Defending Kubernetes Environments: A Hands-On Approach
The Cloud as we know it is changing. Containers have taken the center stage as the preferred method of developing and deploying software into production. As security practitioners, we must adapt to the latest technologies or be left in the dust. This technical 2-day course will focus on the ins and outs of building a modern cloud infrastructure capable of taking containers from a laptop to production, in a secure manner.
The hands-on portion of the course will rely heavily on Kubernetes for the deployment and orchestration of Docker containers. Each student will build a sandbox Kubernetes cluster from scratch using Google Container Engine (GKE). All cluster operations will be performed using Google Cloud Shell and destroyed after class. At the completion of this course, students will have an operational, version controlled, deployment pipeline capable of shipping a container to a Kubernetes cluster while performing a number of automated security checks along the way.
Some of the topics covered in this course include:
- DevSecOps Principles
- Kubernetes and Docker Security Controls
- Third-Party Security Considerations
- Identity and Access Management Secure Deployment Pipelines
- Security Automation
- Infrastructure as Code
- Scaling Security Operations
- Data Security and Encryption
- Logging, Monitoring, and Alerting
Student Requirements:
Familiarity with at least one public cloud provider is recommend. Students should also have basic Docker knowledge and experience launching and managing basic cloud instances. Basic command line and scripting skills are highly recommended.
Computer setup:
Any laptop with a modern and updated web browser installed (Chrome, Firefox, Safari, Edge). Network connectivity and endpoint protection should allow access to Google services using lab credentials provided in class (GSuite, Google Cloud Platform Console, and GCP Cloud Shell).
Jimmy is a security leader that has been working in AppSec and Infrastructure Security for over 10 years. He founded and led the OWASP Santa Barbara chapter and co-organized the AppSec California security conference. Jimmy has taught at private corporate events and security conferences worldwide including AppSec USA, LocoMocoSec, SecAppDev, RSA, and B-Sides. He has spent time on both the offense and defense side of the industry and is constantly working towards creating developer-friendly security solutions. His current focus is building security tooling and education platforms for modern Kubernetes environments as founder and CEO of KSOC.