Tutorials, courses & field notes
Learn to secure what you ship.
Hands-on courses and field notes on Kubernetes, CI/CD pipelines, secrets, and cloud security — beginner to advanced, each with a self-test at the end.
Last publishedJul 3, 2026
$ trivy image payments-api:1.4.2
CRITICAL: 0 HIGH: 2 MEDIUM: 7 LOW: 14
$ cosign verify payments-api:1.4.2
✓ verified — signed by ci@secopslog
$ kubectl label ns payments pod-security.kubernetes.io/enforce=restricted
namespace/payments labeled
$
Kubernetes network policies: default-deny, keep DNS up
Lock down pod-to-pod traffic with a default-deny NetworkPolicy, then re-allow DNS and the flows your apps actually need.Read the tutorialCourses
Beginner to advanced tracks per topic — every course ends with a self-test.
Kubernetes fundamentalsWhat Kubernetes is and how to run your first app.6 sections · 24 lessons · ~5hBeginnerLinux hardeningHarden a default install — SSH, nftables, SELinux, auditd, CIS.5 sections · 16 lessons · ~5hIntermediateSoftware supply chain securityMake every artifact verifiable, from commit to cluster.6 sections · 18 lessons · ~9hAdvancedVault from dev to productionDev server to HA cluster — auth, dynamic secrets, PKI.2 sections · 5 lessons · ~2.5hIntermediate
Topics
Every post is tagged by tool and layer of the stack.