Skip to content
>_
SecOps
Log
_
Home
Courses
Learning path
Resources
Topics
Blog
All courses
Zero-trust & workload identity
Advanced
5 sections · 15 lessons · ~9h total · 60-question self-test
Start course
01
Zero-trust foundations
3 lessons
Test yourself
01
The zero-trust model
Never trust, always verify; assume breach.
30 min
02
Workload identity, not IP
Cryptographic identity that follows the workload.
30 min
03
Why the perimeter fails
Flat interiors, no clean edge, ephemeral workloads.
25 min
02
SPIFFE & SPIRE
3 lessons
Test yourself
01
SPIFFE IDs & SVIDs
Trust domains, X.509 vs JWT identity documents.
35 min
02
SPIRE & attestation
Node + workload attestation, the Workload API.
35 min
03
SVIDs & rotation
X.509 for mTLS, JWT for requests, short lifetimes.
30 min
03
Service mesh & mTLS
3 lessons
Test yourself
01
Service mesh architecture
Sidecar vs ambient; what the mesh enforces.
30 min
02
mTLS at scale
STRICT mode and the PERMISSIVE migration path.
35 min
03
The mesh CA & trust chain
Issuance, custom roots, protecting signing keys.
30 min
04
Identity-based authorization
3 lessons
Test yourself
01
Identity-based authz
AuthorizationPolicy, default-deny, least privilege.
35 min
02
Request-level auth (JWT)
Validate tokens; authorize on verified claims.
30 min
03
Policy as code & rollout
Version, review, audit→enforce the call graph.
25 min
05
Federation & egress
3 lessons
Test yourself
01
Trust-domain federation
Exchange bundles; multi-cluster, multi-cloud, B2B.
30 min
02
Egress & east-west control
Authorize outbound through an egress gateway.
30 min
03
Continuous verification
Short-lived trust, posture, per-request checks.
30 min
Final exam
Test yourself on everything
60 questions drawn from all 5 sections — every answer explained as you pick.
Start final exam