DoD DCWF - Certified DevSecOps Specialist

MCSI Certification

MDSOS - Certified DevSecOps Specialist

This comprehensive DevSecOps Specialist course is designed to equip participants with the foundational and advanced skills necessary for modern software development and operations. Starting with an introduction to the fundamental principles of DevSecOps, Continuous Integration/Continuous Deployment (CI/CD), and Infrastructure as Code, the course also offers targeted training on building secure web applications.

Upon completing this course, participants will have gained a thorough exposure to a broad spectrum of DevSecOps tools and technologies. This extensive study ensures that every participant develops the competence needed to implement and maintain robust security practices throughout the application lifecycle.

Intermediate Level MCSI Certification Advanced
ic-certificate Certification
ic-clock 600+ hours
ic-money $1295
No Expiry, No Renewals

Course Overview

As security challenges continue to evolve, it emphasizes the importance of integrating security into every stage of the software development lifecycle. Participants will delve into the technical depths of CI/CD tools such as Jenkins and GitLab, essential for automating the development processes. Furthermore, the course also covers cloud infrastructure management across major platforms including Amazon Web Services, Microsoft Azure, and Google Cloud Platform.

Participants will learn how to set up virtual machines, manage access control, configure storage solutions, and more. This knowledge lays a solid foundation for understanding the myriad components that coalesce in a robust DevOps environment, preparing participants to seamlessly integrate these elements in real-world applications.

The learning journey continues as participants explore native services provided by the three major cloud providers, tailored specifically for DevOps operations. This includes automating the deployment of web applications and crafting Infrastructure as Code templates using tools like Terraform. The course also covers essential practices in configuration and change management across both on-premises and cloud infrastructures with tools such as Ansible, Chef, and Puppet. These skills are critical for maintaining consistency and reliability in dynamic IT environments.

Furthermore, the curriculum introduces containerization and orchestration technologies, including Docker and Kubernetes, which are pivotal in deploying web applications efficiently and at scale.

Upon completing this course, participants will emerge with advanced capabilities in:

  • Understanding DevSecOps advantages for efficient and secure software development.
  • Integrating CI/CD pipelines for optimized release processes.
  • Developing secure web applications against common threats like CSRF and SQL injection.
  • Configuring Jenkins, GitLab, and AWS for continuous integration and deployment.
  • Utilizing Ansible, Chef, and Puppet for infrastructure management and secure deployments.
  • Developing and managing Docker containers for application deployment.
  • Developing and managing Docker containers for application deployment.

Knowledge, Skills and Abilities You Will Acquire

MCSI is one of the most respected and trusted names in cyber security education and training. Our certifications teach critical skills, knowledge and abilities needed to advance a career in cyber security. Our courses are comprehensive and up-to-date, and our instructors are experienced professionals who are dedicated to helping students learn. MCSI provides the real-world skills and knowledge you need to protect any organization from cyber threats.

  • Lab Setup and Virtualization
  • Introduction to DevSecOps and DevOps Tools

    DevSecOps is an approach that integrates security practices into the DevOps (Development and Operations) process, aiming to prioritize security throughout the software development lifecycle. DevOps tools are technologies and platforms that automate and streamline software development, testing, and deployment processes, and their relevance lies in enabling efficient collaboration, continuous integration, and delivery while integrating security measures to build secure and resilient software products.

    This approach ensures that security is not an afterthought but a fundamental aspect integrated from the start, enhancing overall software quality and reducing vulnerabilities.

    Understand the Differences Between DevSecOps and AppSecOps

    Differentiating between DevSecOps and AppSecOps is important for DevSecOps specialists to grasp the distinct focuses of integrating security into development processes (DevSecOps) versus focusing solely on application security (AppSecOps), enabling informed security strategies tailored to software development lifecycles.

    Continuous Integration and Continuous Deployment (CI/CD)

    Understanding CI/CD processes is essential for DevSecOps specialists to automate software development, testing, and deployment cycles, ensuring rapid and reliable delivery of secure software updates while integrating security checks and validations into automated pipelines.

    Infrastructure as Code

    Embracing Infrastructure as Code (IaC) is critical for DevSecOps specialists to manage and provision infrastructure using code, enabling consistent and scalable deployments while incorporating security controls and best practices directly into infrastructure definitions.

    Utilizing Jenkins

    Leveraging Jenkins for automation and orchestration is fundamental for DevSecOps specialists to implement CI/CD pipelines, integrate security testing tools, and automate security checks throughout the software development lifecycle, enhancing efficiency and ensuring secure software delivery.

    Implementing a CI/CD within GitLab for Projects

    Implementing CI/CD pipelines within GitLab is valuable for DevSecOps specialists to automate software builds, testing, and deployments directly within version-controlled repositories, fostering collaboration, version control, and security integration within a unified platform.

