practical-devsecops.com レビュー 717

I completed the CCNSE certification after 120+ hours of intensive hands-on labs. This isn't your typical multiple-choice exam - you're actually attacking and defending live Kubernetes clusters, covering container escapes to supply chain attacks.

What made this experience great: The practical approach is outstanding. Instead of memorizing theory, you're solving real-world security scenarios. The 6-hour practical exam was challenging but fair - it truly tests your ability to think like both attacker and defender.

What they're doing exceptionally well:

1. Real-world lab environments that mirror actual threats
2. Comprehensive coverage of cloud-native security domains
3. Exceptional customer support throughout my extended learning journey - the team was patient and encouraging despite my stop-and-start approach due to personal challenges
4. Quality materials focusing on fundamental security principles
5. Teaching you to switch between attacker/defender mindsets

Personal breakthrough: During the exam, I made zero progress for 1.5 hours and thought I'd fail. The breakthrough came when I embraced the attacker mindset: "What would an attacker do here?" Once I identified vulnerabilities, implementing defensive controls became clear.

Key takeaway: Complex cloud-native security comes down to fundamentals - least privilege, defense in depth, secure design. Understanding attackers clarifies defensive strategies.

This certification transformed my professional approach to cloud security with immediately applicable skills.

Complete course focus on the practice, covering all the domains.

Course has real world examples and scenarios, very clear and systematic approach.

The Certified Cloud-Native Security Expert course proved to be the best of the courses provided by Practical DevSecOps from those I've covered so far. The course serves as a good introduction to Cloud-Native tools, but also covers enough depth to allow those with some experience to potentially learn new things. With the variety covered as well, proactive learning after the course has been completed can be performed to further one's depth of knowledge in many areas, not only Cloud-Native specific.

Since the field of Cloud-Native is quite large, not every topic is discussed exhaustively. This is evident in the attacking Kubernetes section, where not all attack paths are fully explored. Instead, the per-requisite knowledge needed to discover vulnerabilities and attack paths are provided, so that you can build on with that knowledge.

The course should be approached with a pro-active mindset to make the best of it. This means asking questions and exploring topics / tools in further detail when you do not fully understand something. Although this is the approach that should be taken when learning, the course is somewhat lengthy, and it is easy to overrun the 2 months of lab time if you have a full time job. Some balance should therefore be taken with further exploration during the course. Where balance is not required is with note taking, as this will get you very far if you keep good notes!

Overall, the course was educational. The first few chapters will cover very basic information, but later chapters will start to cover the depth I've mentioned.

The course provides everything you want to know about threat modelling. Great place to learn about all the methodologies and tools including open source & commercial.

The CDP course is extremely well structured and full of valuable content. It gave me the confidence and technical insight to understand and implement a wide range of security tools into our development workflow.
These are tools that are actually used in real-world environments, and the course helped me see how to integrate them to strengthen our infrastructure security.

This initiative came as part of our department’s ongoing security improvements, my manager recommended the course so I could actively support the implementation of new security platforms alongside other team members.

The biggest change I’ve noticed is the way I now approach DevSecOps: I now think in terms of automated security checks, real-time scanning, and integrating these directly into CI/CD pipelines.

The hands-on labs really make a difference.

One thing to consider: if you're not too familiar with Linux, it might take you a bit longer to complete the exercises. But the course materials are clear, comprehensive, and designed to guide you through every step, both for learning and passing the certification exam.

Highly recommended for anyone looking to upskill in DevSecOps and apply it in a real-world setting.

I recently completed the Certified Cloud-Native Security Expert (CCNSE) course from Practical DevSecOps, and it was an excellent experience. The course provided me with a deep understanding of how Kubernetes works, how to identify and exploit misconfigurations, and most importantly, how to secure a Kubernetes cluster against such attacks.

Thanks to this course, I’ve gained hands-on experience that directly improved my capabilities in securing cloud-native environments. This knowledge has been incredibly valuable not only for my personal growth but also for my team and stakeholders who rely on secure and resilient infrastructure.

One of the most significant changes after completing the course is my ability to proactively assess and harden Kubernetes environments, which has helped improve our overall security posture.

Highly recommended for anyone seeking to acquire practical skills in cloud-native security.

