Kubernetes Security Specialist CKS

The Certified Kubernetes Security Specialist (CKS) program provides assurance that a CKS has the skills, knowledge, and competence on a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment and runtime. CKA certification is required for this exam.

Certification is a key step in that process, allowing certified application developers to quickly establish their credibility and value in the job market, and also allowing companies to more quickly hire high-quality teams to support their growth.



The Certified Kubernetes Security Specialist (CKS) program was created by the Cloud Native Computing Foundation (CNCF), in collaboration with The Linux Foundation, to help develop the Kubernetes ecosystem.

The Cloud Native Computing Foundation is committed to growing the community of Kubernetes-knowledgeable security specialists, thereby enabling continued growth across the broad set of organizations using the technology.

CKS may be purchased but not scheduled until CKA certification has been achieved. CKA Certification must be active (non-expired) on the date the CKS exam is scheduled.

The certification exam tests specific domains and competencies including:

  • Cluster Setup

  • Cluster Hardening

  • System Hardening

  • Minimize Microservice Vulnerabilities

  • Supply Chain Security

  • Monitoring, Logging, and Runtime Security


Class Size

Maximum 5 participants.

Course Language

Please notice that the training and all training material is in English, as the exams are held exclusively in the english language.



Study Load

The program is built for experienced DevOps Engineers, System Administrators or Security Specialists with good knowledge of containers, docker and microservices. During classes the most important points will be demonstrated in labs, where the candidates can see how the theory can be applied to solve problems in a Kubernetes cluster.
However you will need about 20 hours to study the syllabus and at least 60-80 hours of practice, to reflect on the total material and solve exercises before the exams.


Exam Details

The online, proctored, performance-based test consists of a set of performance-based items (problems) to be solved in a command line and is expected to take approximately two (2) hours to complete.



Training price: 2000€ + 0% VAT*
Examination fee: 330€ + 24% VAT

* VAT 
exemption on training courses

Special Prices

If you are a student or an unemployed individual don’t hesitate and ask for discounts  &  special prices. Please contact us here academy@onelity.com for more details.


This program is offered both on-site and online. However if you don’t live at Thessaloniki, nothing stops you from taking advantage of discounted prices and spend a productive weekend in one of the associate hotels. Take advantage of our preferential prices in accommodation from partnerships that we have. Contact us for more information.


Below is the curriculum outline of the Knowledge, Skills and Abilities that a Certified Kubernetes Security Specialist (CKS) can be expected to demonstrate.

1. Cluster Setup
1.1 Use Network security policies to restrict cluster level access
1.2 Use CIS benchmark to review the security configuration of Kubernetes components
(etcd, kubelet, kubedns, kubeapi)
1.3 Properly set up Ingress objects with security control
1.4 Protect node metadata and endpoints
1.5 Minimize use of, and access to, GUI elements
1.6 Verify platform binaries before deploying2. Cluster Hardening
2.1 Restrict access to Kubernetes API
2.2 Use Role Based Access Controls to minimize exposure
2.3 Exercise caution in using service accounts e.g. disable defaults, minimize permissions on
newly created ones
2.4 Update Kubernetes frequently

3. System Hardening
3.1 Minimize host OS footprint (reduce attack surface)
3.2 Minimize IAM roles
3.3 Minimize external access to the network
3.4 Appropriately use kernel hardening tools such as AppArmor, seccomp

4. Minimize Microservice Vulnerabilities
4.1 Setup appropriate OS level security domains e.g. using PSP, OPA, security contexts
4.2 Manage kubernetes secrets
4.3 Use container runtime sandboxes in multi-tenant environments (e.g. gvisor, kata containers)
4.4 Implement pod to pod encryption by use of mTLS

5. Supply Chain Security
5.1 Minimize base image footprint
5.2 Secure your supply chain: whitelist allowed image registries, sign and validate images
5.3 Use static analysis of user workloads (e.g. kubernetes resources, docker files)
5.4 Scan images for known vulnerabilities

6. Monitoring, Logging and Runtime Security
6.1 Perform behavioral analytics of syscall process and file activities at the host and container
level to detect malicious activities
6.2 Detect threats within physical infrastructure, apps, networks, data, users and workloads
6.3 Detect all phases of attack regardless where it occurs and how it spreads
6.4 Perform deep analytical investigation and identification of bad actors within environment
6.5 Ensure immutability of containers at runtime
6.6 Use Audit Logs to monitor access


Admission Deadline

10 June 2024

Training Dates

17-21 June 2024

Training Mode

Online or on-site (5 Days)
Οnelity offers both on-site and remote courses. When training takes place online, each participant still receives a hard copy of all training material.


Duration is usually 9:00-18:00 with 10 minutes breaks for coffee and an hour break for lunch. The exact schedule is sent via email to the participants a week before training.