 Hello, my name is Tim Sarowitz. I am a trainer and course developer for the Linux Foundation. Today, I'd like to talk to you about Kubernetes Security Essentials course. This course is intended to help you secure your Cloud environment and also prepare you for the Certified Kubernetes Security Specialist, or CKS exam with up-to-date practical exercises. This is not a brain dump type course focused on just passing the exam. Instead, it is meant to touch on the topics you will need to secure your production environment. Keeping the Cloud environment secure is an ongoing and wide-ranging task. As more moves to the Cloud, we must learn how to secure more than just Kubernetes, including the many possible open source projects you may end up using. Starting in the design phase, care must be taken to secure safe hardware, operating system and Cloud software binaries, and creating secure repositories to serve images to the Cloud. Various tools probably should be configured prior to installing Kubernetes, including centralization of access and policies. You should harden the operating system as well. Once the platform is hardened and Kubernetes installed, the Kube API server has a list of considerations, tools and settings to limit access and configure the Kube API server in an easy to understand manner. As a network intensive environment, it becomes important to secure the network, both inside Kubernetes as done with a network policy, as well as traditional firewall tools and pod-to-pod encryption. Minimizing base images, insisting on container immutability, and static and runtime analysis tools are also an important part of security, which often begins with the developers and is implemented in the CICD pipeline prior to an image being used in a production cluster. Tools like AppArmor and AC Linux should also be used to further protect the environment from malicious software and users. Security is more than just initial settings and configuration. It is a process of issue detection using intrusion detection tools and behavioral analytics. There needs to be an ongoing process of assessment, prevention, detection, and reaction following written and often updated policies. This and more is covered in the LFS 260 course. There is also an instructor led version of the course, LFS 460. Go to training.linuxfoundation.org and sign up today.