Hello eveyone, I am very happy to share exciting news with all of you.
Few days ago, i have receieved an email confirming acceptance of my both Azure sessions for the Global Azure 2021 event. I am truely trilled to present on April 16th and 17th following two sesions for eveyone live:
I am looking forward for your participiation, and tune in to learn about latest developments in Microsoft Azure.
In my first session i will share the following new session with you.
Abstract of the presentation as is:
Infrastructure as a Code (IaC) is important strategy to manage your digital estate in any cloud environment. Simplifying management of your infrastructure while re-using code is even better. In Microsoft Azure, we have ARM (Azure Resource Manager) templates that could declaratively define your cloud project infrastructure.
However, it is not easy to author ARM JSON templates and maintain them when your project grows and requires changes. In this demo heavy session, we will introduce the Azure Bicep language and demonstrate how it simplifies authoring ARM templates for your Azure infrastructure. We will author a manageable, readable, and modularized Azure infrastructure code, while using familiar tools.
Please let me know, what topics are you interested in?
As cloud☁️ journey matures, each company 🏨 knows that service requirements and needs will be changing. As cloud providers add new features and products, the new market opportunities and possibilities will rise.
There are several reasons why you would want to pursue the cloud landing zones. Using the start small and expand landing zone, you could get started with cloud adoption at a low-risk pace, and build up the security, governance, and regulatory policies over time.
As a benefit, with “start small and expand” you can use Azure Resource Manager templates and Azure Policy to create a CI/CD pipelines for subscriptions with Azure Blueprints.
As an ongoing improvement effort, you could expand and improve the landing zone with the Cloud Adoption Framework enterprise-scale design guidelines from Microsoft Azure ™
During my journey to become a Microsoft Azure Security professional, I have compiled set of useful resources in addition to the exam materials. These resources do complement cloud and application security with open-source tooling, and a book that is much needed for success.
I am excited to share this with my network and DevSecOps enthusiasts 🙂
WhiteSource Bolt – is a #free developer tool for finding and fixing open source vulnerabilities.
Sqlmap – is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers – http://sqlmap.org/
OpenVAS – Open Vulnerability Assessment Scanner is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low level Internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test. – https://openvas.org/
Recon-ng – is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly – https://tools.kali.org/information-gathering/recon-ng
Awesome DevSecOps book. Inspired by the awesome-* trend on GitHub. This is a collection of documents, presentations, videos, training materials, tools, services and general leadership that support the DevSecOps mission. These are the essential building blocks and tidbits that can help you to arrange for a DevSecOps experiment or to help you build out your own DevSecOps program.
#lambhack is A vulnerable serverless lambda application. This is certainly a bad idea to base any coding patterns of what you see here. It allows you to take advantage of our tried and true application security problems, namely arbitrary code execution, XSS, injection attacks and more.
Black Duck is a commercial alternative to WhiteSource Bolt. It helps to manage the risks that come with the use of open source. Black Duck software composition analysis solutions and open source audits give you the insight you need to track the open source in your code, mitigate security and license compliance risks, and automatically enforce open source policies using your existing DevOps tools and processes.
OWASP Honeypot-Project. Goal of the OWASP Honeypot Project is to identify emerging attacks against web applications and report them to the community, in order to facilitate protection against such targeted attacks. Based around the earlier OWASP/WASC Distributed Web Honeypots Project.
Open Source Honeypots That Detect Threats For Free. You could read details on this interesting post.
Note: in noway this presents a complete guide. However, I hope it will guide your project into a more successful DevSecOps state.
I do encourageto comment and share your tips and resources here. This will ultimately help every community member to become a better security professional. Thanks!
If you are looking to get some study tips on an Azure DevOps Engineer Expert certification then you landed in a right post 🙂
So why Azure DevOps as a platform for your organization’s digital transformation? Well it is build for any language, and any platform. Yes, that is 100% true statement! Run the OSS (#opensourcesoftware) tools and frameworks on it, anything you want, in addition to Microsoft stack.
This weekend, I got loaded with fresh coffee and sit to wright-down experiences and resources I have used, along the journey to become an Azure DevOps Expert. This journey brings along a new credential in Microsoft Certified: DevOps Engineer Expert. However, most importantly, it refreshes your understanding of latest developments in the DevOps ecosystem on Microsoft Azure platform.
Side note:I have been actively using Microsoft DevOps pipelines for the last 2.5 years. Having this experience provided a lot of help in understanding exam objectives and focusing on areas that I never touched.
Overall, Microsoft Expert exams are harder than Azure fundamentals and associate exams. They come with test scenarios, labs and tricky questions where you have to know the order of processes – in one way testing your real-world understanding of the processes and technologies and its interconnected components.
Earning the DevOps Engineer Expert certification demonstrates the ability to combine people, process, and technologies to continuously deliver valuable products and services that meet end user needs and business objectives. DevOps professionals streamline delivery by optimizing practices, improving communications and collaboration, and creating automation.
Now, as you may expect, there are tons of material out there on how to get prepared for required two exams that qualifies you to Expert certification. I took a bit stiff hill to climb 🙂 First, I went head-on with AZ-400 “Designing and Implementing Microsoft DevOps Solutions” exam and later focused on Azure Administrator Associate exam.
As an alternative, you could choose a developer path. It applies very well for the case, where you might already have an Azure Developer Associate certification and just need to pass AZ-400 to qualify for the DevOps Expert certification.
Study Materials and references
I primarily used Microsoft Learn – an online and free starting point to cover gaps in my knowledge and skills. by complementing it with Pluralsight videos. I have combined the following list of resources that you might find handy 🙂
In summary, the important once are listed on top. They are all very important, as you would like to keep your knowledge up to date with developments on DevOps world.
In a nutshell, I tried my best to walk you through the process, options and resources that will help you along the way. Hopefully, this brief guide will help you on your journey to prepare and become an Expert DevOps Engineer!
Meanwhile, feel free to answer the following questions:
Comment on your exam preparation approach?
What challenges are you facing or already overcame?
What helped and what did not – in setting up for a DevOps journey?