Computing, IT Systems, and Emerging Technologies Papua New Guinea

DevSecOps and Secure Software Delivery Training Course

Software teams now release faster than most security reviews can keep up, which is why weak DevSecOps and Secure Software Delivery practices show up first as exposed secrets, unsafe dependencies, and broken release gates. DevSecOps and Secure Software Delivery is the practice of embedding security controls, testing, and governance into the CI/CD pipeline so you can detect risk earlier, automate protections, and deliver software with fewer defects and less exposure. It enables professionals to secure source control, design pipeline controls, and validate builds and deployments using tools and methods such as GitHub Actions, Jenkins, SAST, SCA, DAST, and container scanning. This course is designed for DevOps engineers, application security engineers, software developers, cloud engineers, and release managers who need to build secure delivery workflows without slowing delivery teams down. As organizations adopt cloud-native platforms, Infrastructure as Code, and AI-assisted code generation, the gap between development speed and security oversight grows unless you have a practical operating model. In this 5-day course, you will work through pipeline diagrams, threat models, security gates, and secure release checklists so you can produce a defendable CI/CD control design, a vulnerability remediation plan, and a secure delivery roadmap that your team can actually use.

Duration
5 Days
Duration
Certificate
Certificate
Included
Delivery
Instructor-Led
Delivery
Level
Intermediate
Level
Download Brochure

Choose Your Preferred Training Format

Training Options

Reserve Your Spot Today — Pay When You're Ready!

Classroom Training

In-person sessions at premier locations

Nairobi Kenya
Mon - Fri
5 Days
USD 1,600
View Sessions
Kigali Rwanda
Mon - Fri
5 Days
USD 1,900
View Sessions
Dubai United Arab Emirates (UAE)
Mon - Fri
5 Days
USD 4,100
View Sessions
Zanzibar Tanzania
Mon - Fri
5 Days
USD 2,400
View Sessions
Customized Content
Team Training
Flexible Dates

In-person training at our premier venues — pick a city and date that works for you.

Location Duration Fee Language
Nairobi, Kenya Mon - Fri (5 Days) USD 1,600 English See dates & reserve →
Kigali, Rwanda Mon - Fri (5 Days) USD 1,900 English See dates & reserve →
Dubai, United Arab Emirates (UAE) Mon - Fri (5 Days) USD 4,100 English See dates & reserve →
Zanzibar, Tanzania Mon - Fri (5 Days) USD 2,400 English See dates & reserve →
Abuja, Nigeria Mon - Fri (5 Days) USD 2,800 English See dates & reserve →
Addis Ababa, Ethiopia Mon - Fri (5 Days) USD 2,400 English See dates & reserve →
Mombasa, Kenya Mon - Fri (5 Days) USD 1,700 English See dates & reserve →
Cape Town, South Africa Mon - Fri (5 Days) USD 3,900 English See dates & reserve →
Johannesburg, South Africa Mon - Fri (5 Days) USD 3,500 English See dates & reserve →
Kampala, Uganda Mon - Fri (5 Days) USD 1,900 English See dates & reserve →
Pretoria, South Africa Mon - Fri (5 Days) USD 3,300 English See dates & reserve →
Lagos, Nigeria Mon - Fri (5 Days) USD 2,500 English See dates & reserve →
Arusha, Tanzania Mon - Fri (5 Days) USD 2,000 English See dates & reserve →
Dar es Salaam, Tanzania Mon - Fri (5 Days) USD 1,900 English See dates & reserve →
Accra, Ghana Mon - Fri (5 Days) USD 3,800 English See dates & reserve →
Bangalore, India Mon - Fri (5 Days) USD 4,200 English See dates & reserve →
Muscat, Oman Mon - Fri (5 Days) USD 4,300 English See dates & reserve →
Naivasha, Kenya Mon - Fri (5 Days) USD 1,700 English See dates & reserve →

Live, instructor-led sessions you can join from anywhere — pick the next start date below.

Code Start Date End Date Duration Fee
No Data

Our instructor comes to your office — same curriculum and accredited certificate, with case studies built around the work your team actually does.

