tech-studies

resources

1 min read

DevSecOps — resources

roadmap.sh: https://roadmap.sh/devsecops

Books

  • The DevOps Handbook (Gene Kim, Jez Humble, Patrick Debois, John Willis) — the foundational ops/flow mindset that DevSecOps builds security on top of.
  • Securing DevOps (Julien Vehent) — practical, end-to-end coverage of securing pipelines, services, and cloud infrastructure; maps closely to this roadmap.
  • Container Security (Liz Rice) — deep dive into how containers actually work and how to secure them, essential for the Docker/Kubernetes nodes.
  • Threat Modeling: Designing for Security (Adam Shostack) — the canonical reference for STRIDE and structured threat modeling.

Courses / practice

  • OWASP Top 10 — authoritative reference for the most critical web application security risks; pair with the AppSec nodes.
  • PortSwigger Web Security Academy — free, hands-on labs for web app vulnerabilities (SQLi, auth, access control) plus the Burp Suite node.
  • TryHackMe — DevSecOps & SOC paths — guided, gamified labs covering pipeline security, SIEM, incident response, and blue-team detection.

Graph View