Certified DevSecOps Professional (CDP) Review — My Journey, Preparation and Exam.

Ayoub NAJIM 🛡️🇲🇦☁️
7 min readJan 12, 2023

Hello fellow DevSecOps Engineers, Software Developers, Appsec and Security Researchers, hope you guys are all happy and doing well. This blog is about my honest review of a highly demanded and respected certification from Practical DevSecOps. I feel immense pleasure to announce that I have recently passed the CDP exam on my first attempt.

Table of Contents:

  1. What is CDP ?
  2. The Intended Audience for CDP
  3. How I Decided to go for CDP Certification ?
  4. How I prepared Myself Ready for CDP ?
  5. Story Time!! How I went through the CDP Exam ?
  6. My Personal Advice for CDP Students
  7. Resources used for Preparation
  8. Final Note…

What is CDP ?

CDP Badge

This certification focus on learning DevSecOps practically. It teachs you all what you need to become a DevSecOps Specialist.

The CDP certification brings you through a collection of stage and maturity stages to develop the company into a DevSecOps culture. The following topics will be discussed as part of the course:

  1. Secure SDLC and CI/CD pipeline
  2. Software Component Analysis (SCA)
  3. Static Analysis(SAST) in CI/CD pipeline.
  4. Dynamic Analysis(DAST) in CI/CD pipeline.
  5. Infrastructure as Code and its security features.
  6. Compliance as Code
  7. Vulnerability Management

The CDP exam is 12 hours hands-on + 24 hours of reporting.

The intended audience for CDP

Security researchers, DevOps enginners, application developers, software developers, penetration testers, Cloud/Infrastructure engineers and anyone who wants to improve their DevSecOps skills.

How I decided to go for CDP Certification ?

During my engineering studies I had the chance to study Network/Systems administrations, also I did some internships on Software and Web development, but my passion to Offensive Security never died since my childhood when I was a script kiddie. So I decided to combine between these areas. In addition, I was well aware that everyone is moving towards “Everything as a Code”, be it infrastructure, compliance, SAST/DAST, etc. And Knowing how you would integrate security in DevOps is one of the skills that you want to learn. I went through few hours of online courses in LinkedIn Learn, Udemy, Bootcamps. But, I was not confident enough to say that I know DevSecOps and can visualise the whole flow.

One fine day, a DevSecOps Expert advised me to check for CDP, I started checking the course contents of Practical DevSecOps for CDP certification. It just deals with real-world scenario step by step. And that caught my attention.

How I prepared Myself Ready for the Exam ?

It took me around 60 days to complete the course, learning around 2–3 hours on regular basis for 8 weeks and repeating the labs 2–3 times helped me to pass the CDP Certification exam. Here is my badge at Credly, which I achieved on 11/01/2023.

Ansible, Inspec, IaC and vulnerability management were really new for me. So I followed the tutorials and references mentioned in video course.

Please note that I was aware and comfortable with Linux, docker, SAST, DAST, Web Security and knew the basics of DevSecOps which made it easier to follow through the courses. But if you novice in all these then I would recommend to learn at least :

  1. Necessary docker commands.
  2. Gitlab cicd documentation, anyways they explained it well in the course.
  3. OWASP Top 10.
  4. Understand how ssh works and possible passwordless ssh
  5. Follow it’s manual and instructions as it is mentioned, it would make you to learn comfortably and faster.

Story Time!! How I went through the CDP Exam ?

I planned to pass the exam on 01/01/2023, but sadly I lost my uncle (God rest his soul) in this week, so I had to reschedule the exam for the next week 08/01/2023 and focus on supporting my family during the funeral period.

08/01/2023 : My exam was at 02:00 PM. So I woke up at 10:00 AM, followed my usual morning routine, logged in and waiting for 02:00 PM to start the exam. I was like:

This is me, having no idea what I’m about to face 😐

I had to finish the 5 challenges in 12 hours. So I managed my time quickly and decided to give each challenge 2 hours and 15 min, that means I’ll still have 45 min before the end of the exam to take notes, screenshots and outputs that I’ll need to write the report in the next 24 hours. “Sorry I know your brain is screaming now because I used a lot of numbers :)”.