Team Training

Train your entire team together in a familiar environment for better collaboration

Fully Customized

Content tailored to your industry, tools, and specific business challenges

Cost Effective

Save on travel & accommodation costs when training multiple employees

Flexible Scheduling

Choose dates that work best for your team's availability and projects

How It Works
1
Request a Quote

Tell us about your team size, preferred dates, and training goals

2
Get a Custom Proposal

Receive a tailored training plan and competitive pricing within 24 hours

3
We Come to You

Our certified trainer arrives ready to deliver impactful, hands-on training

Ready to upskill your team on DevSecOps and Secure Software Delivery Training?

No commitment required · Response within 24 hours

What You'll Master in This Training

Built by industry pros — practical insights, real-world examples, and strategies you can apply immediately.

Module 1: DevSecOps Foundations

  • DevSecOps principles across software development lifecycles
  • CI/CD security failure modes and release risk patterns
  • OWASP SAMM maturity model for delivery governance
  • NIST SSDF practices for secure development
  • Exercise: map a secure delivery baseline
  • OWASP Threat Dragon threat modeling workflows
  • STRIDE analysis for pipeline and application assets
  • Attack surface review of repositories and build agents
  • Risk prioritization using likelihood and impact scoring
  • Exercise: create a threat model and risk register
  • Git branch protection and merge approval rules
  • GitHub and GitLab secret detection controls
  • Commit signing, repository hygiene, and least privilege
  • Secure dependency pinning and protected tags
  • Exercise: design a secure repository control plan
  • Jenkins and GitHub Actions pipeline stages
  • Build integrity checks and artifact provenance
  • SAST integration with SonarQube
  • SCA integration with OWASP Dependency-Check
  • Exercise: build a secure CI pipeline blueprint
  • Container image scanning with Trivy
  • Dockerfile hardening and minimal base images
  • Terraform security scanning and module review
  • Policy-as-code concepts for deployment safeguards
  • Exercise: produce a container and IaC remediation plan
  • DAST workflows with OWASP ZAP
  • Test environment data controls and safe test accounts
  • Security gate thresholds for pull requests and builds
  • False-positive triage for scan findings
  • Exercise: draft a gated test and approval checklist
  • Release approval criteria and change records
  • Rollback plans and deployment verification steps
  • ISO/IEC 27001:2022 change control alignment
  • Security metrics dashboards for engineering leaders
  • Exercise: build a secure delivery report and roadmap

Drop Us a Query

Fill out the form below and we'll get back to you.

About the Course

Organizations want software delivery they can prove is controlled, traceable, and secure, not just fast. In DevSecOps and Secure Software Delivery, that proof usually depends on capabilities such as threat modeling, repository protection, dependency inspection, build verification, deployment gating, and incident-ready release rollback. Frameworks and practices such as the OWASP SAMM, the OWASP Top 10, NIST SSDF, and ISO/IEC 27001:2022 provide the structure, but teams still need a working pipeline design that maps those ideas to real commits, builds, artifacts, and deployments.

This course turns scattered DevOps and application security knowledge into a secure delivery system you can apply across Git workflows, CI/CD pipelines, containers, and Infrastructure as Code. You will practice designing branch protection rules, secret detection workflows, SAST and SCA checkpoints, DAST validation, and container image scanning, while being introduced to Kubernetes admission controls and policy-as-code concepts at a practical overview level. What you will learn: how to assess a delivery pipeline, design security gates, and produce a secure software delivery plan that aligns with modern engineering workflows. You will work hands-on with pipeline controls, risk registers, and release checklists so you can reduce vulnerabilities without creating unnecessary friction for developers.

Real-world DevSecOps work is constrained by release deadlines, legacy tooling, hybrid cloud estates, and uneven security maturity across teams. This course is built for professionals who must deliver secure software under those conditions, with realistic exercises that fit common CI/CD environments rather than idealized lab-only setups. It also reflects current pressure from AI-generated code, secret sprawl, and the need for digital-first reporting to engineering leadership and risk stakeholders.

Target Audience

This course is designed for professionals who already work near software delivery, platform operations, or application security and need a practical way to make DevSecOps and Secure Software Delivery work in day-to-day engineering environments.

