Table of Contents

• Overview
• Introduction to Requirements
• Basics
• Virtualization
• Type 1 Hypervisor (also known as Bare-Metal Virtualization)
• Type 2 Hypervisor (also known as Host-Based Virtualization)
• VirtualBox
• Training
• Downloads
• Linux
• Training
• Downloads
• First project
• Training
• Networking
• Training
• First project
• pfSense Firewall
• Training
• Products
• UniFi Network Equipment
• Training
• Products
• Git
• Training
• Intermediate
• Containers
• First project
• Training
• Downloads
• Pipelines
• Training
• Terraform
• Training
• Downloads
• Security (Compliance)
• Training
• Downloads
• Advanced
• Home lab
• ProxMox
• Training
• Downloads
• Raspberry Pi
• Training
• Downloads
• Products
• Kubernetes
• Training
• GitOps
• Training
• ArgoCD
• Training
• Flux
• Training
• ArgoCD vs Flux
• Resources
• System Incident and Event Management (SIEM)
• Wuzah
• Training
• Static Code Analysis
• Sonarqube
• Training

Overview

The best way to learn, in my opinion, is by playing with technology. These are some roadmaps that can help you focus your study.

Resource	URL
DevOps roadmap	https://roadmap.sh/devops
Cybersecurity roadmap	https://roadmap.sh/cyber-security
Terraform roadmap	https://roadmap.sh/terraform

Introduction to Requirements

I'm going to use this section to break off a little bit into systems development meta/theory. I'm going to touch on this stuff in later sections, so this is just to get you a little familiar with what requirements are before hand.

In software development, there are two types of requirements in systems development: functional (FR) and non-functional (NFR).

1. Functional Requirement: These are the things that can be directly interacted with by users. For example:
   • A user can log in to a website.
2. Non-Functional Requirement : These are qualities of the system that support functional requirements but don't require direct interaction. Using the above example, a NFR would be:
   • Ensure that the login form that the user fills out to login with is secure.

Operations (the Ops part of DevOps) focuses a lot on non-functional requirements.

NFR	Description
Accessibility	Ensures that the system is usable by people with disabilities, adhering to international accessibility standards.
Automation	Ensure attributes like speed, accuracy, repeatablity, and reliability, which are crucial for effective and safe operation.
Availability	Guarantees that the system remains available and accessible to users at all times, without significant interruptions or downtime.
Compatibility	Suggests that the system can be used across different platforms, hardware configurations, and software versions with minimal issues.
Compliance	Ensures that the system adheres to relevant laws, regulations, and industry standards, maintaining a high level of regulatory compliance.
Cost-effectiveness	Optimized resource utilization to minimize costs while ensuring performance and reliability.
Configurability	Facilitates changes to the system's configuration, enabling administrators to easily adapt it to changing requirements or new features.
Data quality	Ensures accurate data storage and retrieval, with minimal errors and inconsistencies.
Disaster recovery	Enables businesses to quickly recover their system from unexpected failures or disasters, minimizing downtime and ensuring business continuity.
Documentation	Provides thorough documentation of the system's architecture, components, and functionality, facilitating maintenance, support, and training.
Efficiency	Optimizes the system's performance and resource utilization to minimize costs, maximize productivity, and ensure high-quality output.
Extensibility	Allows developers to easily add new features, functionality, or services to the system without modifying its core structure, promoting scalability and flexibility.
Failure management	Manages and mitigates failures in a way that minimizes disruptions to users, ensuring business continuity and maintaining customer trust.
Flexibility	Enables changes to the system's design, components, or functionality without significant impact on existing functionality, facilitating future development and innovation.
Interoperability	Ensures seamless integration with other systems, software, or hardware, promoting collaboration, data exchange, and business continuity.
Maintainability	Facilitates routine maintenance, updates, and repairs of the system, ensuring that it remains stable, secure, and functional over time.
Performance	Optimizes the system's speed, responsiveness, and reliability to meet user expectations, minimizing latency, and ensuring a smooth experience.
Portability	Enables the system to run on different hardware platforms, operating systems, or software configurations without significant modifications or recompilations.
Robustness	Ensures that the system can withstand various types of failures or disruptions, such as hardware or software issues, with minimal impact on users and business operations.
Responsiveness	Guarantees fast and seamless interaction between the user and the system, ensuring a positive experience and minimizing wait times or errors.
Scalability	Facilitates growth and expansion of the system's functionality, capacity, or user base without significant changes to its underlying structure or configuration.
Security	Protects the system from unauthorized access, data breaches, or other security threats, maintaining confidentiality, integrity, and availability of sensitive information.
Stability	Maintains a consistent and predictable behavior, ensuring that the system operates reliably and consistently over time, without significant deviations from expected performance.
Supportability	Facilitates efficient maintenance, troubleshooting, and repair of the system, ensuring that issues are resolved quickly and minimally impacting business operations or user
Testability	Enables developers to easily verify and validate the system's functionality, identifying defects or bugs early in the development cycle, and reducing the risk of downstream problems.
Usability	Ensures that the system is easy to use, navigate, and interact with, meeting user needs for a positive and intuitive experience.
User experience (UX)	Enhances the overall user experience by providing intuitive navigation and clear communication of system features and functions.

