Last Issue: AI Hacking CV Project 🤖

Next Issue: 🚧 Secret Project 🚧

This Issue: DevSecOps Course: 2026 🛣️

Buying a course can make you feel like you’ve done the work, without actually putting in the work.

I understand the psychology of paying for a course, you are paying for curation and accountability. I’ve bought courses thinking, “I’ve paid for this, so I’ll do it.” And I still think buying courses is a great way to support your favourite creators. If you like the a particular teaching style, then that’s a great reason.

I imagine that, like most of my readers, you’re right at the start of your career. The best thing you can do right now is pick a lane and study it properly. However, since you aren’t paying money, you must pay with discipline.

So here is my free, custom DevSecOps course, pieced together from tools, resources, and free courses you can put together yourself.

Courses:

• AWS Skill Builder (Free Tier) - Filter by “Free” and “Fundamentals”. The “AWS Cloud Quest: Cloud Practitioner” is a role playing game that actually teaches you the platform.

• Microsoft Learn: Azure Fundamentals - The official text based learning path. It is better than most paid Udemy courses.

Repos:

jassics/awesome-aws-security - A massive curated list of resources specifically for AWS security.

Certs:

• Oracle Cloud Infrastructure Foundations Associate - Oracle frequently offers this certification exam for free (check their “Race to Certification” challenges). It covers the same core cloud concepts as AWS/Azure.

Courses:

Linux Foundation: Intro to Linux (LFS101x) - Hosted on edX. It is the gold standard for beginners. Audit the course for free.

Repos:

jlevy/the-art-of-command-line - A single README file that will teach you more practical Linux than a 4 year degree.

Certs:

HackerRank Linux Shell Badge - Complete their challenges and earn a skill badge to display on your profile.

Courses:

• GitLab Academy (CI/CD Fundamentals) - GitLab offers free self paced training on building pipelines.

• GitHub Actions: Hello World - An interactive bot guided course inside a real GitHub repo.

Repos:

cicdops/awesome-ciandcd - A collection of tools, best practices, and pipeline examples.

Certs:

GitHub Foundations Learning Path Badge - Finish the MS Learn path for GitHub and you get a digital badge of completion (The actual exam is paid, the badge for the course is free).

Courses:

Exercism: Bash Track - Mentored learning. You write a script, and automated tests (and sometimes humans) check your work.

Repos:

awesome-lists/awesome-bash - Scripts, tutorials, and snippets to steal for your own work.

Certs:

freeCodeCamp: Relational Database Certification - Don't let the name fool you; the first half is an intense, interactive Bash scripting bootcamp.

Courses:

• HashiCorp Vault: Getting Started - Interactive browser based labs. You don’t even need to install Vault to learn it.

• GitHub Security Lab: Secrets Scanning - Learn how to prevent credential leaks directly from the source.

Repos:

• OWASP/CheatSheetSeries - Specifically the “Secrets Management Cheat Sheet”.

Certs:

Snyk: Secrets Management Badge - Snyk offers free "lessons" that grant badges upon completion.

Courses:

• Wiz Academy: Container Security - High production value video courses on container vulnerabilities.

Repos:

aquasecurity/trivy - Go straight to the docs. Trivy is the industry standard open source scanner. The best way to learn is to read their "Getting Started".

Certs:

• None. (I can’t find any reputable “Free” cert for just image scanning. Build the Capstone Project I mentioned earlier instead; that is your proof.)

Courses:

• CodeQL U-Drive - Learn to query code like a database to find security errors.

• Secure Code Warrior (Public Tournaments) - Join their free public tournaments to learn secure coding patterns gamified.

Repos:

analysis-tools-dev/static-analysis - A giant list of static analysis tools for every programming language.

Certs:

Veracode Security Labs Community Edition - Free hands on labs that offer completion tracking.

Courses:

Snyk Learn: Open Source Security - Bite sized lessons on how supply chain attacks work and how SCA prevents them.

Repos:

google/osv-scanner - A free vulnerability scanner by Google for open source developers.

Certs:

Synopsys Academy - They often have free "community" training paths for Black Duck/SCA concepts.

Courses:

Qualys Training & Certification - This is the holy grail of free training. Qualys offers their full "Vulnerability Management Detection and Response (VMDR)" course AND certification exam for free.

Repos:

DefectDojo/django-DefectDojo - The industry standard open source tool for managing vulnerability data. Spin it up in Docker and learn it.

Certs:

Qualys Certified Specialist (VMDR) - Real industry certification. 100% Free. This is the highest value item on this entire list.

AI Hacking CV Project 🤖

Hacking Project 101: Reverse Shells with AWS & Ncat

AWS Security Project: STS 🔑

DevSecOps AWS Project

Supply Chain Security Project 📦 ⚔️

You should learn AWS Security Hub CSPM

The Ultimate Docker Project🐋

Part Two: The Ultimate Docker Project 🐋

The AWS Starter Pack

Easy Cloud DevOps Project🔧

New AWS Account Step-by-Step Guide✔️

Beginner AI Cloud CV Project📝

SQL Injection: Made Simple 💉

The Ultimate Cloud Project ☁️

Easy Cloud Automation Project ⚙️

I haven’t included the literal 1000s of free YouTube resources on this list because you don’t need me to tell you YouTube is a good resource in 2026

Have fun! 😉

WJPearce - Cyber Notes