On Saturday 30.10.2021 and in less than 24 hours of the exam, I got an email that I passed the CKS exam on the first try and I'm now a Certified Kubernetes Security Specialist. So now I have the 3 Kubernetes certificates (CKA, CKAD, and CKS). 🎉🎉
So is it now DevSecOps? 😄️ Well ... let's take a look on some details about the "why" of getting a certificate.
Goals and motivation
First of all, I'm not a big fan of just collecting certificates (I just got 7 of them in 10 years ... only 2 of them are MCQ and the reset are hands-on performance based), however, I know how working on a certificate can helps a lot! It can fill in the gaps, boost, and polish your technical skills. For me, each certificate has its own goals and motivation.
For example CKA (I got it in 2019), even I had a proper Kubernetes production experience, I studied for certificate to make sure I cover different workloads and to made sure that I have wider knowledge about Kubernetes ecosystem.
And for CKAD (I got it in 2020), my main goal was to find how to make a smooth Kubernetes transformation in DevOps manner, especially for engineers without Ops background e.g. software engineers (so I actually reviewed CKAD curriculum from different sources to find the best fit for developers from different backgrounds!).
Also, CKS was the same; it has its own goals and motivation. Most of my security knowledge mainly came from my early career before Kubernetes, so I wanted to extend my knowledge in that domain to apply security best practices in the Kubernetes ecosystem. As a Linux system engineer in an enterprising hosting company, you deal with many clients with different stacks and web applications; security has always been a critical pillar for reliable service. Even though the security knowledge and skills that I learned from that time still help me till now; but after moving to the Kubernetes ecosystem a couple of years ago, I needed to refresh that knowledge in a structured way.
TBH, I enjoyed the CKS topics a lot! CKS covers the whole stack, starting with understanding the Kubernetes attack surface, operating system hardening, cluster hardening, supply chain security, service vulnerabilities, monitoring and observability, and many more. The content covers a wide range of practices or, in other words, the necessary topics that should be part of the day-to-day security ecosystem in Kubernetes! Essential practices that everyone should do as well as advanced practices that are needed in some use cases (e.g. critical industries, for example, health and finance).
Resources
This time I just focused on one a main source for study and exam preparation. That was the KodeKloud course Certified Kubernetes Security Specialist (CKS) by Mumshad Mannambeth. Which I recommend it 100% for all Kubernetes certificates. (CKA, CKAD, and CKS).
But as usual, don't put all your eggs in one basket! So the second source for review was Killer.sh (aka KillerShell) which is simply a Kubernetes exam simulator. In fact, it's now officially integrated by Linux Foundation, and you get 2 free simulator sessions when you purchase your exam (for CKA, CKAD, and CKS)!
IMO, if you don't want to spend money on the certificate itself, you can just go with the KillerShell exam simulator and you will get almost the same experience!
Tips
So, most of the exam tips from my CKA exam post (10 tips for Certified Kubernetes Administrator exam) are still valid.
However, I'd like to mention some points here:
- Read the KillerShell FAQ page; it has a lot of helpful info.
- KillerShell exam simulator is excellent, but it's harder than the actual exam (that's mentioned in the FAQ). Which TBH I find annoying! I got confused when I was thinking about my exam strategy! (more details about exam strategy in the CKA exam tips post)
- Both KodeKloud and KillerShell web terminals are not 100% identical to that's used in the exam Especially the "auto-copy"! It's not only that you probably will be slower in the exam than the pre-exam practices, but also this no auto-copy is confusing!
- Don't panic if you didn't do all subtasks within the task! According to KillerShell FAQ: "The Linux Foundation will calculate a score based on successful subtasks. Also considering if some subtasks are harder than others".
- Since CKS covers many tools not part of Kubernetes itself (like Falco and Tivy), Bookmark the docs URL, so it's easy to access if needed in the exam (you can open 1 extra tab for official docs).
- Get a bigger screen! The laptop or small screen will limit you a lot! (I have 24-Inch and it worked pretty good)
- If you are using wireless mouse and keyboard, make sure they are charged.
- One of the annoying thing in the exam environment is that no time "counter"! It's just a time "bar" with no accurate indication how much time do you have! And you need to ask the remote exam supervisor via the chat! If it's allowed (I didn't tried that in the exam) probably I'd like to have a system indicator like Kitchen Timer (since you cannot have physical timer on you desk).
- Disable your Ctrl+w shortcut! This is really important! This shortcut is used almost everywhere! And it closes the tab in Chrome-like browsers (e.g. Chrome, Chromium, Brave, etc.). You will not believe how many times you will hit it unconsciously just by muscle memory! (more details about this in the CKA exam tips post)
Finally, one tip that's not needed anymore is enabling the kubectl k shortcut with autocomplete. It's already there now.
For me, it was a great and exciting experience and totally worth it on many levels :-)
