We may earn an affiliate commission when you visit our partners.
DevSecCon

In this talk, you'll learn about common IaC risks and best practices for securing infrastructure at scale using policy-as-code in both in build-time and run-time.

Planning, provisioning, and changing infrastructure are vital to rapid cloud application development. Incorporating infrastructure-as-code into software development promotes transparency and helps prevent bad configurations upstream. It also presents another layer of risk. In this talk, you'll learn about common IaC risks and best practices for securing infrastructure at scale using policy-as-code in both in build-time and run-time.

Enroll now

What's inside

Syllabus

Infrastructure-as-Code Security: Why, What, and How

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Develops secure infrastructure practices at scale using policy-as-code, an industry standard
Teaches IaC security best practices for both build-time and run-time, ensuring infrastructure is secure throughout its lifecycle
Taught by DevSecCon, security experts recognized for their work in the field
Suitable for learners interested in building and securing cloud infrastructure
Covers common IaC risks and best practices, providing a strong foundation for secure infrastructure
May require familiarity with IaC and cloud infrastructure concepts

Save this course

Save Infrastructure-as-Code Security: Why, What, and How to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Infrastructure-as-Code Security: Why, What, and How with these activities:
Explore Infrastructure-as-Code Security Best Practices
Gain practical insights into proven methodologies for securing your infrastructure by implementing IaC security best practices.
Browse courses on Infrastructure Security
Show steps
  • Review vendor documentation on IaC security best practices.
  • Identify common IaC risks and vulnerabilities.
Develop an IaC Security Policy
Apply your knowledge to create a comprehensive IaC security policy to enhance the protection of your infrastructure.
Browse courses on Cloud Security
Show steps
  • Define security requirements and guidelines for IaC.
  • Establish automated policy checking mechanisms.
  • Integrate security tools and frameworks.
IaC Security Audit Project
Enhance your hands-on skills by conducting an in-depth security audit of your IaC configuration, identifying vulnerabilities and proposing mitigation strategies.
Browse courses on Cloud Security
Show steps
  • Identify the scope of the audit.
  • Use IaC scanning tools to identify security issues.
  • Analyze findings and prioritize remediation actions.
Show all three activities

Career center

Learners who complete Infrastructure-as-Code Security: Why, What, and How will develop knowledge and skills that may be useful to these careers:
Security Auditor
Security Auditors assess the security of organizations' computer systems. This course may be useful because it teaches how to secure infrastructure at scale using policy-as-code. This knowledge can help Security Auditors identify and mitigate vulnerabilities in their systems.
Cybersecurity Analyst
Cybersecurity Analysts identify and mitigate vulnerabilities in computer systems. This course may be useful because it teaches how to secure infrastructure at scale using policy-as-code. This knowledge can help Cybersecurity Analysts identify and mitigate vulnerabilities in their systems.
Security Consultant
Security Consultants help organizations to improve their security posture. This course may be useful because it teaches how to secure infrastructure at scale using policy-as-code. This knowledge can help Security Consultants identify and mitigate risks to their clients' organizations.
Security Engineer
Security Engineers design and implement security measures to protect organizations from cyberattacks. This course may be useful because it teaches how to secure infrastructure at scale using policy-as-code. This knowledge can help Security Engineers identify and mitigate vulnerabilities in their systems.
Penetration Tester
Penetration Testers identify and exploit vulnerabilities in computer systems. This course may be useful because it teaches how to secure infrastructure at scale using policy-as-code. This knowledge can help Penetration Testers identify and mitigate vulnerabilities in their systems.
Cloud Security Architect
Cloud Security Architects design and implement security measures to protect cloud computing systems. This course may be useful because it teaches how to secure infrastructure at scale using policy-as-code. This knowledge can help Cloud Security Architects protect their systems from vulnerabilities and attacks.
Software Architect
Software Architects design and develop software applications. This course may be useful because it teaches how to incorporate infrastructure-as-code into software development. This knowledge can help Software Architects create more secure and reliable applications.
Site Reliability Engineer
Site Reliability Engineers ensure that software applications are reliable and scalable. This course may be useful because it teaches how to incorporate infrastructure-as-code into software development. This knowledge can help Site Reliability Engineers automate the provisioning and management of infrastructure, which can save time and reduce errors.
Systems Administrator
Systems Administrators manage and maintain computer systems. This course may be useful because it teaches how to secure infrastructure at scale using policy-as-code. This knowledge can help Systems Administrators protect their systems from vulnerabilities and attacks.
Software Engineer
Software Engineers design, develop, and maintain software applications. This course may be useful because it teaches how to incorporate infrastructure-as-code into software development. This knowledge can help Software Engineers create more secure and reliable applications.
Risk Manager
Risk Managers identify and mitigate risks to organizations. This course may be useful because it teaches how to secure infrastructure at scale using policy-as-code. This knowledge can help Risk Managers identify and mitigate risks to their organizations.
DevOps Engineer
DevOps Engineers work to bridge the gap between development and operations teams. They help to ensure that software is deployed and managed efficiently and securely. This course may be useful because it teaches how to incorporate infrastructure-as-code into software development. This knowledge can help DevOps Engineers automate the provisioning and management of infrastructure, which can save time and reduce errors.
Network Engineer
Network Engineers design, install, and maintain computer networks. This course may be useful because it teaches how to secure infrastructure at scale using policy-as-code. This knowledge can help Network Engineers protect their networks from vulnerabilities and attacks.
Data Scientist
Data Scientists use data to solve business problems. This course may be useful because it teaches how to incorporate infrastructure-as-code into software development. This knowledge can help Data Scientists automate the provisioning and management of infrastructure, which can save time and reduce errors.
Cloud Architect
Cloud Architects design and manage cloud computing systems. They ensure that these systems are secure, scalable, and reliable. This course may be useful because it teaches how to secure infrastructure at scale using policy-as-code. This knowledge can help Cloud Architects protect their systems from vulnerabilities and attacks.

Reading list

We've selected ten books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Infrastructure-as-Code Security: Why, What, and How.
Provides a comprehensive overview of DevOps security practices, including IaC security best practices and tools.
Provides practical experience with Terraform, an IaC tool, and its security features.
Provides a solid foundation in security principles and practices, including IaC security considerations.
Provides insights into designing and building reliable and scalable data-intensive systems, including IaC considerations.
Offers insights into Google's Site Reliability Engineering (SRE) practices, including IaC security considerations.
Provides a structured approach to threat modeling, which can help identify and mitigate IaC security risks.

Share

Help others find this course page by sharing it with your friends and followers:

Similar courses

Here are nine courses similar to Infrastructure-as-Code Security: Why, What, and How.
AWS: Configuration Management and Infrastructure as Code
Most relevant
Deploying Basic Infrastructure with CLI in Microsoft Azure
Most relevant
Deployment in GCP
Most relevant
DevOps with GitHub and Azure: Implementing Infrastructure...
Most relevant
Getting Started with EKS (Elastic Kubernetes Service)
Most relevant
Securing Cloud DevOps in PaaS, IaaS, and SaaS Settings
Most relevant
Data Engineering on AWS - Foundations
Most relevant
Cloud Computing Foundations
Most relevant
DevOps on AWS: Release and Deploy
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser