News Kubernetes

Our Cloud Platform Engineer Sam Toxopeus is now a Kubestronaut

By Alec on

We are thrilled to share that Sam Toxopeus, Cloud Platform Engineer at Cyso Cloud, has passed the Certified Kubernetes Security Specialist (CKS) exam. With this final certification under his belt, Sam has officially earned the title of Kubestronaut, a recognition by the Cloud Native Computing Foundation (CNCF) reserved for professionals who hold all five Kubernetes certifications simultaneously.

The path to Kubestronaut was not something Sam planned from the start. "I had already done the CKA, and then the CKS seemed like a valuable next step given how important security is," he explains. "Since those two are actually the hardest of the five, I figured I might as well go for the other three too."

Cyso Cloud Platform Engineer Sam Toxopeus

What is a Kubestronaut?

The CNCF Kubestronaut programme recognises individuals who have passed all five Kubernetes certifications offered by the Linux Foundation:

  1. KCNA -- Kubernetes and Cloud Native Associate

  2. KCSA -- Kubernetes and Cloud Native Security Associate

  3. CKA -- Certified Kubernetes Administrator

  4. CKAD -- Certified Kubernetes Application Developer

  5. CKS -- Certified Kubernetes Security Specialist

The crucial requirement is that all five certifications must be valid at the same time. Because each certificate expires after a set period, candidates need to plan their path carefully to keep every credential active. It is not simply about passing exams; it is about maintaining a broad, up-to-date command of the entire Kubernetes ecosystem.

As of 2026, only about 2,300 professionals worldwide hold the Kubestronaut title, making it one of the most exclusive recognitions in cloud native technology.

Explore Cyso Cloud Managed Kubernetes →

What is the CKS certification?

The CKS, or Certified Kubernetes Security Specialist, is widely considered the most challenging of the five Kubernetes certifications. It is a hands-on, performance-based exam that tests a candidate's ability to secure container-based applications and Kubernetes platforms during build, deployment, and runtime.

Topics covered in the CKS exam include cluster setup and hardening, system hardening, supply chain security, monitoring and logging, and runtime security. Unlike multiple-choice exams, the CKS requires candidates to solve real-world security scenarios in a live Kubernetes environment within a strict time limit.

Interestingly, despite being the toughest exam, Sam found it the most rewarding. "The CKS was actually my favourite," he says. "Precisely because it was the area where I had the least hands-on experience going in. That made it the most educational of the five."

Sam's successful completion of this exam demonstrates not just theoretical knowledge, but the practical security skills that are essential when managing production Kubernetes clusters for organisations that depend on data sovereignty and compliance.

How to become a Kubestronaut

If you are considering the kubestronaut path yourself, here is what the journey typically looks like:

Start with the foundations. Most candidates begin with the KCNA, which covers the fundamentals of Kubernetes and the cloud native landscape. It is an excellent entry point that validates your understanding of core concepts before moving on to more advanced certifications.

Build your administration and development skills. The CKA and CKAD certifications test your ability to manage clusters and build applications on Kubernetes, respectively. These are hands-on exams, so real-world practice with cluster operations is essential preparation.

Add the security layer. The KCSA provides a foundational understanding of Kubernetes security, while the CKS dives deep into advanced security scenarios. Many candidates, including Sam, tackle the CKS last because it builds on the knowledge gained from the other four certifications. "It felt logical to use the experience from the other exams as a foundation and then tackle the hardest one last," Sam says.

Keep your certifications current. Because all five must be valid simultaneously, plan your exam schedule carefully. Some professionals spread their exams across 12 to 18 months, while others take an intensive approach over a shorter period.

Sam's practical advice for anyone considering the kubestronaut path? "Tinker with Kubernetes in your own time. That is what works best," he says. "Beyond that, the mock exams from KodeKloud are excellent preparation. They helped me get comfortable with the areas I was less familiar with."

He also highlights time management as the biggest challenge during the exams themselves. "The content was not the part that caught me off guard. The real pressure is the clock. If you spend too long on any one question, you can easily run out of time."

The total investment for the kubestronaut certification bundle through the Linux Foundation is significant, but the depth of expertise it represents is unmatched in the Kubernetes ecosystem.

Why this matters for Cyso Cloud customers

At Cyso Cloud, we are a Kubernetes Certified Service Provider (KCSP), a recognition from the CNCF that confirms our team's deep expertise in building, deploying, and managing applications on Kubernetes. Sam earning his Kubestronaut status reinforces what that certification already signals: our engineers do not just operate Kubernetes; they understand it at every level.

When asked whether the certifications changed his day-to-day work, Sam is characteristically straightforward: "Not fundamentally. The certifications primarily confirm that I can actually do what I already claimed to be able to do. But you do pick up practical applications of concepts you already knew along the way." It is a telling answer. For Cyso Cloud customers, it means the expertise was already there, and the Kubestronaut title simply makes it verifiable.

For organisations running workloads on our European Managed Kubernetes platform, this translates into tangible benefits:

Security-first cluster management. With CKS-level expertise on the team, our approach to cluster hardening, network policies, and runtime security is informed by the most rigorous certification available in the Kubernetes space.

Compliance confidence. For businesses operating under GDPR, NEN 7510, or ISO 27001 requirements, knowing that your cloud platform engineers hold advanced security certifications provides an additional layer of assurance. Our infrastructure is ISO 27001 and NEN 7510 certified, and our team's qualifications match that standard.

Proactive problem-solving. The breadth of knowledge required for Kubestronaut status, spanning administration, application development, and security. This means our engineers can identify and resolve issues across the full stack, not just within a narrow specialism.

What comes next

Sam's Kubestronaut journey does not end here. The cloud native ecosystem continues to evolve, with new tools, patterns, and security challenges emerging regularly. At Cyso Cloud, we are committed to continuous learning and keeping our team's skills at the forefront of the industry.

Ready to run your workloads on a platform managed by Kubestronaut-level engineers? Get in touch with our team to discuss how Cyso Cloud's Managed Kubernetes can support your business.

Schedule a meeting →

Stay ahead with the latest European cloud insights

Discover best practices for GDPR-compliant European cloud deployments, learn about the latest Open Source innovations, and explore real-world case studies from organizations successfully navigating their digital transformation journey.

View all blog posts View all blog posts