// Comparison

Container Security vs Kubernetes Security and Observability: Which Should You Read?

Two cybersecurity books on Cloud, compared honestly: who each is for, what each does best, and which to read first.

Intermediate

4/52020

Fundamentals for Securing Containerized Applications

Liz Rice

Liz Rice's first-principles introduction to how Linux containers actually work — namespaces, cgroups, capabilities, seccomp, image layering — and the security implications that fall out of those mechanics.

Advanced

3/52021

Kubernetes Security and Observability

A Holistic Approach to Securing Containers and Cloud-Native Applications

Brendan Creane, Amit Gupta

Brendan Creane and Amit Gupta's combined treatment of Kubernetes security and observability — RBAC, network policy, runtime detection, and the telemetry needed to make any of it operationally real.

Read this if

Engineers and security people who use containers daily but treat them as boxes. The book is the rare introduction that explains containers as compositions of Linux primitives rather than as a Docker-shaped product, and that is exactly what makes the security argument legible.

Platform engineers and SRE-security hybrids running production Kubernetes who want a single reference for the security-and-observability boundary. Strongest on the network-policy and runtime-detection sections, where most teams are weakest in practice.

Skip this if

Readers needing in-depth Kubernetes, supply-chain (SLSA, in-toto, Sigstore), or cloud-runtime-specific (Fargate, Cloud Run, ECS) coverage; pair with the Kubernetes books and current SLSA documentation. Also light on Wasm-runtime alternatives, which are an increasing fraction of the field.

Readers wanting depth on Kubernetes architecture itself, multi-tenancy patterns, or supply-chain (SLSA, signed images) detail. Also somewhat Calico-flavored — the authors are from Tigera — which is fine if you know to read past the marketing.

Key takeaways

A container is not a box; it is a process with curated views of namespaces and resources, and most container vulnerabilities live in the gap between that mental model and the box mental model.
Capability dropping, read-only root filesystems, and seccomp profiles are not optional — Rice makes the case persuasively with concrete examples.
Image-supply-chain hygiene is half the security story; the book pre-dates SLSA but motivates it cleanly.

Security without observability is unfalsifiable; the book's central argument is that they are one workstream, not two.
Network policy is operationally hard, not conceptually hard — the chapters on rolling out default-deny in production are the most useful.
Runtime detection is necessary because admission controllers cannot catch everything; the book treats the trade-off honestly.

How they compare

We rate Container Security higher (4/5 against 3/5 for Kubernetes Security and Observability). For most readers, that means Container Security is the primary pick and Kubernetes Security and Observability is a useful follow-up.

Container Security is pitched at intermediate level. Kubernetes Security and Observability is pitched at advanced level. Read the easier one first if you're not yet comfortable with the topic.

Container Security and Kubernetes Security and Observability both cover Cloud, Containers, so reading them in sequence reinforces the same material from different angles.

Keep reading

Container Security

→ Alternatives to Container Security → What to read after Container Security