  • Cloud Platforms and Infrastructure as Code (IaC)

    Cloud Platforms provide scalable and flexible infrastructure resources on-demand, enabling DevSecOps specialists to leverage cloud services for rapid deployment, scalability, and cost-effectiveness of software applications. Infrastructure as Code (IaC) is crucial for DevSecOps specialists as it allows them to automate and manage infrastructure configurations using code, ensuring consistency, repeatability, and version control of infrastructure deployments while integrating security controls directly into infrastructure definitions for enhanced security and compliance.

    This approach enables efficient and secure delivery of applications in cloud environments, aligning with DevSecOps principles of integrating security into the software development lifecycle.

    Deploying EC2 Instances

    Deploying EC2 instances on AWS allows DevSecOps specialists to provision scalable compute resources in the cloud, enabling flexible and efficient deployment of applications while implementing security controls and monitoring for secure operations.

    Configuring VPC Flow Logging

    Setting up VPC flow logging in AWS enables DevSecOps specialists to monitor and analyze network traffic within Virtual Private Clouds (VPCs), facilitating threat detection, compliance auditing, and incident response for enhanced security posture.

    Setting up AWS S3 Buckets

    Setting up and managing AWS S3 buckets allows DevSecOps specialists to securely store and manage data in scalable and durable object storage, implementing access controls, encryption, and versioning to protect sensitive information and ensure data integrity.

    Setting up & Managing Azure Cloud Infrastructure

    Managing Azure cloud infrastructure involves provisioning and configuring resources such as virtual machines, networks, and storage in Microsoft Azure, enabling DevSecOps specialists to deploy and secure applications while adhering to Azure's security best practices and compliance standards.

    Setting up & Managing Virtual Machines using Google Cloud Platform

    Managing virtual machines on Google Cloud Platform (GCP) allows DevSecOps specialists to deploy and maintain scalable compute instances, implementing security controls, monitoring, and access management to ensure secure and reliable operations of applications on GCP.

    Implementing Load Balancers, Reverse Proxies, Docker Images on AWS

    Deploying load balancers, reverse proxies, and Docker containers on AWS enables DevSecOps specialists to optimize application performance, scalability, and reliability while ensuring secure traffic management, container orchestration, and container security within AWS environments.

    Creating Microsoft Azure Pipelines

    Creating Azure Pipelines allows DevSecOps specialists to automate software delivery processes, including build, test, and deployment workflows on Microsoft Azure, integrating security testing and compliance checks to achieve continuous integration and continuous delivery (CI/CD) with Azure DevOps services.

    Utilizing Google Cloud Platform Deployment Manager

    Leveraging Google Cloud Platform Deployment Manager enables DevSecOps specialists to define, deploy, and manage cloud resources using declarative configurations, ensuring consistent and repeatable infrastructure deployments while applying security controls and compliance policies within GCP environments.

    Creating CI/CD Pipeline within Google Cloud Platform

    Implementing CI/CD pipelines within Google Cloud Platform (GCP) allows DevSecOps specialists to automate software delivery workflows, integrating security testing, and vulnerability scanning into continuous deployment processes to achieve secure and efficient application releases on GCP.

    Utilizing Terraform to Secure AWS Infrastructure

    Using Terraform for AWS infrastructure as code (IaC) allows DevSecOps specialists to define and manage security configurations, access controls, and compliance policies as code, ensuring consistent and secure provisioning of AWS resources while implementing security best practices and automation.

    Utilizing Terraform to Secure Azure Infrastructure

    Leveraging Terraform for Azure infrastructure management enables DevSecOps specialists to automate security controls, define security policies, and enforce compliance standards across Azure resources, ensuring secure and auditable deployments while promoting infrastructure-as-code (IaC) practices.

    Utilizing Terraform to Secure Google Cloud Platform Instances

    Using Terraform to manage and secure Google Cloud Platform (GCP) instances allows DevSecOps specialists to automate security configurations, define access controls, and enforce security policies across GCP resources, promoting consistent and secure infrastructure deployments while integrating security best practices into the development lifecycle.

    Configuring and Installing Ansible

    Configuring and installing Ansible enables DevSecOps specialists to automate configuration management, orchestration, and security hardening tasks across cloud environments, facilitating consistent and secure provisioning of infrastructure and applications with Ansible playbooks and modules.

    Utilizing Ansible to Harden AWS

    Leveraging Ansible for AWS hardening involves implementing security best practices and configurations across AWS resources using Ansible playbooks, ensuring compliance, and reducing security risks within AWS environments managed by DevSecOps specialists.

    Utilizing Chef to Secure AWS, Azure, and GCP Configurations

    Implementing Chef for configuration management enables DevSecOps specialists to automate security configurations and policy enforcement across AWS, Azure, and Google Cloud Platform (GCP) environments, ensuring consistent and compliant infrastructure deployments while enhancing security posture and operational efficiency.

    Utilizing Puppet to Harden AWS Infrastructure

    Leveraging Puppet for AWS infrastructure hardening involves automating security configurations and compliance checks across AWS resources using Puppet manifests, enabling DevSecOps specialists to maintain secure and auditable infrastructure deployments while enforcing security policies and best practices.

  • Containerization and Orchestration

    Containerization and orchestration are crucial for DevSecOps specialists because they enable consistent, portable, and scalable deployment of applications while ensuring security controls are integrated throughout the container lifecycle.

