Competencies: DevSecOps

DevSecOps

Overview

DevSecOps integrates security practices into the DevOps pipeline — shifting security left into development and deployment workflows. This domain covers secrets management, supply chain security, pipeline security, runtime security, and compliance automation.

Industry Frameworks

CISSP (Domain 8: Software Development Security) — secure SDLC
CKS (Certified Kubernetes Security Specialist) — container security
SLSA Framework — supply chain integrity
OWASP DevSecOps Maturity Model — pipeline security maturity

Subdomains

Subdomain	Topics	Personal Coverage	Avg Level
Secrets Management	18	High	Advanced
Runtime Security	16	Low	Beginner
Compliance as Code	16	None	—
Supply Chain Security	16	None	—
Pipeline Security	15	None	—