Certified Kubernetes Security Specialist (CKS)

Course description:

The Certified Kubernetes Security Specialist (CKS) exam is a way for you to demonstrate your ability to manage, configure and use a secure Kubernetes environment.

This course will cover all of the topics and practical, hands-on skills you will need to be familiar with in order to become a knowledgeable Kubernetes security specialist and pass the CKS exam.

Target audience:​

• DevOps engineers
• Linux system administrators
• Systems design engineers
• Architects

Prerequisites for Certified Kubernetes Security Specialist (CKS):

• Strong grasp of container basics (recommended training: Docker Basic)
• A basic understanding of application security, common attacks, and vulnerabilities

Module 1: Introduction
– Course Introduction
– Exam Information
– Certification Details
– Building a Kubernetes Cluster

Module 2: Understanding the Kubernetes Attack Surface
– The 4C’s of Cloud Native Security

Module 3: Cluster Setup
– What are CIS Benchmarks?
– CIS benchmark for Kubernetes
– Running a CIS Benchmark with kube-bench
– Implementing TLS with Ingress
– Securing Node Endpoints
– Securing GUI Elements
– Verifying Kubernetes Platform Binaries
– Restring default access with NetworkPolicies

Module 4: Cluster Hardening
– Explore Service Accounts
– Restrict Service Account permissions
– Restricting Access to the Kubernetes API
– Keeping Kubernetes Updated

Module 5: System Hardening
– Least Privilege Principle
– Understand Host OS Security Concerns
– Minimizing IAM Roles
– Explore Network-Level Security
– Using AppArmor in K8s Containers
– SSH Hardening

Module 6: Minimizing Microservice Vulnerabilities
– Managing Container Access with Security Contexts
– Governing Pod Configuration with Pod Security Policies
– Using Pod Security Policies
– OPA Gatekeeper
– Managing Kubernetes Secrets
– Container Runtime Sandboxes
– Pod-to-Pod mTLS
– Signing Certificates

Module 7: Supply Chain Security
– Minimizing Base Image Attack Surface
– Whitelisting allowed image Registries
– Validating Signed Images
– Use static analysis of user workloads (Docker files, Kubernetes resources)
– Scanning Images for known vulnerabilities
– Scanning images with an Admission Controller
– Setting up an Image Scanner

Module 8: Monitoring, Logging, and Runtime Security
– Understanding Behavioral Analytics
– Using Falco for Container behavior analysis
– Immutable Containers
– Understanding Audit Logs
– Setting up Audit Logging

Note:​​

Every student has assigned to him his own virtual lab environment setup.

Additional details:

To attend this course, you need to have:
• PC/Laptop with internet access
• Updated web browser

Certified Kubernetes Security Specialist (CKS)

1140
  • DURATION: 3 days
  • SKILL LEVEL: Professional
  • LECTURES: 8 lessons

Register
  • PRICE: 1140 €
  • DURATION: 3 days
  • SKILL LEVEL: Professional
  • LECTURES: 8 lessons

Course description:

The Certified Kubernetes Security Specialist (CKS) exam is a way for you to demonstrate your ability to manage, configure and use a secure Kubernetes environment.

This course will cover all of the topics and practical, hands-on skills you will need to be familiar with in order to become a knowledgeable Kubernetes security specialist and pass the CKS exam.

Target audience:​

• DevOps engineers
• Linux system administrators
• Systems design engineers
• Architects

Prerequisites for Certified Kubernetes Security Specialist (CKS):

• Strong grasp of container basics (recommended training: Docker Basic)
• A basic understanding of application security, common attacks, and vulnerabilities

Module 1: Introduction
– Course Introduction
– Exam Information
– Certification Details
– Building a Kubernetes Cluster

Module 2: Understanding the Kubernetes Attack Surface
– The 4C’s of Cloud Native Security

Module 3: Cluster Setup
– What are CIS Benchmarks?
– CIS benchmark for Kubernetes
– Running a CIS Benchmark with kube-bench
– Implementing TLS with Ingress
– Securing Node Endpoints
– Securing GUI Elements
– Verifying Kubernetes Platform Binaries
– Restring default access with NetworkPolicies

Module 4: Cluster Hardening
– Explore Service Accounts
– Restrict Service Account permissions
– Restricting Access to the Kubernetes API
– Keeping Kubernetes Updated

Module 5: System Hardening
– Least Privilege Principle
– Understand Host OS Security Concerns
– Minimizing IAM Roles
– Explore Network-Level Security
– Using AppArmor in K8s Containers
– SSH Hardening

Module 6: Minimizing Microservice Vulnerabilities
– Managing Container Access with Security Contexts
– Governing Pod Configuration with Pod Security Policies
– Using Pod Security Policies
– OPA Gatekeeper
– Managing Kubernetes Secrets
– Container Runtime Sandboxes
– Pod-to-Pod mTLS
– Signing Certificates

Module 7: Supply Chain Security
– Minimizing Base Image Attack Surface
– Whitelisting allowed image Registries
– Validating Signed Images
– Use static analysis of user workloads (Docker files, Kubernetes resources)
– Scanning Images for known vulnerabilities
– Scanning images with an Admission Controller
– Setting up an Image Scanner

Module 8: Monitoring, Logging, and Runtime Security
– Understanding Behavioral Analytics
– Using Falco for Container behavior analysis
– Immutable Containers
– Understanding Audit Logs
– Setting up Audit Logging

Note:​​

Every student has assigned to him his own virtual lab environment setup.

Additional details:

To attend this course, you need to have:
• PC/Laptop with internet access
• Updated web browser

Register

We're committed to your privacy. DevOps Artisan a Bittnet project uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Personal Data Protection Policy.
Loading...