Benchmarks and Microsoft Defender for Cloud

  • Azure Security Benchmarks, Security Control v3: DevOps Security
  • What is Microsoft Defender for Cloud?

Using GitHub to Make DevSecOps Happen

  • GitHub secure by default
  • GitHub security tool overview
  • GitHub Advanced Security overview

The Cloud Adoption Framework

  • Getting started with Cloud Adoption Framework
  • Review of each pillar of the Cloud Adoption Framework

DevOps Pillar 1 – Plan

  • Continuous Planning
  • Continuous Integration
  • Plan security integration
  • Plan GitHub integration

DevOps Pillar 2 – Build

  • Continuous Integration
  • Security integration
  • GitHub integration using Codespaces, CodeQL, token scanning, Dependabot

Day 2

DevOps Pillar 3 – Deliver

  • Continuous Delivery
  • Continuous Quality
  • Azure Kubernetes Service (AKS)
  • Security integration
  • Pipeline security
  • GitHub integration using GitHub Actions

Introduction to Infrastructure-as-Code (IaC)

  • Azure Resource Manager (ARM) templates
  • Bicep Templates
  • HashiCorp Terraform

DevOps Pillar 4 – Operate

  • Continuous Security
  • Continuous Operations
  • Continuous Collaboration
  • Continuous Improvement
  • Well-Architected Framework
  • Security integration
  • GitHub integration using identities and Azure Key Vault

Azure Well-Architected Framework

  • What is the Azure Well-Architected Framework?
  • Five Pillars of Azure Well-Architected Framework

Day 3 – Part 1

Containers and Azure Kubernetes Service (AKS)

  • Docker Containers
  • Azure Container Registry
  • Kubernetes
  • Azure Kubernetes Service

Second Half of week – Project Implementation

Day 3 – Part 2

Project Overview

  • Review of DevOps Pillar 1 and security
  • Discussion of using GitHub tools to implement DevSecOps at Pillar 1
  • Breakout room discussion of DevOps Pillar 1 and security
  • Hands-on – whiteboard, discussion, and implementation of:
  • DevOps Pillar 1
  • DevSecOps principles
  • GitHub implementation

Day 4 – Part 1

  • Review of DevOps Pillar 2 and security
  • Discussion of using GitHub tools to implement DevSecOps at Pillar 2
  • Breakout room discussion of DevOps Pillar 2 and security
  • Hands-on – whiteboard, discussion, and implementation of:
  • DevOps Pillar 2
  • DevSecOps principles
  • GitHub implementation

Day 4 – Part 2

  • Review of DevOps Pillar 3 and security
  • Discussion of using GitHub tools to implement DevSecOps at Pillar 3
  • Breakout room discussion of DevOps Pillar 3 and security
  • Hands-on – whiteboard, discussion, and implementation of:
  • DevOps Pillar 3
  • DevSecOps principles
  • GitHub implementation
  • Review of accomplishments of Project thus far

Day 5 – Part 1

  • Review of DevOps Pillar 4 and security
  • Discussion of using GitHub tools to implement DevSecOps at Pillar 4
  • Breakout room discussion of DevOps Pillar 4 and security
  • Hands-on – whiteboard, discussion, and implementation of:
  • DevOps Pillar 4
  • DevSecOps principles
  • GitHub implementation

Day 5 – Part 2

  • Complete any remaining tasks for the product created
  • Review ongoing maintenance cycles of product
  • Answer questions
  • Review of accomplishments of the past week

Who Benefits

Developers, Security engineers, Operations specialists, and any combination of these skills.

Prerequisites

  • Understanding of Git command line and Git syntax
  • Understanding of what GitHub is
  • Understanding of CI/CD pipeline and DevOps
  • Knowledge of Azure networking
  • Knowledge of Azure compute service offerings for app deployment