O'Reilly: Kubernetes Security and Threat Modelling Courseware

About O’Reilly
O’Reilly is a leading platform that provides high-quality educational content and training courses across a broad spectrum of technology-related subjects. Founded in 1984 as a technical writing consulting firm and renowned for its commitment to staying at the forefront of emerging trends and innovations, O’Reilly is a hub for professionals and enthusiasts seeking to deepen their understanding of various technologies.
In 2001, O’Reilly launched Safari Books Online, a subscription-based service providing access to ebooks as a joint venture with the Pearson Technology Group. In 2014, O’Reilly acquired Pearson’s interest in the joint venture, rebranding it O’Reilly online learning, which is now a wholly owned subsidiary of O’Reilly Media, based in Sebastopol, California.
O’Reilly online learning has millions of users through B2B, consumer, government, and library channels. Customers include Silicon Valley companies like Google, Amazon, Netflix, and Tesla as well as giants in industrial, banking, and other sectors.
Elevating Cloud Native Security Expertise on the O’Reilly Online Learning Platform
ControlPlane, recognised for its distinguished expertise in cloud native security, joined forces with O’Reilly to develop and deliver cutting-edge training on Kubernetes cluster security, and modern and lightweight threat modelling techniques designed for rapidly evolving cloud systems. This collaboration emerged from ControlPlane’s extensive experience providing cloud native security consultancy support to some of the world’s largest organisations and a strong background in crafting and delivering training material.
The partnership aimed to contribute cutting-edge content to the O’Reilly platform, catering to individuals and businesses seeking in-depth knowledge of the latest Kubernetes security features and threat modelling guidance.
ControlPlane authored two courses, “Kubernetes Security: Attacking And Defending Kubernetes” and “Kubernetes Threat Modelling: Securing cloud native applications”, and delivered them as live events on the O’Reilly platform in multiple instances.
Challenges
O’Reilly faced the challenge of delivering live training events on cutting-edge cloud native security as part of its online learning platform portfolio in its pursuit of staying current with rapidly evolving technologies. O’Reilly was deemed to publish relevant and up-to-date training content that would attract a diverse audience of online learners eager to explore the forefronts of cloud security, emphasising practical learning through hands-on labs and real-world scenarios.
Solutions
ControlPlane’s approach to developing training material was grounded in practical engineering experience gained from securing Kubernetes clusters and cloud native infrastructure for highly regulated clients.
“Kubernetes Security” presented the unique challenges of container security and the attack surface of Kubernetes clusters before detailing the most significant attacker scenarios and how administrators may implement controls to mitigate security risks. “Kubernetes Threat Modelling” guided the audience on how to threat model a complex cloud native system, with the ultimate goal of distilling threats, implementing security controls, and evaluating the effectiveness of the mitigations.
Following the agreement on the syllabi for each course, ControlPlane meticulously crafted lab exercises designed to offer students practical, hands-on examples of the technologies covered. These exercises were complemented by comprehensive slides introducing students to various Kubernetes and cloud native security topics, enriched with real-world examples illustrating how clusters are secured within the context of large organisations navigating numerous compliance and regulatory requirements.
Business Outcomes
The partnership between ControlPlane and O’Reilly yielded numerous successful deliveries of “Kubernetes Security” and “Kubernetes Threat Modelling” courseware as part of the O’Reilly online learning platform, with several hundred attendees each, which provided exceptional feedback with regards to the courses’ content, pace, slideware, and practical labs. Learners benefited from a unique blend of theoretical insights and hands-on proficiency, enhancing their understanding of the subject matter.
This outcome indicated the effectiveness of the collaboration in providing valuable, practical, and relevant training content. The courses offered on the O’Reilly platform stand as a testament to the successful integration of industry expertise and educational prowess, significantly advancing knowledge in cloud native security.
Similar case studies

Questrade, Inc: GKE Infrastructure Threat Modelling

Verisign: Security Assurance of Critical, Internet-Scale, On-Premises Kubernetes Platform