Basics

This basics section will get you started in your learning. This section will go over:

1. Linux
2. Virtualization
3. Networking
4. Git

Learning the Linux operating system, as Linux is the foundation of most DevOps tools and infrastructure. You can install Linux in a few different ways:

1. Directly on a laptop or desktop
2. Install a hypervisor and install Linux in a virtual machine

The direct install option is nice, especially if you have a spare laptop or desktop computer that you can use to install the operating system on. If you only have one machine you technically could "dual boot" your computer, which means install two operating systems on one computer, but this can slow down your learning. You might end up in a situation where you need to go back and forth between operating systems, and this method would slow down your learning.

The alternative option is to use virtualization and install a hypervisor, which you use to install Linux to a new virtual machine. You will then be able to run Linux as if it is an application, within your current OS (i.e. Windows, MacOS, Linux). While slightly more complicated than installing to a second computer, virtualization is a technology that is foundational to cloud computing, so I HIGHLY suggest you use this option and learn how virtualization works. See the virtualization section to learn more.

Virtualization

Virtualization is the process of creating a software layer that mimics hardware resources, such as CPU, memory, and storage, to provide multiple operating systems or applications on a single physical machine. This allows for the creation of virtual machines (VMs), which can run multiple operating systems simultaneously without sharing the underlying hardware, thereby increasing resource efficiency and scalability. Virtualization uses software-based hypervisors, like VMware, Hyper-V, KVM, or VirtualBox, that manage the allocation and allocation of resources to each VM. Each VM runs its own operating system, isolated from other VMs, and shares a common physical infrastructure for storage, networking, and other services. This virtualization enables multiple virtual machines to run on a single physical server, improving performance, reliability, and cost-effectivenes in environments where physical hardware is limited or expensive.

• Non-Functional requirement improvements:
  • Efficiency: Enables multiple virtual machines (VMs) to run on one physical server, maximizing hardware use and reducing the need for additional physical servers.
  • Security: VMs operate in isolated environments, enhancing security by preventing interference between different applications or systems.
  • Disaster Recovery: Facilitates quick recovery by backing up VMs and re-deploying them on another server, minimizing downtime.

Type 1 Hypervisor (also known as Bare-Metal Virtualization)

A Type 1 hypervisor is a bare-metal hypervisor that runs directly on the host machine's hardware. It is the host's operating system, so it has less overhead than a Type 2 hypervisor.

• Characteristics:
  • Runs directly on the host hardware
  • No additional software or components are required to run the hypervisor
  • High performance and efficiency due to direct access to hardware resources
  • Limited by the host machine's hardware capabilities
• Advantages:
  • High performance, low latency, and efficient resource utilization
  • Suitable for high-performance computing applications, such as scientific simulations, data centers, and workstations
  • Can be more secure since there are no additional software dependencies
• Disadvantages:
  • Requires a separate, dedicated hardware platform (e.g., Intel VT-x or AMD-V)
  • Limited compatibility with older host systems
  • Requires manual management of the hypervisor installation and configuration
• Examples:
  • VMware ESXi: A popular, commercial-grade bare-metal virtualization platform used by enterprises for high-performance computing applications.
  • Microsoft Hyper-V: A virtualization software developed by Microsoft, that runs on Windows Servers.
  • KVM (Kernel-based Virtual Machine): An open-source, free bare-metal virtualization platform that runs on top of Linux operating systems.
  • Xen: A popular open-source, free bare-metal virtualization platform used in cloud computing environments and server virtualization.

Type 2 Hypervisor (also known as Host-Based Virtualization)

A Type 2 hypervisor is installed on top of an existing host operating system, to provide a virtualized environment for guest operating systems. It can be easier and more convientent to use than a Type 1 hypervisor, since it is just an application that installed on your computer.

• Characteristics:
  • Runs on top of an existing operating system
  • Requires a separate, additional software component (hypervisor)
  • Can be more cost-effective and widely supported than Type 1 hypervisors
• Advantages:
  • Easier to deploy and manage compared to Type 1 hypervisors
  • Can be used for development and testing environments without the need for a dedicated hardware platform
• Disadvantages:
  • May have slower performance due to additional software overhead
  • Limited flexibility in terms of resource allocation and management
  • May require additional configuration and setup
• Examples:
  • VirtualBox: A free, open-source software hypervisor developed by Oracle.
  • VMware Workstation Player: A commercial-grade, free version of VMware ESXi that runs on top of Windows operating systems.
  • Parallels Desktop: A commercial software hypervisor that runs on macOS.

VirtualBox

Installing VirtualBox (an open-source Type 2 hypervisor) will allow you to run an operating system inside your operating system and interact with like an application. Vagrant is an optional automation tool you can mess around with that you can use to script/automate the creation of VMs.

