Kubernetes and Cloud Security Associate (KCSA) Exam Prep Crash Course
Published by O'Reilly Media, Inc.
A comprehensive overview of the exam
Course outcomes
- Study effectively for the KCSA certification exam
- Identify security concerns in a Kubernetes cluster and understand measures for addressing them
Course description
Security is a core principle in software design. Its aim is to keep an application or runtime environment functional and as impenetrable as possible to attacks. The Kubernetes and Cloud Native Security Associate (KCSA) teaches the skills and practices for securing a Kubernetes environment.
Join expert Benjamin Muschko to explore the fundamentals of security for Kubernetes with a focus on helping you pass the certification exam. You’ll look at common security tools to identify concerns and apply the relevant changes to comply with established practices to harden a Kubernetes cluster.
What you’ll learn and how you can apply it
- Get an overview of the KCSA objectives and learn how to study for the certification exam
- Start your CNCF certification journey
- Learn how to apply security practices to cloud and on-premises Kubernetes environments
This live event is for you because...
- You want to prepare for the KCSA certification.
- You work with Kubernetes and want to secure your cluster.
- You want to learn about security best practices and apply them to your cloud environment.
Prerequisites
- A Kubernetes cluster running in the cloud (e.g., AWS EKS)
- A computer with a code editor like VSCode installed
- Beginner-level knowledge of containers and Kubernetes (1–2 years)
Recommended preparation:
- A link to a GitHub repository will be provided that contains the setup instructions and code example for the course
- Take Getting Started with Kubernetes (live online course with Sean P. Kane)
Recommended follow-up:
- Read Certified Kubernetes Security Specialist (CKS) Study Guide (book)
- Explore Certified Kubernetes Application Developer (CKAD) Prep Course (on-demand course)
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Certification and cloud native security overview (65 minutes)
- Presentation: Intro to the certification; the 4Cs of cloud native security; cloud provider and infrastructure security; controls and frameworks; isolation techniques; artifact repository and image security; workload and application code security
- Q&A
- Break
Kubernetes cluster component security (45 minutes)
- Presentation: API server; controller manager; scheduler; kubelet; container runtime; kube-proxy; Pod; etcd; container networking; client security; storage
- Q&A
- Break
Kubernetes security fundamentals (45 minutes)
- Presentation: Pod security standards; Pod security admissions; authentication; authorization; secrets; isolation and segmentation; audit logging; network policy
- Q&A
- Break
Kubernetes threat model (50 minutes)
- Presentation: Kubernetes trust boundaries and data flow; persistence; denial of service; malicious code execution and compromised applications in containers; attacker on the network; access to sensitive data; privilege escalation
- Q&A
- Break
Platform security (50 minutes)
- Presentation: Supply chain security; image repository; observability; service mesh; PKI; connectivity; admission control
- Q&A
- Break
Compliance and security frameworks (45 minutes)
- Presentation: Compliance frameworks; threat modeling frameworks; supply chain compliance; automation and tooling
- Q&A
Your Instructor
Benjamin Muschko
Benjamin Muschko is a software engineer, consultant, and trainer with more than 20 years of experience in the industry. He specializes in cloud-native application development and transformation, container solutions, DevSecOps, and Continuous Integration/Continuous Delivery implementations. Ben is an author, a frequent speaker at conferences, and an avid open source advocate.