Certified Kubernetes Security Specialist (CKS) Training
Level
AdvancedDuration
28h / 4 daysDate
Individually arrangedPrice
Individually arrangedCertified Kubernetes Security Specialist (CKS) Training
This training prepares participants for the Certified Kubernetes Security Specialist (CKS) exam. It is an advanced course that provides in-depth knowledge of Kubernetes security. After completing the training, participants will be able to independently design and manage components responsible for security in Kubernetes.
What You Will Learn
- During the CKS training, participants will gain knowledge and skills related to ensuring security in Kubernetes clusters, including access control configuration, monitoring, certificate management, auditing and risk assessment, as well as troubleshooting security-related issues in containerized environments.
Who is this training for?
The CKS training is intended for IT specialists, security administrators, and engineers who want to gain advanced knowledge of security in Kubernetes environments.
Training Program
-
Cluster Configuration
- Applying network security policies to restrict cluster-level access
- Using CIS benchmarks to review Kubernetes component security (etcd, kubelet, kube-dns, kube-apiserver)
- Proper configuration of Ingress objects with security controls
- Protecting node metadata and endpoints
- Minimizing GUI use and access
- Verifying Kubernetes binaries before deployment
-
Cluster Hardening
- Restricting access to the Kubernetes API
- Using Role-Based Access Control (RBAC) to minimize exposure
- Avoiding excessive use of ServiceAccounts (disabling defaults, minimizing permissions for new accounts)
- Regular Kubernetes upgrades
-
System Hardening
- Minimizing the host OS footprint (reducing attack surface)
- Reducing IAM roles
- Minimizing external network exposure
- Using kernel hardening tools such as AppArmor and seccomp
-
Minimizing Microservice Vulnerabilities
- Setting appropriate OS-level security domains
- Managing Kubernetes Secrets
- Using container runtime sandboxes in multi-tenant environments (e.g., gVisor, Kata Containers)
- Enabling pod-to-pod encryption with mTLS
-
Supply Chain Security
- Minimizing base image size
- Securing the supply chain: approved registries, image signing and validation
- Performing static analysis of user resources (e.g., Kubernetes manifests, Dockerfiles)
- Scanning images for known vulnerabilities
-
Monitoring, Logging, and Runtime Security
- Analyzing syscalls, processes, and file activity at the host and container level to detect malicious behavior
- Detecting threats across physical infrastructure, applications, networks, data, users, and workloads
- Identifying all phases of an attack, regardless of origin or spread
- Performing deep forensic investigations and identifying attackers in the environment
- Ensuring container immutability in real time
- Using audit logs to monitor access