Training

Resource	URL
Virtual Machines Pt. 1	https://youtu.be/wX75Z-4MEoM

Downloads

Resource	URL
VirtualBox	https://www.virtualbox.org
Vagrant (Optional)	https://www.vagrantup.com

Linux

Linux servers operate most of the web applications on the internet. Some applications are also developed using .NET core (maintained by Microsoft), but the job postings for this technology is rare. Most jobs are looking for a Linux (i.e. Alpine/Debian/Ubuntu) skill set, so getting very familiar with Linux with be beneficial. I suggest Ubuntu because it's very popular and will have lots of documentation and video walkthroughs created for it. I also suggest NOT using the desktop version, if possible, and getting VERY comfortable with the server version, which is the command line only. No server I setup ever has a desktop installed on it.

NOTE: I understand that the Introduction to Linux video below is VERY long. If your Linux skills are limited or non-existent, this technology is a foundational to cloud computing (along with virtualization). 85.5% of all web servers use a Unix (Linux is considered a "Unix-like" operating system) based OS (Linux itself is 47.9% of that 85.5%), compared to 14.8% for Windows servers.

Training

Resource	URL
Introduction to Linux – Full Course for Beginners	https://youtu.be/sWbUDq4S6Y8
Learn Linux CLI	https://linuxjourney.com

Downloads

Resource	URL
Ubuntu Linux	https://ubuntu.com/download/server

First project

A big challenge of learning new technology is figuring out a project to do. It's the problem with unknown unknowns. One of the first ones I suggest is installing a LAMP stack. The LAMP (Linux, Apache, MySQL, PHP) stack is a suite of applications that can run a bunch of different applications written in PHP. The reason I pick this one is the stack has been around for years, so lots of guides and tutorials exist to help.

Keep in mind, a LAMP stack is just a suite of applications to run a web application, and an application isn't included. Once you have a LAMP stack installed and operating, a good first application to get running is WordPress. WordPress is a popular blogging software, written in PHP and uses a MySQL database. Again, lots of installation guides are written for it, due to its popularity.

Training

Resource	URL
What is a LAMP stack?	https://youtu.be/tzBgFog6NmY
Setting Up a LAMP Stack on Ubuntu 24.04 Server	https://youtu.be/d7Kkbyb1TjQ
LAMP stack	https://www.digitalocean.com/community/tutorials/how-to-install-lamp-stack-on-ubuntu
Install WordPress on Ubuntu 22.04 LTS	https://youtu.be/18rfWZYbS7o
WordPress	https://developer.wordpress.org/advanced-administration/before-install/howto-install

Networking

Networking is essential for cloud engineers because it forms the backbone of how cloud systems communicate and function. It's like the pipes that allow data to flow between servers, applications, and users. Without effective networking, cloud engineers couldn't securely connect resources or manage traffic, which would make deploying and scaling applications impossible. Plus, a well-designed network ensures security with tools like firewalls and VPNs, protects against threats, and supports automation for efficient management. Good networks also enable scalability, allow for trouble-shooting issues, and ensure business continuity through disaster recovery. In short, networking is the key to making cloud systems reliable and effective.

Training

Resource	URL
How to Pass Your N10-008 Network+ Exam	https://youtu.be/As6g6IXcVa4?list=PLG49S3nxzAnlCJiCrOYuRYb6cne864a7G

First project

NOTE: You don't have to build out a custom network immediately. This is more of a longer-term aspiration, since these projects cost money. While I HIGHLY recommend the project to get more networking hands-on experience, you can postpone it until you have the financial means. The more important lessons are in the training video above.

Once you have an understanding of how network equipment works, there are a few different projects you can do to expand your learning. A pfSense firewall will be a cheaper project, as you will still be using your old router for wireless and as a switch. The UniFi project will be more expensive, since you're building an entire network from scratch, but it will give you more hands on experience with different types of networking equipment.

pfSense Firewall

This project will use your current wireless setup, but you will start using your pfSense as a firewall/router. If you have your own spare computer, you can install pfSense on it and run it off that. You would likely need to buy a second NIC card for it, since you need to have a WAN in and a LAN out, and most computers only have one ethernet port. They also sell low power appliances with pfSense pre-installed on them. I would recommend either the Netgate 2100 or the Netgate 4200, depending on your bandwidth requirements. The 2100, in router mode, has a max bandwidth of 1Gbps, while the 4200, has a max bandwidth of 8.2Gbps. For example, Fios has 2Gbps plans that would need the 4200 model to take advantage of the available bandwidth.

Training

Resource	URL
Getting started with pfsense 2.4 Tutorial: Network Setup, VLANs, Features & Packages	https://youtu.be/fsdm5uc_LsU?list=PLjGQNuuUzvmsuXCoj6g6vm1N-ZeLJso6o

Products

Resource	URL
Netgate 2100	https://shop.netgate.com/products/2100-base-pfsense
Netgate 4200	https://shop.netgate.com/products/4200-pfsense

UniFi Network Equipment

While more expensive, UniFi networking equipment is what I run in my home. It is designed for small and medium sized businesses, but not as expensive as enterprise networking equipment (i.e. Cisco, Juniper, etc.), where a single switch can cost several thousand dollars. For me, I find it the right balance of being very flexible, while not requiring a CCNA to administer. The software you use to configure UniFi equipment is called the UniFi Network Application, which is a Software-Defined Networking (SDN) controller and web interface. What an SDN controller does is communicate with networking equipment via an API to push configuration updates to the networking equipment connected to it. For example, you would add a new firewall rule in the UniFi Network Application, which then will connect to your firewall appliance and update the firewall rules for you.

