🏆SFEIR is the Google Cloud EMEA Training Partner of the Year 2025🤝New partnership: Official GitLab Training🤖New training: AI-Augmented Developer
🏆SFEIR is the Google Cloud EMEA Training Partner of the Year 2025🤝New partnership: Official GitLab Training🤖New training: AI-Augmented Developer
LFS460

Kubernetes Security Training (LFS460) - Prepare for CKS

This course provides the skills and knowledge to maintain security in dynamic, multi-project environments and address security concerns for cloud production environments. Through hands-on labs, you will learn a range of security best practices for container-based applications and Kubernetes platforms. The course covers the entire security lifecycle, from supply chain security before cluster configuration to ongoing monitoring and logging of security events. It is designed to prepare you for the Certified Kubernetes Security Specialist (CKS) certification exam.

Linux Foundation
✓ Official training Linux FoundationLevel Intermediate⏱️ 4 days (28h)

What you will learn

  • Learn to maintain security in dynamic, multi-project environments
  • Address security concerns for cloud production environments
  • Use hands-on labs to learn security best practices for container-based applications and Kubernetes platforms
  • Gain key knowledge and skills related to the Certified Kubernetes Security Specialist (CKS) certification exam

Prerequisites

  • A good understanding of Linux
  • Familiarity with the command line
  • Familiarity with package managers
  • Familiarity with Git and GitHub
  • Proficiency working with Kubernetes (the equivalent of being CKA-certified)

Target audience

  • Anyone holding a CKA certification, Anyone interested in or responsible for cloud security

Training Program

10 modules to master the fundamentals

Topics covered
  • →The Linux Foundation Certifications
  • →The Linux Foundation Digital Badges
  • →Laboratory Exercises, Solutions and Resources
  • →Things Change in Linux and Open Source Projects
  • →E-Learning Course: LFS260
  • →Platform Details
Topics covered
  • →Multiple Projects
  • →What is Security?
  • →Assessment
  • →Prevention
  • →Detection
  • →Reaction
  • →Classes of Attackers
  • →Types of Attacks
  • →Attack Surfaces
  • →Hardware and Firmware Considerations
  • →Security Agencies
  • →Manage External Access
  • →Labs
Topics covered
  • →Image Supply Chain
  • →Runtime Sandbox
  • →Verify Platform Binaries
  • →Minimize Access to GUI
  • →Policy Based Control
  • →Labs
Topics covered
  • →Update Kubernetes
  • →Tools to Harden the Kernel
  • →Kernel Hardening Examples
  • →Mitigating Kernel Vulnerabilities
  • →Labs
Topics covered
  • →Restrict Access to API
  • →Enable Kube-apiserver Auditing
  • →Configuring RBAC
  • →Pod Security Admission
  • →Minimize IAM Roles
  • →Protecting etcd
  • →CIS Benchmark
  • →Using Service Accounts
  • →Labs
Topics covered
  • →Firewalling Basics
  • →Network Plugins
  • →Mitigate Brute Force Login Attempts
  • →Ingress Objects
  • →Pod to Pod Encryption
  • →Restrict Cluster Level Access
  • →Labs
Topics covered
  • →Minimize Base Image
  • →Static Analysis of Workloads
  • →Runtime Analysis of Workloads
  • →Overview of SBOM
  • →Container Immutability
  • →Mandatory Access Control
  • →SELinux
  • →AppArmor
  • →Generate AppArmor Profiles
  • →Labs
Topics covered
  • →Understanding Phases of Attack
  • →Preparation
  • →Understanding an Attack Progression
  • →During an Incident
  • →Handling Incident Aftermath
  • →Intrusion Detection Systems
  • →Threat Detection
  • →Behavioral Analytics
  • →Labs
Topics covered
  • →Preparing for the Exam
  • →Labs
Topics covered
  • →Evaluation Survey

Related Trainings

Linux Foundation
Best

Kubernetes Administration

From the cloud to hybrid environments and on-premise data centers, Kubernetes is essential to managing containerized applications, making it one of the highest-demand IT skills. Set your IT career up for success by learning the key concepts needed to build and administer a Kubernetes cluster, including application lifecycle management, configuring security, and more. In this live, instructor-led course you will learn with a cohort of fellow IT professionals while gaining key knowledge & skills related to the Certified Kubernetes Administrator (CKA) certification exam.