  • DevOps Engineer responsible for secure CI/CD pipeline controls and release gates
  • Application Security Engineer validating SAST, DAST, and SCA findings
  • Software Developer implementing secure coding and repository hygiene practices
  • Cloud Engineer securing deployment workflows, containers, and Infrastructure as Code
  • Release Manager coordinating approvals, rollback readiness, and gated deployments
  • Platform Engineer maintaining shared build systems and pipeline guardrails
  • Security Operations Analyst tracking exposed secrets and software risk signals
  • Site Reliability Engineer supporting secure change, monitoring, and rollback procedures
  • DevSecOps Lead aligning engineering, security, and delivery metrics
  • Engineering Manager reporting pipeline risk, control gaps, and remediation progress

Course Objectives

This course equips you to plan, execute, and measure DevSecOps and Secure Software Delivery initiatives that reduce release risk, strengthen pipeline controls, and support secure delivery governance.

  • Assess a CI/CD pipeline using OWASP SAMM and NIST SSDF control checkpoints.
  • Apply threat modeling with OWASP Threat Dragon to identify pipeline and application attack paths.
  • Design secure GitHub or GitLab repository controls, including branch protection and secret detection.
  • Build a secure CI/CD workflow with SAST, SCA, and DAST security gates.
  • Calculate vulnerability remediation priorities from scan findings, severity ratings, and release impact.
  • Evaluate container image and IaC security outputs using Trivy and policy-as-code checks.
  • Implement release controls and rollback criteria aligned with ISO/IEC 27001:2022 change governance.
  • Synthesize pipeline evidence into a secure delivery report, risk register, and action plan.

Requirements & Prerequisites

You should have a working understanding of software development lifecycles, version control concepts, and basic CI/CD terminology. Familiarity with Git, build pipelines, or application security testing will help, but you do not need production DevSecOps experience to complete the course. No coding/programming is required beyond reading pipeline definitions and interpreting security findings; advanced concepts such as SAST, SCA, and DAST are taught at an operational application level. Please bring a laptop for hands-on pipeline and template exercises, and be prepared to review sample repository, build, and deployment artefacts.

Local Application and Business Return in Papua New Guinea

How participants can apply the training in local operating conditions, and the return their organisation can plan for.

How participants apply this

Participants can use this course to review how code moves from commit to production and identify where security checks should be added or tightened. They can map approval points, secret handling, dependency scanning, test automation, and container checks into the CI/CD workflow they already use. In day-to-day work, that means turning informal release habits into documented controls that developers and operations teams can follow consistently. It also helps teams create remediation steps for failed scans so security issues are fixed without creating release chaos.

Expected ROI

Within 6 to 12 months, organisations usually see fewer release surprises because security issues are found earlier in the pipeline rather than after deployment. Teams can also reduce rework by making security checks automated and predictable, which lowers the number of manual review bottlenecks. The business value is stronger release confidence, better audit readiness, and less time spent responding to avoidable pipeline-related incidents. For leaders, the return is a more defensible software delivery process that supports speed without sacrificing control.

Training Methodology

This is a practical, outcome-driven course designed to turn DevSecOps and Secure Software Delivery aspiration into measurable action and credible reporting.

Methodology includes:

  • Hands-on calculation using a vulnerability severity matrix and release risk scorecard.
  • Scenario simulation for a production hotfix release under security gate pressure.
  • Pipeline diagnostic using an OWASP SAMM-based assessment checklist.
  • Stakeholder mapping of developer, security, release, and operations approval paths.
  • Case study analysis from fintech, healthcare, SaaS, and manufacturing delivery teams.
  • Group workshop producing a secure CI/CD control design within time limits.
  • Reflection exercise comparing current release habits against NIST SSDF and OWASP Top 10 signals.

Upcoming Sessions

Next available dates worldwide

No international sessions scheduled

Certification

Recognized credentials that advance your career

Participants who complete the DevSecOps and Secure Software Delivery Training Program earn a Trainingcred Certificate of Achievement, demonstrating professional competence and alignment with global standards in learning and development.

NITA Accredited

Accredited by the National Industrial Training Authority, ensuring programs meet nationally recognized standards of quality and relevance.

CPD Certified

Recognized by the CPD Certification Service, ensuring every program meets internationally benchmarked standards of professional excellence.

Each certification reflects practical expertise, strategic insight, and readiness to excel in today's competitive, fast-evolving workplace.

Why this course earns its place on your CV

Accredited training, practitioner trainers, and peers on the same career track — the three things real expertise is built on.

Effective Learning & Skill Development

  • Build expertise with structured, outcome-driven learning.
  • Equip individuals and teams with skills that grow with industry needs.
  • Reinforce learning through real-world scenarios, case studies and practical exercises.

