How to prepare for the upcoming Certified Kubernetes Security Specialist (CKS)

CNCF published the new Certified Kubernetes Security Specialists CKS which will be general available before November 2020, we had a look at the curriculum and how to prepare for the yet know content.

20 days ago

Latest Post Cloud Native News - CNN31 by Max Körbächer


Earlier this year CNCF announced that there will be changes for the Certified Kubernetes Administrator (CKA), we roughly compared the old and new curriculum and saw that some of the Security topics will be dropped with the new CKA exam. This led us to the consumption that the CNCF will bring a Security specialized certification. And here it is!

Certified Kubernetes Security Specialist (CKS)

In the announcement of the CNCF the CKS is described as

... testing competence across best practices for securing container-based applications and Kubernetes platforms during build, deployment, and runtime. The new certification is designed to enable cloud native professionals to demonstrate security skills to current and potential employers.

From the current timeline, they assume it will be general available before KubeCon/CloudNativeCon NA in November. On the training and certification page of the Linux Foundation is written that the CKS will run on K8s 1.19. The v1.19 release is planned for the 25th of August. Therefore we expect to have the first exams in Mid October.

CKS required competencies and domains

Before we come to the summary of potentially relevant learning resources for CKS lets, have a look at the yet given outline (this can still change) and weight per domain.

From our experience, this looks pretty good and covers the directly K8s impacting domains, and covers pretty much the whole stack from installation & OS to K8s configuration, container itself and Day2 relevant analytics. Also, I'm a little bit concerned about how this should fit into a 2h exam.

CKS Exam Preparation

One of the precondition to take the CKS is to have a valid CKA. If this is some while ago, start with the CKA prep to refresh your knowledge. A first good starting point for securing Kubernetes is the Task section of the official K8s documentation.

Cluster Setup

Cluster Hardening

System Hardening

Minimize Microservice Vulnerabilities

Supply Chain Security

Monitoring, Logging and Runtime Security


The given links are our assumptions and ideas - we neither have insights into the exam requirements, nor do we know how exactly it will look like. We are guessing about possibilities and try to collect resources.

As soon as we had our hands on it, we will correct our assumptions.

Do you have ideas for improvement? Which resources did we miss? Reach out to us via Twitter or discuss with us on Reddit - any feedback is welcome :)

Happy kubeing!

Photo by Bernard Hermant on Unsplash

Published 20 days ago