Below is an example of a small, base network. Depending on how you want to setup your home network, you might want different/more equipment. For example, if your home is large, or has multiple floors, you might want a wireless access point (WAP) per floor. The switch I selected also has PoE (Power over Ethernet), which allows network devices like WAP's and Camera's to be powered via the Ethernet cable. Otherwise, you would need a power injector for each device that needs power.

The last item that is needed would be the UniFi Network Application (or console) itself. There are two options: buy a CloudKey+ or roll your own server. The "roll your own server" is the one I recommend, as the application has a Docker container image and easily runs in a VM or on a Raspberry Pi. The intermediate section of this guide has training on Docker.

NOTE: This is just a single example of a small home network. There are many other types of configurations that you can use that would also be valid. I selected these parts specifically because they support 2.5Gbps, PoE, and WiFi 7, which is a newer standard and won't become obsolete as quickly. They also are avoiding components that combine different devices into a single device. The point of this exercise is to get experience with multiple types of equipment, so I was avoiding all-in-one devices. You might be able to fine 1Gbps equipment, non-PoE, and WiFi 6 equipment for cheaper, but it's usually only $20-$30 cheaper, so getting the upgraded equipment is usually worth being a little be more expensive and future proofing your network.

Training

Resource	URL
Unifi Network Complete Setup 2024	https://youtu.be/krhsZWnAxVc?t=40
UniFi Network BEGINNERS Configuration Guide | 2024	https://youtu.be/yWlvuwq5AXE
UniFi Basics: Start the Right Way Without Breaking the Bank!	https://youtu.be/eVlavqMN9vI
UniFi Basics: Initial Setup Made Easy	https://youtu.be/TiW2EPzWEm8
Docker Container	https://docs.linuxserver.io/images/docker-unifi-network-application

Products

Resource	URL	Price
Gateway Max	https://store.ui.com/us/en/pro/category/all-cloud-keys-gateways/products/uxg-max	$199.00
Flex 2.5G PoE	https://store.ui.com/us/en/category/all-switching/products/usw-flex-2-5g-8-poe	$199.00
U7 Pro	https://store.ui.com/us/en/pro/category/all-wifi/products/u7-pro	$189.00
Subtotal		$587.00
CloudKey+ (Optional; Unifi Network Application can run in Docker)	https://store.ui.com/us/en/pro/category/all-cloud-keys-gateways/products/uck-g2-plus	$199.00
Total		$786.00

Git

Git is a collaboration versioning tool, that allows you to change source code files, along with the history of changes, in a repository. This can allow developers to review changes to code and see the difference (diff) of the files changed from one save (called a commit) to another. Having a history of changes also allows developers to revert changes if, for example, an update introduced bugs. Popular Git hosting services are GitHub, GitLab, CircleCI, and BitBucket.

Training

Resource	URL
Git Tutorial for Beginners: Learn Git in 1 Hour	https://youtu.be/8JJ101D3knE

Intermediate

This intermediate section dives deeper into technologies. This section will go over:

1. Containers
2. Pipelines
3. Terraform
4. Security (Compliance)

Now that you have some experience with the basics of Linux, we can move on to some more intermediate technologies. This next section will suggest learning containerization, git, pipelines, Terraform, and an introduction to security concepts.

Virtualization and containerization touch on many of the same NFR's: efficiency, interoperability, operability, portability, security, and supportability, it's just that containers meet these NFRs better than virtualization. For example, both support portability, as both a VM and a container can be saved as a file. Containerization is more portable, as the file size is significantly reduced, since you're not saving a whole operating system to a file, just an application. Depending on the system use case, you can better satisfy NFR's with containerization.

Containers

Containers are lightweight alternatives to virtual machines (VMs), designed to encapsulate applications and their dependencies in a self-contained environment. Unlike VMs, which require significant resources due to full OS emulation, containers share the host system's kernel and file system, allowing for efficient resource utilization. This shared resource model makes containers ideal for running web applications and services that do not need heavy hardware emulation. Containerization is the process of packaging these applications into container images, ensuring consistent environments across different platforms by bundling all necessary components together. Tools like Docker are widely used to create and manage containerized applications, facilitating easier distribution and deployment with reduced resource consumption, making it a popular choice for developers and organizations seeking efficient, portable solutions.

