800.674.3550
Alta3 Research

Securing Kubernetes Training

CKS
Course Schedule

Securing Kubernetes (CKS)

This intensive course prepares students for the Certified Kubernetes Security Specialist (CKS) exam. It emphasizes the advanced skills and knowledge required for securing container-based applications and Kubernetes platforms across the entire lifecycle: build, deployment, and runtime. As a security expert in the DevOps world, you will learn to observe rapidly progressing processes, implement Zero Trust principles, and pinpoint security concerns within any container, process, or subsystem without hindering velocity

Training at a glance

Level

Advanced / Expert

Duration

5 Days

Experience

General Kubernetes cluster admin, Deep working knowledge of Linux.

Average Salary

$140,000

Labs

Yes

Training Details

  • Harden Cluster and Components: Configure and implement cluster-level hardening techniques for Kubernetes master and worker nodes, ensuring components like the API server and etcd are secure.
  • Secure System and Microservices: Apply system hardening best practices and deploy security policies to minimize microservices vulnerabilities during runtime and deployment.
  • Manage Supply Chain Risk: Implement comprehensive supply chain security measures, including image signing and vulnerability scanning, to ensure container images are trusted and compliant.
  • Monitor, Log, and Secure Runtime: Configure and manage solutions for monitoring, logging, and runtime security, enabling effective threat detection and incident response within the cluster.
  • Leverage AI for Configuration: Utilize AI Large Language Model (LLM) prompt engineering to efficiently generate, validate, and troubleshoot Kubernetes configuration snippets, accelerating deployment and solution design.
  • Module 1: Learning Your Environment & Cluster Setup
    • Underlying Infrastructure Tools (Vim, Tmux)
    • Cloud Security Principles & Threat Analysis
    • Apply CIS Benchmarks
    • Install & Manage Kubernetes with Kubeadm
    • Join Node to Cluster / Manage Kubeadm Tokens
    • Kubeadm Cluster Upgrade
    • Purge/Cleanup Kubernetes Environment

     

  • Module 2: Securing the Control Plane
    • Kubernetes Architecture & Security Concepts
    • Securing the kube-apiserver
    • Configure and Enable Audit Logging
    • Deploy Falco to Monitor System Calls
    • Enable Pod Security Policies (PSPs)
    • Encrypt Data at Rest (Encryption Configuration)
    • Benchmark Cluster with Kube-Bench
    • Securing ETCD (Isolation, Snapshot, and Restore)

     

  • Module 3: Container and Application Security
    • Container Essentials and Secure Containers
    • Creating and Scanning Images (Trivy, Snyk Security)
    • Scan a Running Container (Tracee)
    • Implement Security Contexts for Pods
    • Deploy AppArmor Profiles
    • Isolate Container Kernels (gVisor)
    • Implement Pod Security Policies (PSPs)
    • Enable Pod Security Standards (PSS)
    • Deploy Open Policy Agent (OPA) / Gatekeeper
    • Policy as Code Implementation

     

  • Module 4: Access Control and Networking
    • User Administration (Contexts)
    • Authentication and Authorization
    • Configure Role Based Access Control (RBAC)
    • Manage Service Accounts
    • Secure and Consume Secrets
    • Deploy Secrets with Hashicorp Vault
    • Configure NetworkPolicy
    • Implement mTLS with Linkerd or istio

     

  • Module 5: Threat Detection and Resilience
    • Threat Detection and Active Analysis
    • Host Intrusion Detection (OSSEC)
    • Network Intrusion Detection (Suricata)
    • Disaster Recovery and Response Plan Deployment
    • Kasten K10 Backups
    • Manually Install & Validate Kubernetes
    • Validation with Sonobuoy
    • Kubectl Commands (get, describe, sorting)
    • Labels, Selectors, and Annotations

     

 

Individuals holding a CKA certification and interested in or responsible for Cloud Security, DevSecOps, Security Architecture, and Security Engineering in containerized environments.
General Kubernetes cluster administration proficiency (equivalent to CKA), and deep working knowledge of Linux
Download Course PDF

Upcoming Classes

We Offer More Than Just Alta3 Research Trainings

Our successful training results keep our corporate and military clients returning. That’s because we provide everything you need to succeed. This is true for all of our courses.

Strategic Planning & Project Management

From Lean Six Sigma to Project Management Institute Project Management Professional, Agile and SCRUM, we offer the best-in-class strategic planning and project management training available. Work closely with our seasoned multi-decade project managers.

IT & Cybersecurity

ATA is the leading OffSec and Hack the Box US training provider, and a CompTIA and EC-Council award-winning training partner. We offer the best offensive and defensive cyber training to keep your team ahead of the technology skills curve.

Leadership & Management

Let us teach your team the high-level traits and micro-level tools & strategies of effective 21st-century leadership. Empower your team to play to each others’ strengths, inspire others and build a culture that values communication, authenticity, and community.

From Lean Six Sigma to Project Management Institute Project Management Professional, Agile and SCRUM, we offer the best-in-class strategic planning and project management training available. Work closely with our seasoned multi-decade project managers.
ATA is the leading OffSec and Hack the Box US training provider, and a CompTIA and EC-Council award-winning training partner. We offer the best offensive and defensive cyber training to keep your team ahead of the technology skills curve.
Let us teach your team the high-level traits and micro-level tools & strategies of effective 21st-century leadership. Empower your team to play to each others’ strengths, inspire others and build a culture that values communication, authenticity, and community.