— Volodymyr

Certified Threat Modeling Professional (CTMP) online self-paced training is an awesome platform to start with right from the basics of threat modeling through all the advanced tools and techniques used for threat modeling. This certification helped me achieved the required knowledge to start performing threat modeling right from the beginning and collaborate with teams. The labs deployed are a great platform to practice the tools and gives a full-fledged practical experience. The training might seem stretched and long but it is worth learning the interesting tools and techniques explained in simpler terms.
I would also take a moment to appreciate the support and help I received from the Mattermost channel, everyone is friendly and provides instance support whenever needed.
Talking about the examination, if one covers all the videos and labs properly from the training, one is good enough to appear and pass the examination. Also, the examination is based on practical approach which is the best part of this certification.

Certified API Security Professional (CASP) course was great! It enabled me to discover and learn about the technical aspects of API Security. The delivery of the theory content was on point and the hands-on lab helps to apply what was taught which helped the learning greatly. This course helped to boost my knowledge working as a security engineer and i highly recommend this to anyone who is interested or is in the application security space.

The Practical DevSecOps certification is an excellent starting point for anyone new to the world of DevSecOps. The course material is structured in a way that’s easy to understand, even for beginners, and it strikes a great balance between theory and hands-on learning. The labs are well-designed, offering practical scenarios that reinforce key concepts and make the learning process both engaging and effective.

The exam aligns closely with the course content, testing not just memorization but also your ability to apply what you’ve learned in real-world scenarios. It challenges you to think independently without feeling overwhelming, which is ideal for those starting their journey in this field. Overall, this certification provides a solid foundation in DevSecOps and is a great investment for anyone looking to build secure software development practices from the ground up.

Its course content is rich and easy to get started with. I think it's fantastic!

Let me know if you'd like a more formal or informal tone!

In my openion , focusing on this niche courses and skills is what's setting the company apart. These are very practical trainings that one can see use of in every organisation.

By taking the Certified DevSecOps Professional course, I’ve gained a much deeper understanding of DevSecOps, especially in implementing effective security scanning within CI/CD pipelines. The course also helped me build hands-on experience with integrating various security tools, automating vulnerability detection, and enforcing secure coding practices throughout the software development lifecycle. It has significantly strengthened my ability to design and maintain secure CI/CD workflows in real-world environments.

It is good having VMs in the labs. But the terminal were delay when typing which is kind of annoying. unable to access lab instructions after 60 days kind of misleading. I thought I will be unable to access lab VMs after 60 days but that also include lab instruction and the majority of the course content is in the lab instruction. The course were as expensive as enrolling a whole semester at university, I expected to be able to access course material, so at least I could setup my own VMs.

I love the Practical DevSecOps Institute courses, as they strike the perfect balance between theory and practice, plus they have labs featuring different technologies.
I've currently taken CDP, CDE, CTMP, CSSE, and CCNSE, and all of them have provided me with a wealth of knowledge that the industry currently demands.
CSSE, in particular, is a course that complements other courses such as CDP and CDE. It delves into supply chain attacks.The labs focus not only on defense but also hands-on how some attacks are are executed.

I recently completed the DevSecOps Professional certification, and I couldn't be more satisfied with the experience! The course content was comprehensive and well-structured, covering all essential aspects of integrating security into DevOps practices.

The course coverage on threat modelling is extensive. Includes the various approaches like list, goal (attacker), software based, specific techniques of each approach - STRIDE, both MITRE ATT&CK and CAPEC. Most importantly it teaches techniques and tools useful for threat modelling in today’s agile development paradigm. I believe most people from the course is ready to be productive in promulgating threat modelling g in the digital industry

I pursued the CTMP certification to become a better threat modeler and employ those skills in my current role. The course content was relevant and educational, and the exam was well prepared to help me show mastery of the material. Overall, I felt this was a beneficial effort and would recommend this course to any early career security professional

Overall, it was a great experience. The user-friendly interface and interactive platform made learning smooth and enjoyable. The practical DevSecOps team was also very responsive and helpful.

One area for improvement would be lab access post-expiration. It would be beneficial if students could still view lab commands after access ends, as many participants are working professionals and may need more flexible timing. Allowing pauses or extensions for platform access would greatly enhance the learning experience.

The materials provide was great , coming for someone that has limited devsecop experience. i gain a lot of experience that have increase my knowlege and skill set. This has help alot in my job.