• Non-Functional Requirement improvements:
  • Consistency: Containers ensure that applications run uniformly across different platforms by bundling all necessary components into a single image. This consistency is beneficial for both development and testing, as it reduces the risk of discrepancies between development and production environments.
  • Cost-Effectiveness: Organizations can reduce infrastructure costs by running multiple containers on a single host machine, optimizing server utilization and minimizing the need for expensive physical servers.
  • Efficiency: Containers use fewer resources such as CPU, memory, and disk space compared to VMs because they share the host operating system's kernel. This makes them ideal for environments where resource constraints are a concern or when running multiple instances simultaneously.
  • Portability: The ability to easily move an application from one platform to another without worrying about compatibility issues or dependency conflicts makes containers highly portable. By shipping container images, deployment becomes straightforward and less error-prone.
  • Security: While concerns about security exist due to the shared host OS kernel, many container technologies, like Docker, offer isolation features that prevent one container from accessing resources allocated specifically for others, enhancing overall security.
  • Testability: Containers facilitate smoother testing processes by allowing developers to simulate production environments during the development phase. This helps in identifying issues related to environment differences early in the process.

First project

A good first project for Docker is running a Pi-Hole server. Pi-Hole is an ad blocking DNS server. Not only does it give you experience with DNS, a very common protocol used on nearly every computer system, but it's great for running in your home network, as it can block advertisements and other types of malware.

Training

Resource	URL
Virtual Machine (VM) vs Docker	https://youtu.be/a1M_thDTqmU
Docker Crash Course for Absolute Beginners	https://youtu.be/pg19Z8LL06w
Docker for Beginners	https://youtu.be/pTFZFxd4hOI

Downloads

Resource	URL
Docker Desktop	https://www.docker.com/products/docker-desktop
PiHole	https://pi-hole.net

Pipelines

Pipelines are the glue that moves raw source code to a runnable/running application. In DevOps, a pipeline refers to an automated workflow that integrates Continuous Integration (CI) and Continuous Delivery (CD) processes. This streamlined pathway allows for efficient software development and deployment by automating the build, test, and delivery stages. By combining these practices, pipelines enable rapid delivery of new features while maintaining reliability through automated testing and quality checks. Tools like Jenkins or GitHub Actions facilitate the creation of these workflows, enabling teams to collaborate effectively across development and operations without manual intervention. This approach aligns with the DevOps culture of automation and monitoring, ensuring faster, safer, and more consistent software updates.

• Non-Functional Requirement improvements:
  • Cost-effectiveness:
    • Resource Utilization: Uses containerization (e.g., Docker) to optimize resource usage, minimizing infrastructure costs.
    • Cloud Cost Management: Implements cost-effective cloud solutions like AWS EKS or Google Kubernetes Engine to manage expenses.
  • Flexibility:
    • Rapid Experimentation: Utilizes feature flags and canary deployments to quickly test new ideas without impacting the main application.
    • Agile Development Cycles: Follows Agile practices with shorter sprints, enabling quick responses to changes in requirements.
  • Reliability:
    • Automated Testing: Integrates test automation frameworks (e.g., Selenium, JMeter) to ensure quality at each stage of development.
    • CI/CD Pipelines: Automates build, test, and deployment pipelines to maintain consistent software reliability.
  • Scalability:
    • Horizontal Scaling: Uses containerization (e.g., Docker) and orchestration tools (e.g., Kubernetes) to scale applications up or down based on demand.
  • Security:
    • Automated Security Scanning: Implements tools like SAST (Static Application Security Testing) and SCA (Supply Chain Attacks) to identify vulnerabilities early in the development process.
    • Compliance with Standards: Ensures adherence to security standards like GDPR, HIPAA, PCI-DSS through automated checks and continuous monitoring.
    • Load Balancing: Distributes traffic evenly across servers to optimize performance and reduce overload.
  • Security:
    • Automated Compliance Checks: Uses tools like SonarQube or Checkmarx to automate code checks for security vulnerabilities and coding standards.
    • Audit Trails and Reporting: Maintains detailed logs of user activities, access controls, and system changes for auditing purposes.
  • Testability:
    • Automated Feedback Loops: Integrates feedback mechanisms into CI/CD pipelines to continuously improve processes based on test results.
    • Adaptive Scaling: Uses A/B testing frameworks (e.g., Optimizely) to adapt features in real-time, optimizing user experience based on performance data.

Training

Resource	URL
GitHub Actions	https://youtu.be/eZcAvTb0rbA

Terraform

Terraform (or OpenTofu) is an Infrastructure-as-Code (IaC) that allows you to deploy infrastructure (i.e. networking, compute resources, storage, databases, etc.) from a source code file, which is great for a couple reasons. For security, it's great because you can commit the infrastructure code to Git and have a history of all infrastructure changes (change management). The code being in Git also allows the use of a pipeline to automatically deploy said changes. It also satisfies the security need of a disaster recovery plan, allowing infrastructure to be re-deployed in a repeatable, consistent manner. It also is much faster than creating infrastructure by hand, since the computer can parse the resources in Terraform files and create/destroy resources faster than you can click around the cloud service's user interface.

