/thumbnail.webp?token=Y291cnNlcy8yMDI0LzAxL0NlcnQgUHJlcCAtIEt1YmVybmV0ZXMgYW5kIENsb3VkIE5hdGl2ZSBTZWN1cml0eSBBc3NvY2lhdGUgKEtDU0EpL3RodW1ibmFpbC53ZWJwOjE3ODMyNTAyNzQ6N2I5YzJiZjM4YmJmMzA4Mzk2YjA5NTE5NjRiODEyYWM4NzBiMzRhZjZjOTg3YWM4YzUwNWQ4MWVmYWI1OTEzNg%3D%3D)
Cert Prep: Kubernetes and Cloud Native Security Associate (KCSA)
1h 57mIntermediate2024-01-30
Authors
Michael Levan
Cloud and DevOps Training Professional
Course details
The Kubernetes and Cloud Native Security Associate (KCSA), one of the newest Linux Foundation certifications, allows beginners to validate their “understanding of the baseline security configuration of Kubernetes clusters to meet compliance objectives.” If you’re preparing for the KCSA exam—or just want entry-level security knowledge from a Kubernetes perspective—then this course is for you.
Instructor Michael Levan offers a comprehensive overview of Kubernetes, cloud native security best practices, and mitigation strategies, providing hands-on demonstrations along the way.
Learning objectives
Demonstrate how to scan clusters, containers, and code with various libraries.
Explain how to think about securing code prior to containerizing the code.
Recognize how policy enforcement impacts Kubernetes environments.
Discuss how pod security standards implement privileged, baseline, and unrestricted access.
Demonstrate how to secure the Kubernetes scheduler, the kubelet, container image registries, and kube-proxy.
Describe spoofing workloads and users in Kubernetes.
Illustrate how to scan code and containers for security risks.
Describe how to restrict program capability with AppArmor, a popular Linux kernel module.
Instructor Michael Levan offers a comprehensive overview of Kubernetes, cloud native security best practices, and mitigation strategies, providing hands-on demonstrations along the way.
Learning objectives
Demonstrate how to scan clusters, containers, and code with various libraries.
Explain how to think about securing code prior to containerizing the code.
Recognize how policy enforcement impacts Kubernetes environments.
Discuss how pod security standards implement privileged, baseline, and unrestricted access.
Demonstrate how to secure the Kubernetes scheduler, the kubelet, container image registries, and kube-proxy.
Describe spoofing workloads and users in Kubernetes.
Illustrate how to scan code and containers for security risks.
Describe how to restrict program capability with AppArmor, a popular Linux kernel module.
Skills covered
Cloud SecurityDevOps ToolsNetwork SecurityDevOpsCybersecurityCert PrepCloud Computing
Concepts
0. Introduction
- 01 - Secure the cloud - Preparing for your KCSA certification
- 02 - What you should know
1. Overview of Cloud Native Security
- 03 - What is cloud native security
- 04 - OWASP Kubernetes Top 10
- 05 - What is infrastructure security
- 06 - The four Cs of cloud native security
- 07 - Cloud provider and infrastructure security
- 08 - Isolation techniques
- 09 - Artifact repo and image security
- 10 - Workload and app code security
2. Kubernetes Cluster Component Security
- 11 - API server and controller manager
- 12 - Scheduler
- 13 - Kubelet and container runtime
- 14 - kube-proxy
- 15 - Pods
- 16 - etcd
- 17 - Container networking and client security
- 18 - Storage and security wrap-up
3. Kubernetes Security Fundamentals
- 19 - Pod security standards
- 20 - Pod security admissions
- 21 - Authentication
- 22 - Authorization
- 23 - Secrets
- 24 - Isolation and segmentation
- 25 - Audit logging
- 26 - Network policies
4. Kubernetes Threat Model
- 27 - Kubernetes trust boundaries and data flow
- 28 - Denial of service
- 29 - Malicious code execution
- 30 - Compromised apps in containers
- 31 - Attackers on the network
- 32 - Access to sensitive data
- 33 - Privilege escalation
5. Platform Security
- 34 - Supply chain security
- 35 - Image repository security
- 36 - Observability
- 37 - Service mesh
- 38 - Kubernetes PKI
- 39 - Admission control
6. Compliance and Security Frameworks
- 40 - Compliance frameworks
- 41 - Hands-on - Utilizing CIS tools (CIS Report)
- 42 - Threat modeling frameworks
- 43 - Supply chain compliance
- 44 - Automation and tooling
- 45 - Hands-on - Kubescape and kube-bench
Conclusion
- 46 - Next steps
Related courses
- Certificate of Cloud Security Knowledge (CCSK) Cert Prep
- Building a Multicloud Security Program: Strategy, Implementation, and Emerging Trends
- Modern Cloud Security: Shift-Left, Observability, and Automated Defense
- Cybersecurity Awareness: Cloud Security
- Building Customer Identity and Access Management (CIAM) in Your Applications on AWS
- Cloud Security Architecture for the Enterprise
- ISC2 Certified Cloud Security Professional (CCSP) Cert Prep
- 5G Security in Depth: A Hands-On Approach to Securing RAN, Core, and Telco Cloud