Cyber Shelf

// Comparison

Hacking Kubernetes vs Kubernetes Security and Observability: Which Should You Read?

Two cybersecurity books on Containers, compared honestly: who each is for, what each does best, and which to read first.

Intermediate
4/52021
Hacking Kubernetes

Threat-Driven Analysis and Defense

Andrew Martin, Michael Hausenblas

A threat-modeling tour of a Kubernetes cluster, component by component, that teaches you to harden defaults by first showing you how each one gets broken.

Advanced
3/52021
Kubernetes Security and Observability

A Holistic Approach to Securing Containers and Cloud-Native Applications

Brendan Creane, Amit Gupta

Brendan Creane and Amit Gupta's combined treatment of Kubernetes security and observability — RBAC, network policy, runtime detection, and the telemetry needed to make any of it operationally real.

Read this if

Platform and security engineers who own clusters in production and want an attacker's map of where the soft spots are.
Platform engineers and SRE-security hybrids running production Kubernetes who want a single reference for the security-and-observability boundary. Strongest on the network-policy and runtime-detection sections, where most teams are weakest in practice.

Skip this if

Skip this if you are new to Kubernetes or want a step-by-step hardening checklist; it explains why more than it hands you copy-paste configs.
Readers wanting depth on Kubernetes architecture itself, multi-tenancy patterns, or supply-chain (SLSA, signed images) detail. Also somewhat Calico-flavored — the authors are from Tigera — which is fine if you know to read past the marketing.

Key takeaways

  • Default Kubernetes is built for convenience, not safety, and every chapter shows a default that an attacker is grateful for.
  • Container breakout, lateral movement, and supply-chain compromise are the threats that actually matter, not the ones the dashboards highlight.
  • Defense is layered: a single misconfigured RBAC binding or hostPath mount undoes everything else.
  • Security without observability is unfalsifiable; the book's central argument is that they are one workstream, not two.
  • Network policy is operationally hard, not conceptually hard — the chapters on rolling out default-deny in production are the most useful.
  • Runtime detection is necessary because admission controllers cannot catch everything; the book treats the trade-off honestly.

How they compare

We rate Hacking Kubernetes higher (4/5 against 3/5 for Kubernetes Security and Observability). For most readers, that means Hacking Kubernetes is the primary pick and Kubernetes Security and Observability is a useful follow-up.

Hacking Kubernetes is pitched at intermediate level. Kubernetes Security and Observability is pitched at advanced level. Read the easier one first if you're not yet comfortable with the topic.

Hacking Kubernetes and Kubernetes Security and Observability both cover Containers, Cloud, so reading them in sequence reinforces the same material from different angles.

Keep reading

Hacking Kubernetes

Alternatives to Hacking KubernetesWhat to read after Hacking Kubernetes

Kubernetes Security and Observability

Alternatives to Kubernetes Security and ObservabilityWhat to read after Kubernetes Security and Observability

Related topics

ContainersCloud