• Non-Functional Requirement improvements:
  • Automation: Automates infrastructure deployment, reducing manual processes and operational toil.
  • Compliance: Aids in meeting regulatory standards (e.g., GDPR, HIPAA) by providing documented, versioned configurations.
  • Consistency: Ensures uniform infrastructure configurations across environments, reducing drift and variability.
  • Modularity: Allows breaking down of infrastructure into reusable modules, enhancing maintainability and manageability.
  • Portability: Generates code in multiple languages, allowing infrastructure to be moved across various environments effortlessly.
  • Risk Mitigation: Reduces risks through version control and configuration consistency, enabling easier rollbacks and error reduction.
  • Scalability: Facilitates management of large workloads with abstraction from manual coding complexity, enabling easier scaling up or down.
  • Security: Provides secure practices through variable substitution and module isolation to prevent configuration errors and enhance compliance.
  • Testability: Incorporates check runs to validate configurations pre-deployment, ensuring higher reliability.
  • Usability: Features an accessible CLI and web interface, making it user-friendly without deep technical expertise.
  • Version Control: Maintains a detailed history of changes, enhancing accountability and traceability for governance.

Training

Resource	URL
Terraform 101	https://youtu.be/nvNqfgojocs

Downloads

Resource	URL
OpenTofu	https://opentofu.org

Security (Compliance)

Every project I work on follows most of the NIST SP 800-53 and NIST SP 800-171 security controls. The National Institute of Standards and Technology Special Publication 800-53 and Special Publication 800-171 are essential frameworks for organizations aiming to enhance IT security, particularly within the U.S. government and other sectors that require robust cybersecurity measures. SP 800-53 provides a comprehensive set of controls designed to safeguard information systems and data from various threats, covering areas such as access control, authentication, encryption, and more. These controls help organizations manage risks effectively, ensuring compliance with legal and regulatory requirements, protecting sensitive information, and maintaining business continuity.

SP 800-171 extends these principles by focusing on the secure development of systems, emphasizing code quality and secure coding practices to prevent vulnerabilities. Together, both standards provide a holistic approach, guiding organizations in securing their systems both during operation and development phases. Compliance with these guidelines not only meets legal obligations but also fosters trust among stakeholders, customers, and partners by demonstrating a commitment to security best practices. For anyone new to IT, understanding and implementing these standards is crucial for building secure and resilient systems.

A Security Technical Implementation Guide (STIG) is like a detailed recipe for setting up and maintaining secure systems. It provides step-by-step instructions based on security standards, such as those from the National Institute of Standards and Technology (NIST), ensuring that organizations implement controls effectively. Think of it as a checklist or manual that helps protect information, maintain integrity, and comply with necessary security protocols, making it essential for anyone managing secure environments, whether in federal agencies or private sectors handling sensitive data.

The SY0-601 Security+ video will give you a overview of the content on that CompTIA exam. This course will touch on a large variety of security releated topics. Taking the exam itself isn't necessarily required, but some positions can require the certification.

Training

Resource	URL
How to Pass your SY0-601 Security+ Exam	https://youtu.be/9NE33fpQuw8?list=PLG49S3nxzAnkL2ulFS3132mOVKuzzBxA8
Intro to STIG's & STIG Viewer	https://youtu.be/DCx5ZFERJz8M

Downloads

Resource	URL
NIST SP 800-53	https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final
NIST SP 800-171	https://csrc.nist.gov/pubs/sp/800/171/r3/final
STIG viewer	https://stigviewer.com
Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide	https://www.stigviewer.com/stig/canonical_ubuntu_20.04_lts/

Advanced

The advanced section goes over more advanced topics in DevOps, along with some cool applications you can deploy.

1. Home lab
2. Kubernetes
3. GitOps
4. System Incident and Event Management (SIEM)
5. Static Code Analysis

By this point, it's probably a good idea to think about building a home lab. This section also introduces the more advanced containerization system, Kubernetes, which is a container orchestrator. In the previous section, I mentioned some non-functional requirements that containerization can fulfill better than virtualization. With some additional complexity due to additional abstraction, Kubernetes can satisfy the same NFR's as containerization, while adding support for additional ones: availability, dependability, deployability, efficiency, flexibility, performance, reliability, responsiveness, robustness, scalability, and stability. Once you get into the training materials, you will understand why.

Home lab

As we've talked about, virtualization allows you to create virtual servers, but you will probably eventually want have some software and tools running that don't shutdown when your computer is off (when your computer is off, VirtualBox is off). AWS (or any cloud service) charges you for resources, which can add up in monthly, re-occurring costs. Building an efficient home lab can help you offset them. While the initial out-of-pocket cost is higher, this will be offset after a few months, depending on the scope of the projects you're working on.

ProxMox

One option, if you have an old computer lying around, you could install ProxMox, a type 1 hypervisor. As mentioned in the Virtual Machines Pt. 1 video in the VirtualBox section, a type 1 hypervisor, like a type 2 hypervisor, runs virtual machines. The difference is that a type 1 hypervisor isn't an application, but a minimal OS designed only to run VMs. When running a type 2 hypervisor, you have resource overhead of the personal operating system. For example, if you run VirtualBox on a Windows laptop, you're losing resources to Windows to run all the services and programs that Windows is running.

