Kubernetes and Cloud Security Associate (KCSA) Crash Course
Published by Pearson
Get Your KCSA Certification and Start Your k8s Security Journey
- Review all of the objectives in the new Cloud Native KCSA exam
- Learn foundational Kubernetes security concepts and skills
- Start your security journey for any Kubernetes environment
- Engage in hands-on exercises, both from a lab and demo perspective, so you can build your skills as you learn
Kubernetes security is a big deal and it’s often overlooked. As with any IT specialty, security is typically on the backburner for the simple reason that it can often be difficult to implement security protocols. Cloud Native’s new Kubernetes and Cloud Security Associate (KCSA) exam teaches the core concepts and skills for understanding and using security technologies in the cloud native ecosystem.
Instructor and trainer Michael Levan designed this class for certification success, but also with an eye toward teaching real-world skills. This 2-day / 8-hour course focuses on exploring security configuration of a Kubernetes cluster for compliance with security requirements. This includes focusing on how to harden security controls, test and monitor security, and assist in the identification and assessment of security risks and vulnerabilities. With the KCSA, you’ll learn that implementing security for your Kubernetes environment isn’t as cumbersome as it may seem. You’ll learn how to get any Kubernetes environment security-ready and discover the best practices that you can use to ensure proper security implementation.
What you’ll learn and how you can apply it
- How to successfully study for the KCSA certification
- How to start securing your Kubernetes environment in the cloud
- How to secure Kubernetes in a hands-on, practitioner-led way
And you’ll be able to:
- Start securing your Kubernetes cloud environment
- Implement core security principles for Kubernetes environments
- Think about how security for Kubernetes works in production environments
This live event is for you because...
- You want to learn about the Kubernetes and Cloud Security Associate (KCSA) exam
- You want to secure your Kubernetes environment
- You have interest in future proofing your security skills for any cloud environment
- You have a passion for doing things the right way in Kubernetes
Prerequisites
- 1-2 years of Kubernetes and containers experience
- Kubernetes developer and administrator proficiency (equivalent of understanding the topics in the Certified Kubernetes CKA and/or CKAD exams although certification is not needed for this training
- A Kubernetes cluster running in the cloud is needed to run the labs
Course Set-up
- Course Github
- Access to a cloud environment (AWS, Google or Azure)
- A code editor like VS Code
Recommended Preparation
- Attend: Kubernetes in 4 Hours by Sander van Vugt
- Watch: Certified Kubernetes Application Developer (CKAD) Complete Video Course (Video Training), 3rd Edition by Sander van Vugt
- Watch: Module 1 – Security Concepts from The Complete Cybersecurity Bootcamp, 2nd Edition by Omar Santos
Recommended Follow-up
Attend: Hands-On Kubernetes and Docker Security by Omar Santos (live online training course)
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
DAY 1
Segment 1: Intro and Overview of Cloud Native Security (55 minutes)
- Intro to the certification
- The 4C’s of cloud native security
- Cloud provider security
- Infrastructure security
- Isolation
- Artifact repo and image security
- Workload and app code security
Break: 10 minutes
Segment 2: Kubernetes Cluster Component Security (50 minutes)
- Securing control plane components
- Security worker node components
Break: 10 minutes
Segment 3: Kubernetes Security Fundamentals (45 minutes)
- Pod Security Standards
- Pod Security Admissions
- Authentication
- Authorization
- Secrets
- Isolation and segmentation
- Audit logging
- Network policy
Exercise/activity Number 1: Configuring Network Policies
Exercise/activity Number 2: Creating A Kubernetes Secret
Q&A: 10 minutes
DAY 2
Segment 4: Kubernetes Threat Model (55 minutes)
- Kubernetes trust boundaries and data flow
- Denial of service
- Kubernetes persistence
- Malicious code execution
- Compromised apps in containers
- Attackers on a Kubernetes network
- Access to sensitive data
- Privilege escalation
Exercise/activity: Detecting Compromised Apps
Break: 5 Minutes
Segment 5: Platform Security (55 minutes)
- Supply chain security
- Image repo security
- Service mesh
- PKI
- Connectivity
- Admission control
Exercise/activity Number 1: Setting Up Artifactory
Exercise/activity Number 2: Configuring Istio
Break: 5 Minutes
Segment 6: Compliance and Security Frameworks (50 minutes)
- Compliance frameworks
- Thread modeling frameworks
- Supply chain compliance
- Automation and tooling
Exercise/activity Number 1: Reviewing CIS Benchmarks
Exercise/activity Number 2: Using Kubescape
Q&A (10 minutes)
Your Instructor
Michael Levan
Michael Levan is a seasoned engineer and consultant in the Kubernetes and Security space who spends his time working with startups and enterprises around the globe on Kubernetes consulting, training, and content creation. He is a trainer, 4x published author, podcast host, international public speaker, CNCF Ambassador, and was part of the Kubernetes v1.28 and v1.31 Release Team.