    Containerization allows for isolated and lightweight environments, facilitating rapid development and deployment cycles, while orchestration platforms like Kubernetes automate management tasks, improving efficiency and enabling security-focused practices such as automated vulnerability scanning, secrets management, and network policies to be applied consistently across distributed environments.


    Docker is a containerization platform that allows DevSecOps specialists to package and deploy applications in lightweight, isolated containers, facilitating consistent and portable software deployments while enhancing security through containerization.

    Securely Configuring and Deploying Docker Images

    Securely configuring and deploying Docker images involves implementing best practices for image hardening, vulnerability scanning, and container runtime security, ensuring that Docker containers are built and deployed with security in mind to mitigate risks and vulnerabilities.


    Kubernetes is a container orchestration platform that automates container deployment, scaling, and management, allowing DevSecOps specialists to efficiently manage and secure containerized applications at scale while implementing security controls and policies within Kubernetes clusters.

    Configuring and Deploying Kubernetes

    Configuring and deploying Kubernetes involves setting up and managing Kubernetes clusters, configuring networking, storage, and security settings, enabling DevSecOps specialists to deploy and secure containerized applications efficiently across distributed environments.

    Vulnerability Scanning Docker Images & Kubernetes

    Performing vulnerability scans on Docker images and Kubernetes clusters allows DevSecOps specialists to identify and remediate security vulnerabilities and misconfigurations, ensuring that containerized applications are deployed with minimal security risks and compliance with security standards.

    Writing Falco Rules

    Writing Falco rules involves defining custom security policies and detection rules for runtime container security monitoring, enabling DevSecOps specialists to detect and respond to suspicious activities and security incidents within Kubernetes environments.

    Implementing Role-Based Access Control within Kubernetes

    Implementing Role-Based Access Control (RBAC) in Kubernetes allows DevSecOps specialists to enforce fine-grained access controls and permissions, ensuring that only authorized users and processes have access to Kubernetes resources based on predefined roles and policies.

    Monitoring Kubernetes

    Monitoring Kubernetes involves collecting and analyzing metrics, logs, and events from Kubernetes clusters, enabling DevSecOps specialists to detect anomalies, performance issues, and security incidents in real-time for proactive monitoring and response.

    Create CI/CD Pipelines to Deploy Kubernetes Applications

    Creating CI/CD pipelines for Kubernetes applications allows DevSecOps specialists to automate build, test, and deployment workflows, integrating security testing and compliance checks into continuous delivery processes to ensure secure and efficient deployment of containerized applications within Kubernetes environments.

  • Security and Risk Management in DevOps

    Security and risk management in DevOps are crucial because they ensure that security is integrated into every stage of the software development lifecycle, mitigating potential risks and vulnerabilities early on.

    By focusing on security from the outset, DevOps teams can proactively identify and address security concerns, improving overall software quality, reducing security incidents, and enhancing organizational resilience. This approach aligns with DevSecOps principles, fostering collaboration between development, operations, and security teams to achieve secure, reliable, and compliant software delivery.

    Configuring Secure Web Application Cookies

    Configuring secure web application cookies is important in DevOps to protect against session hijacking and other attacks, ensuring that sensitive information transmitted via cookies is encrypted and properly validated to enhance application security.

    Developing Secure Web Applications that Prevent (Brute Force Attacks, Password Policies, Secure Logins, URL Validation, etc.)

    Developing secure web applications with robust security features such as prevention of brute force attacks, enforcing strong password policies, implementing secure login mechanisms, and validating input data helps mitigate common vulnerabilities and threats, ensuring applications are resilient against cyberattacks.

    Assessing AWS Infrastructure

    Assessing AWS infrastructure involves conducting security assessments and audits to identify and remediate security risks and misconfigurations, ensuring AWS environments adhere to security best practices and compliance requirements.

    Implementing Secure AWS Features (GuardDuty, Firewalls, Amazon Detective/Inspector, etc.)

    Implementing secure AWS features such as GuardDuty for threat detection, firewalls for network security, and Amazon Detective/Inspector for security assessments helps strengthen AWS security posture, providing continuous monitoring and detection of security threats and vulnerabilities.

    Utilizing AWS Security Hub

    AWS Security Hub provides a centralized view of security alerts and compliance status across AWS accounts, enabling DevOps teams to identify, prioritize, and remediate security findings to enhance overall security and compliance in AWS environments.

    Monitoring AWS Security Events

    Monitoring AWS security events in real-time allows DevOps teams to quickly detect and respond to security incidents, leveraging AWS CloudTrail, CloudWatch, and other monitoring tools to ensure proactive security monitoring and incident response.

    Writing Information System Continuous Monitoring (ISCM) Strategy Documents

    Developing ISCM strategy documents outlines the approach and methodologies for continuous monitoring of information systems, enabling DevOps teams to establish effective security monitoring practices and ensure timely detection and response to security threats and vulnerabilities.

