Description
This training introduces cloud security concepts and practices in production environments. Participants will learn to identify potential security risks, strengthen systems and clusters, and understand container supply chain security.
The course also covers monitoring and logging security events to ensure system protection. Designed for system administrators, cloud administrators, developers, and SREs, it combines theory, case studies, quizzes, and hands-on labs. Prior knowledge of Kubernetes administration is recommended
Why Take This Course?
-
Master Cloud Security Fundamentals
Gain the knowledge to understand, identify, and address potential security risks in cloud production environments.
-
Protect Critical Infrastructure
Learn how to strengthen systems, clusters, and container supply chains to prevent vulnerabilities and ensure safe operations.
-
Stay Ahead of Threats and Compliance Needs
Acquire skills to monitor, log, and respond to security events, keeping your organization secure and audit-ready.
Facilities
- Hands-on Lab Environment – Train using dedicated virtual machines with full access to lab resources via Jumpserver (RDP & SSH), enabling real-world practice throughout the training.
- Downloadable Lab Environment – Continue practicing after the training with our VM Lab Downloader (.qcow2), allowing you to run the lab environment on your own machine.
- Complete Learning Materials – Get comprehensive digital training materials and a handbook with up to 1 year access, plus a certificate of course completion.
- Post-Training Support – Continue learning after the class with access to training records (for online sessions) and community discussion groups to help reinforce your skills.
Trainer
Berto Viki Satria Pranata
PT Biznet Gio Nusantara, RnD Engineer
Linux, Docker, OpenStack, Kube Adm
View LinkedInSyllabus
-
Containers
-
Container Orchestration
-
What Is Kubernetes?
-
Kubernetes Terminology
-
User Community
-
Tools
-
Cloud Native Computing Foundation
-
Main Components
-
Control Plane
-
Worker/Node
-
Kubelet
-
Services
-
Controllers
-
Pods
-
Containers
-
Init Containers
-
Node
-
Single IP per Pod
-
Container to Outside Path
-
Cluster Networking
-
CNI Network Configuration File
-
What is Security?
-
Basic Principles
-
Attack Sources
-
Types of Attacks
-
The 4Cs of Security
-
NIST Cybersecurity Framework
-
CIS Benchmarks
-
kube-bench
-
High Value Asset Protection
-
Improve Security Team Culture
-
Limit Access
-
Lab 1.0 Tunneling Access Server & Basic Vim Command
-
Lab : Lab Preparation
-
Lab 1.2 Deploy Kubernetes Cluster
-
Lab: Deploy Kubernetes Cluster1
-
Lab: Deploy Kubernetes Cluster2
-
Lab: Setup Kubernetes CLI on Workstation
-
Lab: Bash Auto-completion
-
Lab: kube-bench
-
Lab : Setup NUSACTL
-
Quis 1.1
-
Quis 1.2
-
Lab: Deploy Kubernetes Cluster01
-
Where Do Your Images Come From
-
Container Runtime
-
RuntimeClass
-
gVisor
-
Kata
-
Gatekeeper
-
Trusted Packages
-
Protect the Kernel
-
Finding Kernel Vulnerabilities
-
Secret
-
Lab: Implement Sandbox Container Runtime gVisor
-
Lab: OPA Gatekeeper
-
Lab: Store Sensitive Data with Secret
-
Quis 2.1
-
Quis 2.2
-
Secret
-
Secret
-
Enable Audit Log
-
Configure API Auditing
-
Audit Policy
-
Role Based Access Control
-
RBAC Role and ClusterRole
-
RBAC RoleBinding
-
Pod Security Policies (PSP)
-
Identity and Access Management
-
Persistent State from etcd
-
Start Using Service Accounts
-
Create a Role
-
Bind the Role
-
Lab: Enabling API Server Auditing
-
Lab: Limiting Access Control with RBAC
-
Lab: Security Context
-
Lab 3.4 Pod Security Policies
-
Lab 3.5 OPA Gatekeeper
-
Quis 3.1 Service Account
-
Quis 3.2 PodSecurityPolicy
-
Quis 3.2 Audit Logs
-
Quis 3.3 RBAC
-
Quis 3
-
Kubernetes Network
-
Services and Firewalls
-
Terms and Expressions
-
Stateful vs Stateless
-
Several Network Plugins
-
Chains (of Rules) & Tables (of Chains)
-
Netfilter
-
Netflier (.cont)
-
Firewalld
-
Ingress Controller
-
Service Mesh
-
mTLS
-
Network Policies
-
Lab: Implement Network Security Policy
-
Lab: Loadbalancer Service using MetalLB
-
Lab: Working with Ingress
-
Lab: Configure mTLS (Linkerd)
-
Quis Network Policy Default Deny
-
Quis Network Policy Pod Restriction
-
Quis 4.3 Delete not stateless and not immutable pods
-
Quis 4
-
Trivy
-
Falco
-
SELinux Overview & Enforcement Modes
-
Seccomp & Apparmor
-
Dockerfile Best Practices
-
Lab: Check Image Vulnerability using Trivy
-
Lab 5.2 Check Image Vulnerablility using Docker Scan
-
Lab: Using Falco to Monitor Audit Events
-
Lab: Deny Write with AppArmor Profile
-
Quis 5.1 Trivy
-
Quis 5.2 Falco
-
Quis 5.3 AppArmor
-
Quis 5.4 Fixing Dockerfile and Manifest
-
Quis 5.5 Admission Controller
-
Quis 5
-
Lab Comprehensive Review
-
Preparing for the Exam
-
Finding Exam Information
-
Exam Environment
-
Task 01
-
Task 02
-
Task 03
-
Task 04
-
Task 05
-
Task 06
-
Task 07
-
Task 08
-
Task 09
-
Task 10
-
Task 11
-
Task 12
-
Task 13
-
Task 14
-
Task 15
-
Survey Training
-
Post Test
-
Closing Course (Jangan klik bab ini sampai seluruh quiz dikerjakan)
Common Questions
Yes, the training can be conducted with a minimum of 4 participants. If the number of participants does not meet the minimum requirement, you may contact us for further information on the available options.
Yes, the training materials can be customized based on your needs. The topics are not limited to Cloud, CloudSecOps, and DevSecOps.
Available Training
Accelerate Your Professional Growth
Chat on WhatsApp
