The Linux Foundation: Authoring the Kubernetes and Cloud Native Security Associate (KCSA) Exam

How the world's leading open source organisation developed a new certification for the next generation of Cloud Native security professionals

About The Linux Foundation

The Linux Foundation (LF), based in San Francisco, is a global leader in open source technology. Operating in over 160 countries, it champions open source principles and fosters innovation. Backed by a diverse community, it brings together independent developers and Fortune 500 companies, shaping a collaborative digital future.

Addressing the Cloud Native Security Skills Gap

The Linux Foundation, a leading authority in open source technology, recognises the profound and wide-reaching implications of cloud native security and the importance of training and educating people in this area. Certifications developed by the LF, such as the Certified Kubernetes Administrator (CKA) and Certified Kubernetes Security Specialist (CKS), are highly valued for their technically challenging questions.

In response to industry trends indicating a demand for cloud and container skills, the LF launched the Kubernetes and Cloud Native Associate (KCNA) exam in 2021, to attract more individuals to this field. In early 2023, a second certification was introduced to address the cloud and container security skills gap. This certification, known as the Kubernetes and Cloud Native Security Associate exam (KCSA), was developed by a diverse group of experts from the cloud native security community.

ControlPlane played a pivotal role in this initiative. Their deep knowledge and understanding of the field were instrumental in shaping the KCSA exam. ControlPlane’s expertise ensured the certification was market-ready and reflected real-world scenarios and challenges. This practical approach enhances the value of the certification, making it a truly effective tool for professionals seeking to demonstrate their skills in cloud native security.

Challenges

Developing a new certification targeted at pre-professional candidates introduces some unique challenges, as there is a need to balance accessibility with academic rigour. The questions must be difficult enough for the exam to be valuable, while still being achievable by the candidates.

The diverse group of Subject Matter Experts (SMEs) brought various backgrounds and perspectives on cloud native security, and the written exam questions were subject to a peer review process. This review process focused not only on the technical correctness but also on the clarity and inclusivity of the questions and answers (both correct and incorrect). Over 200 questions were authored and reviewed to ensure the exam could be varied for each candidate.

Solutions

ControlPlane dedicated the time of several consultants at a range of levels of cloud native security experience, from under two years to over a decade. These varied experiences enabled the questions to be written at an appropriate level for all candidates while drawing on the wealth of industry experience present in the company. ControlPlane contributed over 180 questions to the exam pool and was heavily involved in all stages of the review process up until the exam was submitted for beta testing.

Covering a range of topics featuring Kubernetes Threat Modelling, Platform Security, Compliance Frameworks and Cluster Component Security, the KCSA exam questions draw on many of ControlPlane’s core competencies, reflecting over 200 combined years of industry and community experience in this area.

The tight timeframes in which ControlPlane contributed to this exam allowed the Linux Foundation to offer this exam as part of their Cyber Monday sale, increasing its visibility and making it more financially accessible to interested candidates.

Business Outcomes

The Linux Foundation, in collaboration with ControlPlane, developed a brand new certification exam which will enable new talent to nurture and demonstrate their cloud native security skills. These individuals will be equipped to apply these skills in companies and institutions worldwide, reducing the risk of personal data breaches and safeguarding critical infrastructure by leveraging the rapidly evolving ecosystem of cloud native security tools and processes.

The KCSA certification strengthens the Linux Foundation’s educational offering to those earlier in their cloud native security journey and demonstrates their role as leaders in the open source security world.