    Writing Cloud Policy Audits

    Writing cloud policy audits involves defining and documenting policies for cloud security and compliance, ensuring that cloud environments adhere to organizational security standards and regulatory requirements through regular audits and assessments.

    Creating CI/CD and Azure Pipelines for Google Cloud Platform, AWS, Azure in GitLab

    Implementing CI/CD pipelines for multi-cloud environments using GitLab allows DevOps teams to automate secure software delivery, integrating security testing and compliance checks into continuous integration and deployment workflows for Google Cloud Platform, AWS, and Azure, ensuring secure and efficient deployment of applications across cloud platforms.

    Monitoring GCP Instances for Malicious Events

    Monitoring Google Cloud Platform (GCP) instances for malicious events involves leveraging platform-based logging systems such as Azure Log Analytics to collect and analyze logs, enabling DevOps teams to detect and respond to suspicious activities and security incidents in GCP environments.

    Utilizing Platform-Based Logging Systems (such as Azure Log Analytics)

    Leveraging platform-based logging systems like Azure Log Analytics enables DevOps teams to centralize and analyze logs and events from cloud environments, improving visibility into security events and enabling proactive threat detection and incident response.

    Creating CI/CD Pipelines for Automated Security Testing

    Creating CI/CD pipelines for automated security testing allows DevOps teams to integrate security testing tools and techniques into continuous delivery workflows, enabling automated vulnerability scanning, penetration testing, and compliance checks to ensure that applications are developed and deployed securely.

    Writing a Disaster Recovery Policy

    Developing a disaster recovery policy outlines procedures and protocols for responding to and recovering from disruptive events, ensuring business continuity and resilience in the face of disasters or unexpected incidents affecting cloud infrastructure and applications.

DoD Cyber Workforce Framework KSATs

This course teaches the specific Knowledge, Skills, Abilities, and Tasks (KSATs) aligned with the DoD Cyber Workforce Framework (DCWF) as outlined in DoD 8140. By focusing on these critical competencies, the course ensures that you develop the essential capabilities required for various cybersecurity roles within the Department of Defense. This alignment not only guarantees that the training is relevant and comprehensive but also that it prepares you to meet the specific operational needs and standards of the DoD cyber workforce.

  • knowledge
    ID Description
    22 Knowledge of computer networking concepts and protocols, and network security methodologies.
    108 Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
    1158 Knowledge of cybersecurity principles.
    1159 Knowledge of cyber threats and vulnerabilities.
    6900 Knowledge of specific operational impacts of cybersecurity lapses.
    6935 Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).
    6938 Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.
    21 Knowledge of computer algorithms.
    25B Knowledge of encryption algorithms.
    27A Knowledge of cryptology.
    34 Knowledge of database systems.
    58 Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.
    130 Knowledge of systems testing and evaluation methods.
    130A Knowledge of systems security testing and evaluation methods.
    142A Knowledge of the operations and processes for incident, problem, and event management.
    144 Knowledge of the systems engineering process.
    1037A Knowledge of information technology (IT) risk management policies, requirements, and procedures.
    1139A Knowledge of implementing enterprise key escrow systems to support data-at-rest encryption.
    1141A Knowledge of an organization’s information classification program and procedures for information compromise.
    6240 Knowledge of critical protocols (e.g., IPSEC, AES, GRE, IKE).
    7087 Knowledge of programming languages.
    7088 Knowledge of continuous integration/continuous deployment (CI/CD) processes and pipeline tools.
    7089 Knowledge of portable, extensible, open source platform for managing containerized workloads and services.
    7090 Knowledge of cloud hosting providers.
    7091 Knowledge of threat modeling, risk assessment techniques, code reviews, current best practices and the latest cybersecurity threats.
    7092 Knowledge of how security impacts each development phase and the services.
    7093 Knowledge of a Continuous Integration/Continuous Deployment (CI/CD) environment and processes.
    7094 Knowledge of the steps for release to higher levels of integration testing, certification activities, and/or operations using testbeds, modeling and simulation to synchronize software releases with the development of an operations environment(s) to ensure compatibility.
    7095 Knowledge of every stage in the software project lifecycle, from initial design and build to rollout and maintenance.