Training

Resource	URL
Virtual Machines Pt. 2	https://youtu.be/_u8qTN3cCnQ

Downloads

Resource	URL
ProxMox	https://www.proxmox.com/en/downloads

Raspberry Pi

Another option is a Raspberry Pi. Raspberry Pi's are low powered, system on a chip (SoC) computers that are a little bigger than a credit card. Larger computers use a lot of electricity and generate a lot of heat, so having a power/heat efficient computer you can work on is a great option. Raspberry Pi's are also very popular, so lots of software and guides have been written for them. DietPi is based on Debian Linux (Ubuntu is also based on Debian), but optimized for the Raspberry Pi. For example, the Raspberry Pi uses a MicroSD card for its hard disk, which aren't designed for the constant reads and writes that an operating system will do. DietPi will write logs to the RAM of the Raspberry Pi, fill up a cache, then write the logs in one big patch once, lowering the wear and tear on the SD card, allowing it to last longer.

Training

Resource	URL
How to Install Diet Pi on a Raspberry Pi EASY - FOR BEGINNERS	https://youtu.be/mcK9pwhORc8

Downloads

Resource	URL
DietPi	https://dietpi.com

Products

Resource	URL
Raspberry Pi @ Amazon	https://www.amazon.com/stores/page/C5EC38DE-DD63-46F0-9F26-19DEE3ABF93D

Kubernetes

Kubernetes significantly enhances Docker by providing an orchestration layer that manages containers efficiently. While Docker simplifies packaging and deploying applications into containers, Kubernetes automates the scheduling, scaling, and resource management of these containers across a cluster. It groups containers into pods for consistent resource allocation, employs replication controllers to maintain service copies, and self-heals by restarting crashed containers. Kubernetes also enables rolling updates and rollbacks, ensuring smooth deployments and maintaining application stability. By integrating with CI/CD pipelines and monitoring tools, Kubernetes streamlines the development workflow. This orchestration enhances container management, making it easier for DevOps practitioners to handle complex environments efficiently.

k3s is a stripped-down version of k8s. It's designed to run on a Raspberry Pi or similar single-board computers. Once you get comfortable with containers, you can get a total of three Raspberry Pi's to run as a cluster in your home lab: one master node and two worker nodes.

• Non-Functional Requirement improvements:
  • Automation: Automates tasks such as scaling, deployment, and rollback, reducing the need for manual intervention.
  • Availability: Self-Healing automatically detects and mitigates issues like crashed containers or unresponsive nodes, ensuring high availability and reducing downtime.
  • Efficiency: Kubernetes dynamically allocates resources to ensure optimal utilization without overloading any single machine.
  • Extensibility: Integrates with monitoring tools and CI/CD pipelines, making it adaptable to various environments and workflows.
  • Fault Tolerance: Recovers from failures by redistributing workloads and restarting services, ensuring robustness.
  • Performance: Load balancing distributes traffic efficiently across nodes, improving performance and user experience.
  • Scalability: Kubernetes efficiently manages and scales applications by distributing containers across multiple nodes, making it suitable for large-scale deployments.
  • Security: Provides security policies and isolation mechanisms between containers, enhancing overall system security.

Training

Resource	URL
Kubernetes for Beginners	https://youtu.be/X48VuDVv0do
Mastering Kubernetes: Workloads APIs	https://youtu.be/U6weXlzQxoY
Mastering Kubernetes: Service and Network APIs	https://youtu.be/-1H0BeN9hIk
k3s	https://youtu.be/2LNxGVS81mE
Setting up a Raspberry Pi 4 Kubernetes k3s Cluster	https://youtu.be/qkRQj-CN65g

GitOps

GitOps is a modern approach to Continuous Integration (CI) and Continuous Deployment (CD) that streamlines the deployment of infrastructure as code (IaC), automating the provisioning, configuration, and management of cloud-based resources using Git. By leveraging Git as a version control system for infrastructure, organizations can manage their IT environments more efficiently, reducing manual effort and error-prone processes associated with traditional IaC methods. GitOps also enables teams to collaborate on infrastructure changes in real-time, while ensuring that changes are reproducible, secure, and meet specific business requirements. With GitOps, organizations can deploy new or updated infrastructure versions with ease, while maintaining a consistent and scalable architecture across multiple environments.

Training

Resource	URL
What is GitOps, How GitOps works and Why it's so useful	https://youtu.be/f5EpcWp0THw

ArgoCD

ArgoCD is an automation platform that enables organizations to manage their cloud-native application portfolios through a single, unified interface. ArgoCD is a Kubernetes-based tool that integrates with popular CI/CD pipelines and provides a robust set of features for automating deployment, scaling, and management of applications across multiple clouds, such as AWS, GCP, or Azure. With ArgoCD, developers can create, manage, and orchestrate their cloud-native infrastructure in a single place, while ensuring consistency, security, and scalability across all environments. The platform offers advanced features like Helm charts, deployment hooks, and Kubernetes integrations, making it an ideal solution for organizations looking to simplify their cloud-native application management workflows and increase efficiency in the deployment and operation of modern applications.

Training

Resource	URL
ArgoCD Tutorial for Beginners	GitOps CD for Kubernetes
Let's do GitOps in Kubernetes! ArgoCD Tutorial	https://youtu.be/Yb3_4PZX0B0

Flux

Like ArgoCD, Flux is a continuous integration (CI) and continuous delivery (CD) platform designed for building, testing, and deploying software applications. Flux is an open-source tool that integrates with popular CI/CD tools like Jenkins, GitLab CI/CD, and CircleCI, allowing developers to automate the entire development-to-production process.