4 d
Intermediate
Linux Foundation
Best

Kubernetes for App Developers

Learning to build Kubernetes applications will open up career opportunities in high-demand roles in DevOps, cloud engineering & containerization roles. Using Python, this course teaches how to define application resources & use core primitives to build, monitor & troubleshoot scalable applications in Kubernetes — including working with network plugins, security & cloud storage to deploy applications in a production environment. This course prepares you for the Certified Kubernetes Application Developer (CKAD) exam.

3 d
Intermediate
View all trainings →

Upcoming sessions

March 23, 2026
Distanciel • Français
Register
August 24, 2026
Distanciel • Français
Register
December 7, 2026
Distanciel • Français
Register

Quality Process

SFEIR Institute's commitment: an excellence approach to ensure the quality and success of all our training programs. Learn more about our quality approach

Teaching Methods Used
  • Lectures / Theoretical Slides — Presentation of concepts using visual aids (PowerPoint, PDF).
  • Technical Demonstration (Demos) — The instructor performs a task or procedure while students observe.
  • Guided Labs — Guided practical exercises on software, hardware, or technical environments.
Evaluation and Monitoring System

The achievement of training objectives is evaluated at multiple levels to ensure quality:

  • Continuous Knowledge Assessment : Verification of knowledge throughout the training via participatory methods (quizzes, practical exercises, case studies) under instructor supervision.
  • Progress Measurement : Comparative self-assessment system including an initial diagnostic to determine the starting level, followed by a final evaluation to validate skills development.
  • Quality Evaluation : End-of-session satisfaction questionnaire to measure the relevance and effectiveness of the training as perceived by participants.

Frequently Asked Questions

LFS460 (Kubernetes Security Fundamentals) is the official Linux Foundation course that teaches you the principles and practices for securing Kubernetes clusters. CKS (Certified Kubernetes Security Specialist) is the most advanced hands-on exam in the Kubernetes ecosystem, validating your ability to secure production environments. LFS460 covers all CKS domains and is the Linux Foundation's recommended preparation.
LFS460 is an advanced training. You must have Kubernetes administration proficiency (CKA level) and ideally hold the CKA certification. A minimum of 6 months practical experience with production Kubernetes clusters is strongly recommended. Knowledge of Linux security (permissions, SELinux/AppArmor) and networking (TCP/IP, firewalls) is also required.
Yes, CKA (Certified Kubernetes Administrator) is a mandatory prerequisite to take CKS. You must hold a valid CKA at the time of registering for the CKS exam. If you don't have CKA yet, we recommend first taking our LFS458 (Kubernetes Administration) training, then LFS460 (Security).
LFS460 covers: cluster security (API server, etcd, kubelet), Network Policies, Pod Security Standards, advanced RBAC, container image security (scanning, signing), secrets management, intrusion detection with Falco, audit logging, compliance (CIS Benchmarks), and supply chain security best practices. All labs use realistic attack and defense scenarios.
CKS is the most difficult Kubernetes exam. After the 4-day LFS460 training, plan for 4 to 6 weeks of intensive practice. The exam lasts 2 hours with complex scenarios requiring speed and precision. Our CKS-certified instructors share concrete strategies for time management and question prioritization. SFEIR Institute offers post-training support to maximize your chances.
Yes, LFS460 includes Cloud Native Security ecosystem tools that are part of the CKS curriculum: Falco for runtime detection, Trivy/Grype for image scanning, OPA Gatekeeper for admission policies, and CIS Benchmarks with kube-bench. You'll learn to deploy, configure, and integrate them into your Kubernetes security strategy.
Absolutely. LFS460 is designed for security professionals who need to secure Kubernetes environments: Security Engineers, DevSecOps, Cloud Security Architects, and SREs with security focus. The training provides the knowledge needed to define Kubernetes security policies, conduct audits, and respond to cluster security incidents.
Yes, like all our Linux Foundation trainings, LFS460 is eligible for corporate training budgets and various European professional development schemes. SFEIR Institute is Qualiopi certified, ensuring eligibility for public funding. We can provide compliant quotes for your organization.

3,000€ excl. VAT

per learner

ReserveQuote