  • skills
    ID Description
    3C Skill in recognizing vulnerabilities in information and/or data systems.
    3B Skill in conducting vulnerability scans and recognizing vulnerabilities in information systems and networks.
    190 Skill in developing operations-based testing scenarios.
    220 Skill in systems integration testing.
    225A Skill in the use of penetration testing tools and techniques, including specialized tools for non-traditional systems and networks (e.g., control systems).
    238A Skill in writing code in a currently supported programming language (e.g., Java, C++).
    3822 Skill in managing client relationships, including determining client needs/requirements, managing client expectations, and demonstrating commitment to delivering quality results.
  • abilities
    ID Description
    4 Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
    3030 Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
    6090 Ability to develop curriculum for use within a virtual environment.
  • tasks
    ID Description
    412A Analyze the results of software, hardware, or interoperability testing.
    420 Apply security policies to meet security objectives of the system.
    421a Apply security architecture principles to meet organization’s confidentiality, integrity, and availability requirements.
    452 Conduct functional and connectivity testing to ensure continuing operability.
    559B Analyze and report system security posture trends.
    568 Employ secure configuration management processes.
    571 Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.
    572 Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.
    576 Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
    653B Implement security measures to mitigate or remediate vulnerabilities and security deficiencies, and provide justification for acceptance of residual risk.
    661A Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.
    708A Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative.
    717A Assess and monitor cybersecurity related to system implementation and testing practices.
    726 Oversee and make recommendations regarding configuration management.
    729A Verify minimum security requirements are in place for all applications.
    754 Perform cybersecurity testing of developed applications and/or systems.
    765 Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
    795 Properly document all systems security implementation, operations and maintenance activities and update as necessary.
    806A Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.
    809 Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
    876 Verify and update security documentation reflecting the application/system security design features.
    880A Work with stakeholders to resolve computer security incidents and vulnerability compliance.
    938A Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.
    2054 Assess the effectiveness of security controls.
    5050 Assess all the configuration management (change configuration/release management) processes.
    5940 Work with designers and developers thru out the design, development and testing process.
    5939 Choose and deploy the appropriate automated application security testing tools.
    5941 Utilize tools and techniques like risk assessment, threat modeling, and cybersecurity to detect and analyze the threats.
    5942 Work with Security Engineers to ensure that all security threats are dealt with during the development phase.
    5943 Work with Automation tools are used to identify the vulnerabilities.
    5944 Identify and implement tooling for controlling the steps in a continuous integration (CI) and continuous deployment (CD) pipeline.
    5945 Develop and implement automatic test tools in a CI/CD pipeline, which could include Static Application Security Test (SAST) tools, Dynamic Application Security Test (DAST) tools, Unit Test tools, Static Code Analysis (SCA) tools, etc.
    5946 Develop code within a CI/CD Pipeline.
    5947 Select appropriate language and coding standards for software application for appropriate Continuous Integration/Continuous Deployment (CI/CD) framework.
    5948 Apply testing activities, understands fault vs. failures, conduct basic test planning, develop test selection or adequacy criteria, crafts test documentation, ensures test coverages, and conducts automated testing.
    5950 Develop and deploy software using continuous integration methods, processes, and tools, including test case writing against completion criteria (for each release, capability, micro-service, or component), build automation, and build processes.
    5951 Select and implement telemetry within the CI/CD pipeline and Ops software to support metrics and problem discovery and resolution.
    5953 Provide DevSecOps guidance to leadership.
    5954 Build test interfaces and perform complex integration.
    5955 Work closely with development teams to provide and support the environment needed to deliver an organization’s services.