Training

Resource	URL
Flux GitOps Tutorial - DevOps and GitOps for Kubernetes	https://youtu.be/PFLimPh5-wo
Introduction to Flux CD on Kubernetes	GitOps
Building with FluxCD and Kubernetes	https://youtu.be/2CCZ8fcLyGk

ArgoCD vs Flux

• Argocd
  • Pros:
    • Easier to learn: ArgoCD has a more straightforward API and a gentler learning curve.
    • Faster time-to-market: Developers can deploy applications faster with ArgoCD, thanks to its streamlined pipeline.
    • Better support for Kubernetes: ArgoCD is tightly integrated with Kubernetes, making it an excellent choice for cloud-native applications.
  • Cons:
    • Limited customization options: While ArgoCD offers some customizability, it's not as flexible as Flux.
    • Dependent on Kubernetes: ArgoCD requires a Kubernetes cluster to function, which may limit its deployment options in certain scenarios.
• Flux
  • Pros:
    • More customization options: Flux provides more flexibility and customization options for users.
    • Better support for external CI/CD tools: Flux is designed to work seamlessly with other CI/CD tools like Jenkins, GitLab CI/CD, and CircleCI.
    • Easier integration with Kubernetes: Flux integrates well with Kubernetes, making it a great choice for cloud-native applications.
  • Cons:
    • More complex API: Flux has a more complex API than ArgoCD.
    • Slower time-to-market: Users may need to spend more time setting up and configuring Flux pipelines.
    • Less support for Kubernetes: Flux requires a separate installation of the Kubernetes client library, which can be a drawback.

Resources

Resource	URL
Comparing GitOps: Argo CD vs Flux CD, with Andrei Kvapil	https://youtu.be/4RVe32xRITo
ArgoCD vs. Flux - The Battle of GitOps	https://youtu.be/b0FeMb3jiJ4

System Incident and Event Management (SIEM)

A SIEM is a tool that helps organizations monitor and analyze the flow of data from various sources to detect, identify, and respond to potential security incidents or events.

• Components

  1. Data Collection: The SIEM collects logs and data from multiple systems, including:
     • Network devices
     • Application servers
     • Database instances
     • End user endpoints
  2. Data Preprocessing: The collected data is preprocessed to remove noise and irrelevant information.
  3. Indexing: A comprehensive index of the preprocessed data is created, which enables fast and efficient searching for specific patterns or anomalies.

• Functionality

  1. Event Detection: The SIEM detects potential security incidents or events by analyzing the preprocessed data and comparing it with known patterns or rules.
  2. Incident Response: If a detected incident meets predefined criteria (e.g., severity, impact), the system triggers an automated response process to contain and mitigate the incident.

Wuzah

Commercial SIEM software is expensive. A popular enterprise SIEM is Splunk, and while it has a free version that, it limits you to 500 MB of data a day. A basic license is around $2000/yr, which doesn't include the traffic to the SIEM. Alternatively, an easy to use, open source solution does exist: Wuzah.

Wuzah has agents that are install on your network endpoints and will begin collecting events, giving you a variety of endpoint security (configuration assessment, malware detection, and file integrity monitoring), threat intelligence (threat hunting, log analysis, and vulnerability detection), security operations (incident response, regulatory compliance, and IT hygiene), and cloud security (container security, posture management, and workload protection).

Training

Resource	URL
this Cybersecurity Platform is FREE	https://youtu.be/i68atPbB8uQ
Secure Your Self-Hosted Network with Wazuh	https://youtu.be/IP7zPeMEuL8

Static Code Analysis

Static code analysis is the process of examining code written in a language such as Java or C# without executing it, using automated tools that analyze syntax, semantics, and behavior to identify potential errors, security vulnerabilities, and areas for improvement. By running static analysis on code before it's compiled, developers can catch issues like null pointer exceptions, dead code, and refactoring mistakes early in the development process, reducing the likelihood of downstream problems and improving overall code quality.

Sonarqube

Sonarqube is comprehensive quality assurance and continuous integration (CI) tool designed to automate and streamline the testing, review, and deployment process for software development projects. SonarQube is an open-source platform that uses sonar-like techniques to analyze code and provide detailed reports on code quality, security, and performance issues. The tool offers a wide range of features, including code coverage analysis, vulnerability scanning, test case management, and automated testing frameworks. With SonarQube, developers can quickly identify and fix defects, improve code maintainability and scalability, and reduce the risk of downstream issues through continuous integration and delivery (CI/CD) pipelines. By automating testing and feedback loops, SonarQube enables organizations to move faster from development to deployment, while also improving overall software quality and reliability.

Training

Resource	URL
How To Sonarqube Setup From Scratch And Code Analysis	https://youtu.be/6vdRvz_LnbQ
Dockerized SonarQube – Code Quality and Code Security	https://youtu.be/PgHIVt_S6PE