I picked up the first challenge, and unfortunately, I continued on a certain path, unaware that it was a rabbit hole and it wasn’t going to take me anywhere. It’s 05h:20 PM (3 hours and 20 minutes wasted), I’m stuck in the first challenge, and I had a little clue as to how to solve it totally.

Funny (yet serious) part: I start saying that “It’s OK, I still have money for my second attempt”.

This is me, having no idea what to do next 😐

I decided to take a break for 5–10 minutes and I forced myself to not think about the exam.

My mother asked me “Is everything OK ?”, I was like…

This is me, smiling in pain 🥲

It’s 05h:55 PM, finally I completed the first challenge!!

To be honest, I was not happy because I still have 4 challenges to complete in the next 8 hours. So again bring your brain and calculate with me, 4 challenges in 8 hours means that I had to complete each challenge in 2 hours and take notes, screenshots and save outputs at the same time… no time to waste!!

The second challenge was not difficult as the first one, so I finished the challenge in 1 hour and 30 min.

It’s 07h:30 min PM, I took a 5-10 min break and start the third challenge. Well It was as hard as the first challenge so used all my brain energy to complete the challenge at 10h:05 PM.

Now I still have around 4 hours and 2 challenges, and obviously because they are the last ones so they will be the hardest especially the last challenge. But I had no choice, I had to fight and finish all the challenges to garantee a score at least higher than 80/100 to crack the exam.

The next 24 hours was for reporting, I wasn’t stressed, because as a penetration tester, writing reports is part of my job. Especialy, that I had all that I need (notes, screenshots, output files..).

I submitted the deliverables to the Practical DevSecOps team, and went to sleep for all 12 hours…

My Personal Advice for CDP Students

This was a brief of my experience. One hell of a ride it was. Now I would like to mention a few things to always keep in mind if you are planning to appear for the exam : (Following are based on my experience, those may or may not work for you)

  • Have patience: CDP is a marathon. You need to keep your composure and stay calm and focused throughout. 36 hours is sufficient time to pass the exam if you have studied well in the lab time. Even if you think you are losing it, chances are you can craft out a solution only if you step back and think it over again from a different perspective.
  • Breaks: Take frequent breaks. Get some sunlight during your break. And when you are on a break, don’t keep on thinking about the obstacle you are facing in the exam. Just give your brain some relaxation.
  • You don’t know your limits. When you think you are gonna fail, chances are you can come up with a solution even in that situation only if you push yourself a bit further. I seriously never thought that I can stay awake and focused for such a long time and think of decisive solutions.
  • Get mentally and physically ready for some discomfort. You are gonna have to endure physical as well as mental pain. Expect it.
  • How to go about CDP lab? Go through the entire Videos+hands at least two times. I might face some criticism here, but you don’t need to do all the extra optional exercises. Those are in fact good but if you have a job and you want to finish the lab as well then keep those for the end. While doing the labs, absorb as much as possible as the content is awesome and Practical DevSecOps has really put good effort into explaining the concepts.

Resources used for Preparation

Final Note…..

One of many reasons I chose to do CDP is because it’s tough and doing tough things gives you confidence. This journey will teach you a lot of things and contribute heavily to your overall growth. For me personally, it made me stay out of my comfort for most of the time. As I am a full-time employee at a firm, it’s not that easy to study for CDP parallelly but honestly speaking, it’s just an excuse. Have good people around you. I am so so grateful for the kind of people I am surrounded with. I have got my parents and my close friends. The Infosec community is also there. I met some really awesome people here.

Believe in yourself and just go for it.

And then finally, the day comes when I got this :

😍

And this is my reaction :

😌

CDP is another one in the arsenal. Many more to go. See you guys next time, all the very best for future endeavors. Share knowledge. Keep smiling, and help others.

See you later, and Happy Hacking! 😃

--

--

Ayoub NAJIM 🛡️🇲🇦☁️

My name is Ayoub. I am a Cyber Security Consultant, a Software Engineer and DevSecOps Specialist. I specialize in Penetration Testing, DevSecOps and JAVA / C#.