Career Outcomes

Our DevSecOps Specialist course equips you with the skills to integrate security into the software development lifecycle. Learn to manage CI/CD pipelines, deploy automated security testing tools, and perform risk assessments. Gain hands-on experience in threat modeling, vulnerability scanning, and collaborating with development teams to ensure secure software deployment. By the end of the course, you will be prepared to lead DevSecOps practices and enhance the security of software development processes.

Certification Detail

MCSI certifications are highly respected and sought-after credentials in the industry. Earning an MCSI certification is a testament to your knowledge and skillset, and demonstrates your commitment to excellence. The content is cutting-edge, uniquely-designed, and hands-on. Our exercises teach in-demand skills that are immediately applicable in the field.

The certifications are valid indefinitely and do not require any renewal fees. The training is accessible without any time limits.


Training Modules

This course provides you with multiple training modules, each of which is designed to teach you practical skills that can help you solve important cyber problems. Each module offers exercises that will help you build your skills and capabilities.

  • MDSOS-001: Introduction to DevSecOps - 4 exercises
  • MDSOS-002: Introduction to Continuous Integration (CI) and Continuous Delivery/Deployment (CD) - 4 exercises
  • MDSOS-003: Introduction to Infrastructure as Code (IaC) - 4 exercises
  • MDSOS-004: Lab Setup - 3 exercises
  • MDSOS-101: Web Application Security Fundamentals - Part 1 - 5 exercises
  • MDSOS-102: Web Application Security Fundamentals - Part 2 - 5 exercises
  • MDSOS-103: Web Application Security Fundamentals - Part 3 - 4 exercises
  • MDSOS-201: DevOps with Jenkins - 11 exercises
  • MDSOS-202: DevOps with GitLab - 4 exercises
  • MDSOS-203: Introduction to Amazon Web Services - 5 exercises
  • MDSOS-204: Introduction to Microsoft Azure - 5 exercises
  • MDSOS-205: Introduction to Google Cloud Platform - 5 exercises
  • MDSOS-301: DevOps on Amazon Web Services - 20 exercises
  • MDSOS-302: DevOps on Microsoft Azure - 10 exercises
  • MDSOS-303: DevOps on Google Cloud Platform - 7 exercises
  • MDSOS-401: Provision and Manage AWS Infrastructure with Terraform - 16 exercises
  • MDSOS-402: Provision and Manage Azure Infrastructure with Terraform - 9 exercises
  • MDSOS-403: Provision and Manage GCP Infrastructure with Terraform - 5 exercises
  • MDSOS-404: Infrastructure as Code Using Ansible - 7 exercises
  • MDSOS-405: Secure Infrastructure as Code Using Ansible - 3 exercises
  • MDSOS-406: Infrastructure as Code Using Chef - 3 exercises
  • MDSOS-407: Secure Infrastructure as Code Using Chef - 7 exercises
  • MDSOS-408: Infrastructure as Code Using Puppet - 3 exercises
  • MDSOS-409: Secure Infrastructure as Code using Puppet - 4 exercises
  • MDSOS-501: Introduction to Docker - 14 exercises
  • MDSOS-503: Introduction to Kubernetes - 9 exercises
  • MDSOS-504: Vulnerability Scanning on Docker and Kubernetes - 7 exercises
  • MDSOS-505: DevSecOps with Kubernetes - 11 exercises
  • MDSOS-601: Threat Modelling and Threat Detection in the Cloud - 14 exercises
  • MDSOS-602: Managing Risk in the Cloud - 10 exercises
  • MDSOS-603: DevSecOps on AWS, Azure and GCP - 10 exercises
  • MDSOS-604: Logging, Log Automation and Log Management - 5 exercises
  • MDSOS-605: Static and Dynamic Security Testing in CI/CD - 10 exercises
  • MDSOS-606: Advanced Web Application Security - 7 exercises
  • MDSOS-606: Business Continuity Operations - 3 exercises


Cyber professionals must be ready for everything. The typical security training strategy, which focuses on individual skills and tools, is insufficient. You must be able to operate as part of a team, see the big picture, and respond swiftly and effectively to unforeseen circumstances. That's why, as part of our training, we use replays of whole cyber missions. Our scenarios help you prepare for the demands of the job and give you confidence in your ability to work professionally.

  • MDSOS-SC-01: Hosting a Web Application over SSL on AWS - 9 exercises
  • MDSOS-SC-02: Deploying a web application on Docker - 7 exercises
  • MDSOS-SC-03: Deploying a web application on a Kubernetes cluster - 10 exercises

Enroll now with lifetime access for $1295


MCSI Industry Certifications are important for you to earn because they signify that you have the skills required to work in a cybersecurity. Certificates of Completion are also important to earn because they signify that you have completed an exercise. Earning Certificates of Completion and Industry Certifications demonstrates that you are willing to put in the extra work to be successful.




Obtain CPE points by solving exercises


Achieve multiple certifications


Receive help from instructors online

This certification is aligned with the DoD Cyber Workforce Framework (DoD 8140), ensuring you receive training that meets the standards and competencies required for cybersecurity roles within the Department of Defense. This alignment guarantees that you gain relevant, up-to-date skills and knowledge tailored to the specific needs of the DoD cyber workforce, effectively preparing you to support and secure defense operations.

Certificate Level Curriculum Completion Requirement Scenarios Completion Requirement
MCSI DevSecOps Specialist (Basic) Level 1 50% 0%
MCSI DevSecOps Specialist (Intermediate) Level 2 75% 50%
MCSI DevSecOps Specialist (Advanced) Level 3 95% 100%

Sample Exercises

Below are three (3) exercises from the 100+ exercises available in MCDFA - Certified Cyber Defence Forensics Analyst:

Deploy a VM instance in GCP using Deployment Manager


Research the components of Chef


Use AWS Well-Architected Tool To Assess The Infrastructure In Your AWS Account


Our Instructors

Student exercises are reviewed and graded by multiple instructors. This one-of-a-kind approach allows you to get highly personalized input from a number of successful professionals.

MCSI's teachers bring real-world experience and knowledge to the classroom, ensuring that students have the skills they need to excel in the field of information security. Due to their extensive experience in penetration testing, vulnerability assessment, reverse engineering, incident response, digital forensics, and exploit development, students will understand the most up-to-date defensive and offensive cybersecurity strategies and procedures.

Our instructors are passionate about information security and are always looking to further their own knowledge. Students who attend an MCSI course can be confident that they are learning from some of the best in the business. They can adapt their teaching approaches to match the demands of any student, regardless of their degree of expertise.

The MCSI team strives to provide the most comprehensive and up-to-date cybersecurity training available. Whether you are a seasoned security professional or new to the field, MCSI has a course that will meet your needs.

Receive personalized feedback from cybersecurity experts:

  • Overcome challenges and hurdles preventing you from advancing your skills
  • Receive guidance on how to focus your training efforts and avoid wasting time
  • Learn how to meet the industry's quality standards and produce high-quality work
  • When you're stuck, go to a support forum or ask inquiries to the instructors right on the platform

Help and Support

24/7 Discord Community

If you're looking for additional support during your studies, consider joining our Discord server. Our community of fellow students and instructors is always available to provide help and answer any questions you may have.

Personalized Support

Your submissions will be reviewed by MCSI instructors, who will provide you with personalized feedback. This input is critical since it can assist you in identifying the areas where you need to enhance your skills. The instructor's feedback will also tell you how well you did an exercise and what you can do to improve your performance even further.

