Kubernetes Threats and Detection
RCCE students will learn Kubernetes container orchestration security including cluster hardening, pod security policies/standards, RBAC configuration, network policies, secrets management, admission controllers, and runtime security monitoring. RCCE students will learn to secure Kubernetes clusters from deployment through runtime, configure role-based access control for cluster resources, implement pod security standards to restrict container capabilities, write network policies for micro-segmentation, manage secrets securely within clusters, deploy admission controllers to enforce security policies, scan container images for vulnerabilities, and monitor cluster activity for suspicious behavior. This threat-focused course teaches students to think like adversaries while building robust defenses. At an expert level, RCCE students will learn to analyze attack techniques, build detection logic, and implement defensive strategies that proactively identify threats before they cause damage. Students develop a threat-informed mindset that drives better security decisions across all operational activities.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Kubernetes Threats and Detection
- Execute hands-on tasks for kubernetes threats
- Explain Course Overview fundamentals
- Execute hands-on tasks for what you will learn — covering Kubernetes cluster security architecture, RBAC, PSS, and network policies.
- Execute hands-on tasks for threat-informed approach — covering Analyze adversary attack techniques, Build detection logic for K8s threats.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for control plane components
- Execute hands-on tasks for worker node components — covering API Server: cluster gateway, authN/authZ, kubelet: node agent, pod lifecycle.
- Integrate privilege controls with identity providers and SIEM telemetry, including kubelet: node agent, pod lifecycle.
- Execute hands-on tasks for kubernetes attack surface map — covering Unauthenticated access, Unencrypted secrets at rest.
- Execute hands-on tasks for api server exposure — covering Unauthenticated access.
- Execute hands-on tasks for etcd data store — covering Unencrypted secrets at rest.
- Execute hands-on tasks for container runtime — covering Container escape exploits.
| Module 01 | Kubernetes Threats |
| Module 02 | Course Overview |
| Module 03 | What You Will Learn |
| Module 04 | Threat-Informed Approach |
| Module 05 | Kubernetes Architecture Fundamentals |
| Module 06 | Control Plane Components |
| Module 07 | Worker Node Components |
| Module 08 | Cloud Controller: provider integration |
| Module 09 | Kubernetes Attack Surface Map |
| Module 10 | API Server Exposure |
| Module 11 | etcd Data Store |
| Module 12 | Container Runtime |
| Module 13 | Network Layer |
| Module 14 | Supply Chain |
All hands-on labs run on Rocheston Rose X OS. Students practice kubernetes threats and detection by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for kubernetes threats
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for what you will learn
- Lab 4: Execute hands-on tasks for threat-informed approach
- Lab 5: Design a scalable privilege management architecture with policy and enforcement
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Kubernetes Threats and Detection, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI