Course Overview
The Certified Kubernetes Security Specialist (CKS) certification is designed to validate a candidate’s skills and knowledge in securing containerized applications and Kubernetes platforms.
Learning Options
Target audiences
- A Certified Kubernetes Security Specialist (CKS) is an accomplished Kubernetes practitioner (must be CKA certified) who has demonstrated competence on a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment and runtime.
Schedule Dates
Curriculum
-
Module 1: Cluster Setup
- Use Network security policies to restrict cluster level access
- Use CIS benchmark to review the security configuration of Kubernetes components (etcd, kubelet, kubedns, kubeapi)
- Properly set up Ingress objects with security control
- Protect node metadata and endpoints
- Minimize use of, and access to, GUI elements
- Verify platform binaries before deploying
-
Module 2: Cluster Hardening
-
Module 3: System Hardening
-
Module 4: Minimize Microservice Vulnerabilities
-
Module 5: Supply Chain Security
-
Module 6: Monitoring, Logging and Runtime Security
- Perform Behavioral Analytics of Syscall Process and File Activities at the Host and Container Level to Detect Malicious
- Activities
- Detect Threats within Physical Infrastructure, Apps, Networks, Data, Users and Workloads
- Detect All Phases of Attack Regardless Where It Occurs and How It Works
- Perform Deep Analytical Investigation and Identification of Bad Actors within Environment Ensure
- Immutability of Containers at Runtime
- Use Audit Logs to Monitor Access
The short answer is “Yes.” If you have or want a career in cybersecurity, it is worth it to get the CKS. If you have already earned the CKA and CKAD, it's a great idea to get the third and final CKS certification, especially if you are involved with Kubernetes administration.
The CKS certification exam covers the following topics:
Kubernetes Cluster Setup: Securing Kubernetes cluster components, such as API server, etcd, and kubelet.
Kubernetes Security Configuration: Securing Kubernetes network and authentication, authorization, and admission control mechanisms.
Kubernetes Runtime Security: Securing Kubernetes workloads, including pods, containers, and images.
Kubernetes Security Operations: Securing Kubernetes operations, such as auditing, logging, and monitoring.
Kubernetes Identity and Access Management: Managing Kubernetes access controls, such as RBAC, users, and service accounts.
What is the Certified Kubernetes Administrator Salary? As of 2023, data from popular job sites like Indeed and talent.com shows that the average salary for CKA-certified engineers ranges anywhere between $130,000 and $180,000/year.
The CKS exam is a performance-based, hands-on exam that consists of 17-20 practical scenarios, and candidates are provided with access to a live Kubernetes cluster to perform the required tasks. The exam has a passing score of 66%, and candidates have two hours to complete the exam.