Click here to see an example of personalized feedback.

Our personalized support will take your skills to the next level. Read what a student says about it:

Quick Questions

If you have any questions or need clarification on any of the exercises, MCSI offers a Quick Questions section on each exercise where you can ask for help. This is a great resource to use if you need assistance. This feature is only available for paid courses.

Actively Maintained Course

This course is actively maintained to ensure that it is current and error-free. We want to ensure that you have the best possible experience while taking this course, which includes having access to accurate and current information. This course is also tested for flaws on a regular basis, so you can be sure you're getting a high-quality product.

This course is constantly updated with the support of trustworthy industry peers to ensure that students are acquiring the most up-to-date information and skills. This dedication to staying ahead of the curve is what distinguishes this course as one of the greatest in the market.


Training Laptop Requirement

This course can be completed on a standard training laptop. To ensure you have the necessary hardware to complete the course, your machine should meet the following specifications:

  • 64-bit Intel i5/i7 2.0+ GHz processor or equivalent
  • 8GB of RAM
  • Ability to run at least (1) virtual machine using Virtual Box, or an equivalent virtualization software
  • Windows 10 or later, macOS 10 or later, or Linux
  • Local administrator privileges
Do you support older operating systems?

Yes. Many of the exercises can be completed on older OS versions. A few of our students are successfully using older equipment to learn cyber security.

Proficiency in the English language

You must have the ability to comfortably read and understand IT documentation written in English. Ideally, they have an IELTS score of 6.5 with no band less than 6 (or equivalent).

Note: You can register for this course without having undertaken an English test.

Lab Environment

This course teaches you how to setup and configure your own cybersecurity lab.

There are numerous advantages to creating your own cybersecurity lab rather than paying for one. The cost savings are perhaps the most evident benefit. When compared to the expense of licensing a pre-built lab, creating your own lab can save you thousands of dollars. You also have the option of customizing the lab environment to meet your specific requirements. You can, for example, select the hardware and software that will be used in your lab.

Another advantage of setting up your own cybersecurity lab is that it allows you to learn new skills. Building a lab from the ground up necessitates knowledge of networking, system administration, and other technical subjects. This experience is invaluable in your career as a cybersecurity professional.

We frequently see students who can complete a task in a pre-built lab but cannot complete the same task at work. This is because these labs are meant to lessen work complexity, thereby creating an illusion of personal capabilities. It's also worth noting that you'll be expected to set up your own lab to test tools and techniques in the workplace. Employers may give you the resources to set up virtual computers and networks, but it will be up to you to manage the lab environment and maintain your tools.

Finally, you should know that pre-built labs are not commonly licensed by top cybersecurity professionals. They've realized that setting up a lab is simple, efficient, adaptable, cost-effective, and that it sparks creativity. It also nullifies risk of performing unauthorized actions against systems provisioned by a third-party.

Aptitude Test (Optional)

This is an advanced course. It includes exercises for novices but assumes that they have competent IT skills and a strong understanding of cybersecurity concepts.

Aptitude Test:

If you're not sure if you'll be able to fully enjoy this course, then contact us via email to organize a free aptitude test. This test will determine whether you meet the course's basic baseline criteria. If you've never studied with us before, it will also introduce you to the MCSI Method™.

Why MCSI's Vulnerability Assessment Analyst Certification is World Class

why MCSI

Comprehensive Vulnerability Assessment Training

The MVAA certification equips participants with rigorous training in vulnerability identification, assessment methodologies, and mitigation strategies, preparing them for real-world cybersecurity challenges.

why MCSI

Specialized Focus on Security Assessments

MVAA-certified analysts gain in-depth knowledge of penetration testing, compliance auditing, and security assessments across web applications, software, hosts, and networks, enabling them to conduct thorough evaluations and vulnerability assessments.

why MCSI

Proficiency in Report Drafting and Communication

The MVAA certification emphasizes the development of industry-standard reports that effectively communicate findings, recommendations, and remediation strategies to stakeholders, ensuring clarity and actionable insights from vulnerability assessments.

Enrollment and Fees


Terms and Conditions

  • No discounts
  • No refunds
  • No transfers
  • No renewal fees
  • No hidden fees
  • No time limits
  • Exercises must be completed on MCSI's Online Learning Platform
  • You'll also be charged GST if you live in Australia

Cooling-Off Policy

Received a full refund if you changed your mind about a purchase within 24 hours. No questions asked. Read the full details here.

Don't Buy This Course

Don't buy this course if you think learning cyber security is simple, that it will only take a few hours, that remembering a few concepts from videos and books would be enough, or, that you should be provided with walkthroughs and solutions to practical problems instead of thinking critically for yourself.

Our competitors are misleading you by claiming that their video courses and open-book theoretical certificates will teach you everything you need to know about cyber security. We recommend that you stay away from our courses until you've realized that cybersecurity requires hundreds of hours of training against difficult challenges under the watchful eye of experts encouraging you to improve your weaknesses. Only then will you understand the value of this course and the benefits that the MCSI Method™ can bring to your career. We only want satisfied customers.