Career Growth & Professional Advancement

  • Apply what you learn with a proven methodology that ensures lasting impact.
  • Develop immediately usable skills that translate directly into workplace success.
  • Gain the expertise needed for career advancement and leadership roles.

Training Optimization & Learning Excellence

  • Tailor training to industry-specific challenges and organizational goals.
  • Use data-driven insights and automation to enhance training effectiveness.
  • Evaluate progress and ensure long-term learning success.

Real Results from Real Professionals

Thousands of professionals have transformed their careers through our training programs. Now, it's your turn.

View All Reviews

Local market advisory

Course relevance for Papua New Guinea

A country-specific view of market pressure, regulatory context, and practical business return behind this training.

  • Market context
  • Regulatory fit
  • Business application

Why this course matters in Papua New Guinea

A market-specific advisory on the operating pressures this course helps teams address.

DevSecOps and Secure Software Delivery matters in Papua New Guinea because organisations are adopting faster software release practices without always having equally mature security controls around code, dependencies, and deployment gates. This course helps DevOps, application security, cloud, and release teams decide how to embed security checks into CI/CD so software can move faster without increasing operational and cyber risk. It is especially relevant where teams support critical digital services, cloud workloads, or customer-facing applications that need defensible change control and auditability. For leaders, the main decision is how to standardise secure release governance without slowing delivery teams to a point where business agility suffers.
Secure release controls reduce avoidable pipeline risk

In environments where delivery teams use automated builds and deployments, the biggest exposure often comes from secrets, third-party dependencies, and misconfigured release steps. A practical DevSecOps model gives PNG teams a repeatable way to catch those issues earlier, before they become production incidents.

Cloud adoption increases the need for shared security ownership

As organisations move more workloads into cloud and hybrid environments, security cannot sit only with a separate review team. This course is relevant because it teaches developers, operations staff, and security practitioners how to share controls across the pipeline.

Release governance is as important as tooling

Many organisations can install scanners, but fewer can define when a build should fail, who can override a control, and how remediation is tracked. The course helps local teams design those rules so security gates are operational rather than symbolic.

This training is timely because software teams are under pressure to deliver faster while also improving resilience, traceability, and security assurance. In that environment, insecure automation can spread risk quickly across multiple applications, making pipeline design and release governance a practical priority rather than a niche security concern.

Frequently Asked Questions

Got questions? We've gathered the answers to common queries to help you feel confident and informed.

It is most useful for DevOps engineers, software developers, application security staff, cloud engineers, and release managers. It also helps team leads and engineering managers who need to set release standards and approve security controls across delivery pipelines.

The course is designed around embedding controls into automation, so the goal is to reduce manual friction rather than add it. When implemented well, security checks become part of the pipeline flow and can actually reduce delays caused by late-stage defect discovery.

Participants can leave with a secure CI/CD control design, a vulnerability remediation plan, and a secure delivery roadmap. Those outputs are useful because they translate the training into implementation steps that managers and engineers can review together.

No. Cloud-native teams may feel the pressure first, but any team that uses automated builds, deployment scripts, shared code repositories, or third-party dependencies can benefit. The same principles apply whether the application is fully cloud-based or part of a mixed legacy environment.

Trusted by 100+ organizations across 40+ countries

Premier Bank
Amnesty International
UNDT SACCO
UNFPA
USAID
AMREF Health Africa
KENTRADE
CPF
UFIA
UNICEF
Central Bank of Kenya
UNDP
GIZ
Premier Bank
Amnesty International
UNDT SACCO
UNFPA
USAID
AMREF Health Africa
KENTRADE
CPF
UFIA
UNICEF
Central Bank of Kenya
UNDP
GIZ
Barbours
Bank of Rwanda
RFA
Dahabshil Bank
Dorcas Aid
Finn Church Aid
KCB Foundation
Ministry of Education Saudi Arabia
NSSF Uganda
RBA
Reserve Bank of Malawi
WASREB Kenya
Virginia Commonwealth University
Barbours
Bank of Rwanda
RFA
Dahabshil Bank
Dorcas Aid
Finn Church Aid
KCB Foundation
Ministry of Education Saudi Arabia
NSSF Uganda
RBA
Reserve Bank of Malawi
WASREB Kenya
Virginia Commonwealth University