CKSS - Certified Kubernetes Security Specialist
Certified Kubernetes Security Specialist
The Certified Kubernetes Security Specialist (CKSS) program provides assurance that an individual has the skills, knowledge, and competence on a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment and runtime
Find Our Students At
About the course
By the conclusion of this hands-on, vendor agnostic training you will be equipped with a thorough understanding of cloud security fundamentals, along with the knowledge, skills and abilities to secure a Kubernetes cluster, detect threats, and properly resolve a security catastrophe.
Certification
The CKS test will be online, proctored and performance-based with 15-20 hands-on performance based tasks, and candidates have 2 hours to complete the exam tasks.
Course Content
Kubernetes Cluster Setup for Security
- Use Network security policies to restrict cluster level access
- Use CIS benchmark to review the security configuration of Kubernetes components (etcd,kubelet, kubedns, kubeapi)
- Properly set up Ingress objects with security control
- Protect node metadata and endpoints
- Minimize use of, and access to, GUI elements
- Minimize use of, and access to, GUI elements
Cluster Hardening
- Restrict access to Kubernetes API
- Use Role Based Access Controls to minimize exposure
- Exercise caution in using service accounts
System Hardening
- Minimize host OS footprint (reduce attack surface)
- Minimize IAM roles
- Minimize external access to the network
- Appropriately use kernel hardening tools such as AppArmor, seccomp
Minimizing Microservices Vulnerabilities
- Setup appropriate OS level security domains such as using PSP, OPA, security contexts
- Manage Kubernetes secrets
- Use container runtime sandboxes in multi-tenant environments such gvisor and kata containers
- Implement pod to pod encryption by use of mTLS
Logging and Runtime Security
- Perform behavioral analytics of syscall process and file activities at the host and container level to detect malicious activities
- Detect threats within physical infrastructure, apps, networks, data, users and workloads
- Detect all phases of attack regardless where it occurs and how it spreads
- Perform deep analytical investigation and identification of bad actors within environment
- Ensure immutability of containers at runtime
- Use Audit Logs to monitor access
Supply Chain Security
- Minimize base image footprint
- Secure your supply chain: whitelist allowed registries, sign and validate images
- Use static analysis of user workloads
- Scan images for known vulnerabilities
Preparing for the Certified Kubernetes Security Specialist Exam
- Mock Exams for Certified Kubernetes Security Specialist
What our students say about us
Frequently Asked Questions
Is this training live or pre-recorded?
The training is live instructor led training which is available in classroom as well as online format. We also record every training session which is then uploaded to our student portal.
How will I join the live online training?
The live online training is conducted via the zoom software, we will be providing you with the zoom meeting link to join the training.
How many students are there in a single batch?
On an average one batch will have a maximum of 18 students. We keep smaller batch sizes to promote interaction between the students and the instructor.
How can I practice the labs?
We will provide you with online labs. If needed, we can also provide you with the software required to create your own labs.
Do you offer payment flexibility?
Yes, we provide zero interest EMI options.
Can I attend the training in classroom?
Yes, our classroom training location is in New Delhi near Lajpat Nagar metro staton.
Course details
Advanced Level
1 Month DurationΒ
Online Training
Β
Classroom Training
WhatsApp Support
Course Certificate