When purchasing a course, you acknowledge that you understand and agree with our 100% practical MCSI Method™: no solutions, no walkthroughs, and you're expected to use critical thinking and research to solve the exercises. If you're not sure how this work, try our free version before buying.

How does MCSI Compare?

If you are looking for a certification that will give you an edge in the job market, look no further than MCSI certifications. Thanks to our innovative approach, cybersecurity training is more affordable and effective than traditional methods.

Our pricing is more affordable than our competitors because we have reinvented how cyber training is done online. Our innovative Online Learning Platform is highly effective at teaching cyber security. The platform provides a more engaging and interactive learning experience than traditional methods, which helps students learn and retain skills better. Try the free version and see for yourself.

Enroll now with lifetime access for $1295

Bloom's Taxonomy

Bloom's Taxonomy is a system for categorizing distinct stages of intellectual growth. It is used in education to assist students comprehend and learn material more effectively. MCSI teaches students how to apply, analyze, evaluate, and create at the highest levels of the taxonomy. The majority of our competitors are simply concerned with getting you to remember concepts.

The intellectual developments outlined in Bloom's Taxonomy are directly tied to your capacity to advance in your cyber security career. Employers look for people who can solve challenges that are worth paying for. With us, you'll learn practical skills that are in demand and applicable to a wide range of cyber occupations.

Industry Recognized Skills

MCSI credentials are well-respected around the world, and organisations searching for people with real cyber security abilities seek them out. Obtaining an MCSI certification verifies your understanding of critical cyber security topics as well as your ability to provide real-world results.

The ability of MCSI's training programme to give students with real-world, hands-on experience is unrivalled. Students must conduct their own research and develop their own answers in order to complete our practical exercises, which are meant to give them the skills they need to be successful in the field.

With MCSI, you will build a comprehensive cybersecurity portfolio of your skills as you complete exercises. This portfolio is a powerful tool for displaying your cybersecurity knowledge and abilities. A portfolio, as opposed to typical resumes and paper-based credentials, presents a more thorough summary of your skills and accomplishments.

Students Feedback

Here's what students say about the MCSI Method™ and our Online Learning Platform:

Student Testimonials

Frequently Asked Questions

What is the MCSI Method™?

Common Questions

  • Are solutions included in certifications and bundles?
    • No. Our method of teaching cyber security consists of challenging you with real-world problem statements that you're expected to research and solve by doing your own research. This is how you'll be expected to work in the field. When you fail an exercise, we provide you with constructive feedback to improve and try again.
  • Do bundles, training content, or certificates ever expire? Am I expected to buy again in the future?
    • Upon purchase, bundles and certificates are permanently unlocked with no recurring or ongoing fees.
  • Do I need to buy the training and the certification separately?
    • No. The price provided covers both. You only pay once.
  • Do you offer any special offers and discounts?
    • We understand that many of our customers may be looking for discounts, and we would love to be able to offer them. However, we do not provide discounts because we believe that our prices are fair and reasonable. We work hard to keep our prices low, and we feel that discounts would be unfair to our other customers. We hope you understand.
  • If I can't solve the exercise where do I go for help?
  • Who reviews and marks exercises?
    • Trained cyber security instructors that work for Mossé Cyber Security Institute.
    • MCSI instructors are highly qualified and experienced professionals who are able to teach a variety of topics related to information security. They have the ability to tailor their teaching methods to meet the needs of each student, regardless of their experience level. In addition, they are always up-to-date on the latest trends and developments in information security, which enables them to provide students with the most relevant and current information.
  • We can't pay via credit card. Can you raise an invoice for wire payment instead?
    • Yes. Send us the list of bundles and certifications you want to purchase at [email protected]
  • Can I access a trial/demo the certification programmes prior to enrolling?
    • We provide a free curriculum with 100+ hours practical exercises you can try.
    • The Free Curriculum teaches Security Tools, Penetration Testing, Red Teaming, Threat Hunting, Cyber Defence, GRC and Windows Internals.
    • Try the Free Curriculum
  • Do you provide Continuing Professional Education (CPE) credits?
    • Yes. Every single exercise offers CPE credits. The number of credits earned depends on the difficulty of the exercise completed. Below are the CPE Credits achieve for an exercise in each difficulty:
    • Novice exercises = 1 CPE credits
    • Advanced Beginner exercises = 2 CPE credits
    • Competent exercises = 5 CPE credits
  • Do I need to complete an exam to receive MCSI Certification?
    • No. MCSI Certifications are completed by solving practical cybersecurity exercises.
  • Do I need to purchase cybersecurity tools or subscriptions?
    • No. Only free or trial versions are used in our exercises. You do not require making any purchases.

More Kind Words from Students

Enroll now with lifetime access for $1295


We'll respond within 24 hours

Visit our Frequently Asked Questions (FAQ) page for answers to the most common questions we receive.

Ready to learn hands-on cyber security skills online?

Try 100 hours for free