Skill Up Card - Course Bundles

Save up to €4,145 per delegate.

skill up card image - Nexus Human

Certified Kubernetes Security Specialist (CKS)

4.6 out of 5 rating Last updated 09/07/2024   English

Jump to outline

Find out more about this course

Interested in alternative dates? Would like to book a private session of this course for your company? Or for any other queries please simply fill out the form below.


5 Days

30 CPD hours


In this course, students will learn and practice essential Kubernetes concepts and tasks in the following sections:
Cloud Security Fundamentals
Cluster Hardening
System Hardening
Minimize Microservice Vulnerabilities
Supply Chain Security
Disaster Recovery
Secure Back-up and Restore


This class prepares students for the Certified Kubernetes Security Specialist (CKS) exam. Kubernetes is a Cloud Orchestration Platform providing reliability, replication, and stabilitywhile maximizing resource utilization for applications and services. By the conclusion of this hands-on, vendor agnostic training you will be equipped with a thorough understanding ofcloud security fundamentals, along with the knowledge, skills and abilities to secure a Kubernetes cluster, detect threats, and properly resolve a security catastrophe. This courseincludes hands-on instruction which develops skills and knowledge for securing container-based applications and Kubernetes platforms, during build, deployment, and runtime. We prioritizecovering all objectives and concepts necessary for passing the Certified Kubernetes Security Specialist (CKS) exam. You will be provided the components necessary to assemble your ownhigh availability Kubernetes environment and harden it for your security needs.

Learning Your Environment
  • Underlying Infrastructure
  • Using Vim
  • Tmux
Cloud Security Primer
  • Basic Principles
  • Threat Analysis
  • Approach
  • CIS Benchmarks
Securing your Kubernetes Cluster
  • Kubernetes Architecture
  • Pods and the Control Plane
  • Kubernetes Security Concepts
Install Kubernetes using kubeadm
  • Configure Network Plugin Requirements
  • Kubeadm Basic Cluster
  • Installing Kubeadm
  • Join Node to Cluster
  • Kubeadm Token
  • Manage Kubeadm Tokens
  • Kubeadm Cluster Upgrade
Securing the kube-apiserver
  • Configuring the kube-apiserver
  • Enable Audit Logging
  • Falco
  • Deploy Falco to Monitor System Calls
  • Enable Pod Security Policies
  • Encrypt Data at Rest
  • Encryption Configuration
  • Benchmark Cluster with Kube-Bench
  • Kube-Bench
Securing ETCD
  • ETCD Isolation
  • ETCD Disaster Recovery
  • ETCD Snapshot and Restore
Purge Kubernetes
  • Purge Kubeadm
  • 3Purge Kubeadm
Image Scanning
  • Container Essentials
  • Secure Containers
  • Creating a Docker Image
  • Scanning with Trivy
  • Trivy
  • Snyk Security
Manually Installing Kubernetes
  • Kubernetes the Alta3 Way
  • Deploy Kubernetes the Alta3 Way
  • Validate your Kubernetes Installation
  • Sonobuoy K8s Validation Test
Kubectl (Optional)
  • Kubectl get and sorting
  • kubectl get
  • kubectl describe
Labels (Optional)
  • Labels
  • Labels and Selectors
  • Annotations
  • Insert an Annotation
Securing your Application
  • Scan a Running Container
  • Tracee
  • Security Contexts for Pods
  • Understanding Security Contexts
  • AppArmor Profiles
  • AppArmor
  • Isolate Container Kernels
  • gVisor
Pod Security
  • Pod Security Policies
  • Deploy a PSP
  • Pod Security Standards
  • Enable PSS
Open Policy Agent (OPA)
  • Admission Controller
  • Create a LimitRange
  • Open Policy Agent
  • Policy as Code
  • Deploy Gatekeeper
User Administration
  • Contexts
  • Contexts
  • Authentication and Authorization
  • Role Based Access Control
  • Role Based Access Control
  • RBAC Distributing Access
  • Service Accounts
  • Limit Pod Service Accounts
Securing Secrets
  • Secrets
  • Create and Consume Secrets
  • Hashicorp Vault
  • Deploy Vault
Securing the Network
  • Networking Plugins
  • NetworkPolicy
  • Deploy a NetworkPolicy
  • mTLS
  • Linkerd
  • mTLS with istio
  • istio
Threat Detection
  • Active Threat Analysis
  • Host Intrusion Detection
  • Deploy OSSEC
  • Network Intrusion Detection
  • Deploy Suricata
  • Physical Intrusion Detection
Disaster Recovery
  • Harsh Reality of Security
  • Deploy a Response Plan
  • Kasten K10 Backups
  • Deploy K10
Additional course details:

Nexus Humans Certified Kubernetes Security Specialist (CKS) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward.

This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts.

Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success.

While we feel this is the best course for the Certified Kubernetes Security Specialist (CKS) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you.

Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

FAQ for the Certified Kubernetes Security Specialist (CKS) Course

Available Delivery Options for the Certified Kubernetes Security Specialist (CKS) training.
  • Live Instructor Led Classroom Online (Live Online)
  • Traditional Instructor Led Classroom (TILT/ILT)
  • Delivery at your offices in London or anywhere in the UK
  • Private dedicated course as works for your staff.
How many CPD hours does the Certified Kubernetes Security Specialist (CKS) training provide?

The 5 day. Certified Kubernetes Security Specialist (CKS) training course give you up to 30 CPD hours/structured learning hours. If you need a letter or certificate in a particular format for your association, organisation or professional body please just ask.

What is the correct audience for the Certified Kubernetes Security Specialist (CKS) training?

Security Professionals working with Kubernetes Clusters
Container Orchestration Engineers
DevOps Professionals

Do you provide training for the Certified Kubernetes Security Specialist (CKS).

Yes we provide corporate training, dedicated training and closed classes for the Certified Kubernetes Security Specialist (CKS). This can take place anywhere in Ireland including, Dublin, Cork, Galway, Northern Ireland or live online allowing you to have your teams from across Ireland or further afield to attend a single training event saving travel and delivery expenses.

What is the duration of the Certified Kubernetes Security Specialist (CKS) program.

The Certified Kubernetes Security Specialist (CKS) training takes place over 5 day(s), with each day lasting approximately 8 hours including small and lunch breaks to ensure that the delegates get the most out of the day.

Why are Nexus Human the best provider for the Certified Kubernetes Security Specialist (CKS)?
Nexus Human are recognised as one of the best training companies as they and their trainers have won and hold many awards and titles including having previously won the Small Firms Best Trainer award, national training partner of the year for Ireland on multiple occasions, having trainers in the global top 30 instructor awards in 2012, 2019 and 2021. Nexus Human has also been nominated for the Tech Excellence awards multiple times. Learning Performance institute (LPI) external training provider sponsor 2024.
Is there a discount code for the Certified Kubernetes Security Specialist (CKS) training.

Yes, the discount code PENPAL5 is currently available for the Certified Kubernetes Security Specialist (CKS) training. Other discount codes may also be available but only one discount code or special offer can be used for each booking. This discount code is available for companies and individuals.

Jump to dates

Training Insurance Included!

When you organise training, we understand that there is a risk that some people may fall ill, become unavailable. To mitigate the risk we include training insurance for each delegate enrolled on our public schedule, they are welcome to sit on the same Public class within 6 months at no charge, if the case arises.

What people say about us