Certified Kubernetes Security Specialist (CKS) Prep

Topic 1 Cluster Setup

• Use Network security policies to restrict cluster level access
• Use CIS benchmark to review the security configuration of Kubernetes components (etcd, kubelet, kubedns, kubeapi)
• Properly set up Ingress with TLS
• Protect node metadata and endpoints
• Verify platform binaries before deploying

Topic 2 Cluster Hardening

• Use Role Based Access Controls to minimize exposure
• Exercise caution in using service accounts e.g. disable defaults, minimize permissions on newly created ones
• Restrict access to Kubernetes API
• Upgrade Kubernetes to avoid vulnerabilities

Topic 3 System Hardening

• Minimize host OS footprint (reduce attack surface)
• Using least-privilege identity and access management
• Minimize external access to the network
• Appropriately use kernel hardening tools such as AppArmor, seccomp

Topic 4 Minimize Microservice Vulnerabilities

• Use appropriate pod security standards
• Manage Kubernetes secrets
• Understand and implement isolation techniques (multi-tenancy, sandboxed containers, etc.)
• Implement Pod-to-Pod encryption using Cilium

Topic 5 Supply Chain Security

• Minimize base image footprint
• Understand your supply chain (e.g. SBOM, CI/CD, artifact repositories)
• Secure your supply chain (permitted registries, sign and validate artifacts, etc.)
• Perform static analysis of user workloads and container images (e.g. Kubesec, KubeLinter)

Topic 6 Monitoring, Logging and Runtime Security

• Perform behavioral analytics to detect malicious activities
• Detect threats within physical infrastructure, apps, networks, data, users and workloads
• Investigate and identify phases of attack and bad actors within the environment
• Ensure immutability of containers at runtime
• Use Kubernetes audit logs to monitor access

Promotion Code

Your will get 10% discount voucher for 2nd course onwards if you write us a Google review.

Minimum Entry Requirement

Knowledge and Skills

• Able to operate using computer functions
• Minimum 3 GCE ‘O’ Levels Passes including English or WPL Level 5 (Average of Reading, Listening, Speaking & Writing Scores)

Attitude

• Positive Learning Attitude
• Enthusiastic Learner

Experience

• Minimum of 1 year of working experience.

Target Age Group: 18-65 years old

Minimum Software/Hardware Requirement

Software:

TBD

Hardware: Window or Mac Laptops

• Kubernetes Administrator
• DevSecOps Engineer
• Cloud Security Engineer
• Platform Engineer
• Site Reliability Engineer (SRE)
• Container Security Specialist
• Infrastructure Security Engineer
• DevOps Engineer
• Security Operations Analyst
• IT Security Manager
• Systems Engineer
• Cybersecurity Analyst
• Network Security Engineer
• Compliance Engineer
• Application Security Analyst
• Penetration Tester
• Cloud Infrastructure Engineer
• Technical Architect
• Vulnerability Management Specialist
• Open Source Security Consultant

Truman Ng: Truman Ng is a ACTA certified trainer that graduated with Bachelor Degree in Electrical Engineering from NUS in year 2002. He designed Artificial Intelligence (AI) controller for DC-DC Power Convertor by using Fuzzy Logic and Neural Network (NN) as his university Final Year Project.

Truman has over 15 years project experiences across Database & Web Design, PLC machinery, Data Center Design , Structure Cabling System(SCS) and Enterprise Network Design and Implementation. He used to be a network architect for Hewlett Packard, working with a group of virtual team from the US in handling network design and projects in the States.

Truman is the founder of Nexplore (S) Pte Ltd. He provides solutions of Cloud SaaS, IaaS & PaaS and Software Defined Network (SDN), VoIP and Internet Security. He was engaged by Huawei Global Training Center to provide 60+ consultations and trainings for Internet Service Providers(ISP) from Malaysia, Singapore, Brunei, Philippines, Australia, Poland, Iran, South Africa, Swaziland, Cote Dlvoire, Syria, Uzbekistan, New Zealand and countries over the world.
As achievement, Truman has successfully completed 100+ IT network projects for Bank, Hotel and Factory within 5 years.
Truman is certified in PMP, Cisco CCNP, CCIP, CCDP, HP Ase and Huawei HCNP, HCIE R&S, HCNA Cloud, HCNA Security, etc.

Anil Bidari: Anil  is a ACLP certified trainer. He is an Enterprise Cloud and DevOps Consultant , responsible for  helping clients to move Virtual data centre to Private Cloud based on OpenStack and Public Cloud ( AWS, Azure and Google cloud) . Consulting and training experience on Devops tool chain like github , Jenkins, Sonarqube, Docker & kubernetes, Cloud foundry, Openshift, Ansible and SaltStack. Lot of my Role is involved design and implementation of a solution and training