GET BETTER CLOUD, DEVSECOPS, SRE AND SECURITY KNOWDLEGE

SIMPLY BETTER DEVSECOPS

badges

We provide comprehensive training programs designed to suit every skill level, from beginners to seasoned professionals. Whether you’re just starting your journey or looking to master advanced concepts, our programs offer the perfect blend of theory and hands-on practice.

Each course is assigned a unique difficulty level, represented by the number of stars on its badge. This intuitive system ensures you can easily find the program that matches your expertise and aspirations.

🌟 Beginner-friendly courses for foundational knowledge.
⭐⭐ Intermediate programs to build on your skills.
⭐⭐⭐ Advanced training for experts seeking mastery in field. But not limited to beginners who love challenges.

Choose your path, learn at your own pace, and gain lifetime access to all course materials. Start your learning journey today and transform your knowledge into real-world impact!

Our training programs are available on-site at our premises or through our trusted partners. We bring more than just theory – our courses are shaped by hands-on experience gained from delivering solutions, designing architectures, and providing training globally. Specializing in DevOps, Security, and Cloud, we translate real-world challenges and best practices into actionable insights, ensuring you gain practical skills that drive project success.

DevSecOps bootcamp (DSO)

⭐⭐⭐ Advanced training


An immersive boot camp for mastering DevSecOps principles and practices:

  • What are DevSecOps, GitOps, and SRE?
  • DevSecOps Maturity Models and OWASP Top 10 for CI/CD.
  • GitOps-based security practices.
  • Cultural aspects of DevSecOps: Champion programs and metrics.
  • Implementing SAST, SCA, and DAST in CI/CD pipelines.
  • Developer-friendly security tools and IDE plugins.
  • Supply Chain Security: Attacks, SBOM, Attestation, and SLSA Framework.
  • Infrastructure as Code (IaC) Security Automation with Terraform.
  • Security for Microservices, Kubernetes, and Docker-based platforms.
  • Kubernetes Admission Controllers (e.g., OPA Gatekeeper, Kyverno).
  • Image scanning and runtime protection (e.g., Trivy, Clair).
  • Security best practices for Kubernetes pod security, network policies, and RBAC.
  • Secrets management in pipelines (e.g., HashiCorp Vault, AWS Secrets Manager).
  • Dynamic infrastructure scanning and runtime security (e.g., Aqua Security, Falco).
  • DevSecOps in Cloud Services.
  • Automation patterns and tools for DevSecOps.
  • Testing Terraform, Ansible, and other IaC configurations for security flaws.
  • Chaos Engineering: Testing production environments and GameDays.

Base Rate (Up to 10 participants) : €8,000

GET DEVSECOPS TRAINING

AWS Security (AWSSEC)

⭐⭐ Intermediate program

  • Introduction to Cloud Security: “Security of the Cloud vs. Security in the Cloud.”
  • Basics of AWS Global Infrastructure.
  • VPC Security: Route 53, Security Groups, and NACLs.
  • Load Balancers and their security considerations.
  • VPC Flow Logs and Firewalling.
  • IAM: Policies, roles, and policy evaluation logic.
  • Object Storage Security with Pre-signed URLs.
  • AWS Config, AWS CloudWatch, and AWS CloudTrail.
  • AWS Threat Intelligence: AWS Detective and AWS GuardDuty.
  • Automation patterns for security operations.
  • AWS Macie for PII protection.
  • Key Management Service (KMS) and key policies.
  • AWS Web Application Firewall.
  • System Manager and vulnerability scanning with Inspector.
  • AWS Security Hub: A unified view of security alerts.
  • Introduction to container security in AWS: Elastic Container Registry (ECR).

Extras:

  • Serverless Security and OWASP Serverless Top 10.
  • Pentesting and vulnerability scanning in AWS.

Base Rate (Up to 10 participants) : €9,000

GET AWS SECURITY TRAINING

Secure Development Lifecycle (SSDLC1)

⭐⭐ Intermediate program

A comprehensive course focusing on secure development practices, including:

  • Differences between SAST, SCA, and DAST.
  • Threat Modeling and UMLsec.
  • OWASP Top 10 from an API perspective.
  • Injection types and prevention techniques:
    • SQL Injection: exploitation and defense.
    • Cross-Site Scripting (XSS): types and mitigation.
    • Insecure Deserialization.
  • Protecting sensitive data.
  • Implementing secure cryptography in applications.
  • Supply chain security and dependency testing.
  • External Entity Expansion (XXE) attacks.
  • Out-of-Band and Server-Side Injection attacks.
  • Secure server configuration (HTTP headers, TLS configurations, etc.).
  • Tools like Burp Suite and ZAP Proxy for application testing.
  • CI/CD pipeline design for DevSecOps integration.
  • Web Application Firewall (WAF) usage and implementation.
  • Secure coding practices and design patterns.
  • Capture the Flag (CTF): An interactive gamified session to apply skills learned.

Base Rate (Up to 10 participants) : €11,000

GET SSDLC TRAINING

Threat Modeling (TM)

🌟 Beginner-friendly Training

⭐⭐ Intermediate programfor demanding teams

An advanced course designed to teach effective threat modeling techniques:

  • What is Threat Modeling, and how to use it.
  • Key elements of a threat model.
  • Overview of methodologies: STRIDE, DREAD, PASTA, and LUA.
  • Gamification in Threat Modeling using card games and rapid prototyping tools.
  • Specialized Threat Modeling for:
    • Cloud and infrastructure.
    • Software components.
    • CI/CD pipelines.
  • Hands-on exercises based on real-world scenarios.
  • Evaluating the effectiveness of threat models and reassessing assumptions.
  • Using tools like OWASP Threat Dragon, Microsoft Threat Modeling Tool, and IRIUS Risk.
  • Templates for rapid prototyping and advanced Threat Modeling.

Base Rate (Up to 10 participants) : €7,000

GET THREAT MODELING TRAINING

Do you want to build your custom training?

Looking for something unique? We also offer customized training programs tailored to your specific needs. Mix and match topics from our various courses to create the perfect program for your team or individual goals. With custom pricing, we ensure flexibility and value for your investment.

Our mission is to empower professionals to build better cloud solutions, enhance DevSecOps practices, strengthen SRE processes, and advance security capabilities. Contact us to design your personalized training experience and take your expertise to the next level!

Order our custom training just for you!

Feel free to contact us for more information or assistance! We’re here to help you choose the perfect training program and answer any questions you might have.

HackiHub

We are building platforms, training and services where cloud, security and devops meet.

Social:

IMPORTANT LINKS

ABOUT US:

Company: HackiHub s.r.o.
ID: 22291113
Email: contact@hackihub.com


Company adress:
Hlučkova 869/1, Letňany,
199 00 Prague 9
Czechia

Scroll to Top