A LAB-ORIENTED CURRICULUM MODEL FOR CLOUD-NATIVE SECURITY AUTOMATION: FROM IMAGE SCANNING TO RUNTIME POLICY ENFORCEMENT
DOI:
https://doi.org/10.52326/jes.utm.2026.33(1).05Keywords:
cybersecurity education, cloud-native security, CNAPP, CWPP, Kubernetes, DevSecOps, container scanning, runtime protection, CVE, complianceAbstract
The accelerating adoption of cloud-native architectures has created a critical gap between academic cybersecurity training and operational industry demands. This paper applies a design-based research (DBR) methodology to propose a lab-oriented curriculum model for cloud-native security automation, structured around the complete build-deploy-run lifecycle. The model integrates progressive static and dynamic security controls aligned with Cloud Workload Protection Platform (CWPP) and Cloud-Native Application Protection Platform (CNAPP) industry practices. Four curriculum modules produce verifiable deliverables, namely scan reports, compliance checklists, runtime policies, and incident analyses, enabling objective competency assessment through a structured rubric. Preliminary validation with 22 master-level students achieved a module completion rate of 90% and an overall competency score of 78%, demonstrating significant improvement over theoryfocused approaches. The model offers a replicable framework for both academic programs and professional continuous education, contributing to reducing the global cybersecurity skills gap estimated at 4.76 million professionals worldwide as of 2024.
References
ISC2. 2024 Cybersecurity Workforce Study. ISC2: Clearwater, FL, USA, 2024. Available online: https://www.isc2.org/Insights/2024/10/ISC2-2024-Cybersecurity-Workforce-Study (accessed on 20 February 2026).
ISC2. 2025 ISC2 Cybersecurity Workforce Study. ISC2: Clearwater, FL, USA, 2025. Available online: https://www.isc2.org/Insights/2025/12/2025-ISC2-Cybersecurity-Workforce-Study (accessed on 1 March 2026).
IBM Security. Cost of a Data Breach Report 2024. IBM: Armonk, NY, USA, 2024. Available online: https://www.ibm.com/reports/data-breach (accessed on 5 February 2026).
Gartner. Market Guide for Cloud-Native Application Protection Platforms 2024. Gartner: Stamford, CT, USA, 2024.
Combe, P.; Martin, A.; Di Pietro, R. (2016) To Docker or Not to Docker: A Security Perspective. IEEE Cloud Computing 3(5), 54–62. Available online: https://doi.org/10.1109/MCC.2016.100 (accessed on 11 February 2026).
Shu, R.; Gu, X.; Enck, W. A (2017) Study of Security Vulnerabilities on Docker Hub. In: Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY) 2017, Scottsdale, AZ, USA, pp. 269–280. Available online: https://doi.org/10.1145/3029806.3029832 (accessed on 21 February 2026).
Rahman, M.; Williams, L.; Johnson, P. (2021) Security Analysis of Kubernetes Deployments. IEEE Access 9, 102401–102415. Available online: https://doi.org/10.1109/ACCESS.2021.3098280 (accessed on 02 February 2026).
Red Hat. State of Kubernetes Security Report 2024. Red Hat: Raleigh, NC, USA, 2024. Available online: https://www.redhat.com/en/resources/state-kubernetes-security-report (accessed on 15 February 2026).
Fairwinds. The Top 5 High/Critical Kubernetes CVEs of 2024. Fairwinds: Boston, MA, USA, 2024. Available online: https://www.fairwinds.com/blog/the-top-5-high-critical-kubernetes-cves-of-2024-have-youpatched-them-yet (accessed on 10 February 2026).
Upwind Security. Understanding & Securing Kubernetes: Key Vulnerabilities. 2025. Available online: https://www.upwind.io/glossary/what-are-kubernetes-vulnerabilities (accessed on 5 March 2026).
Fitzgerald, J.; Stol, K.-J. (2017) DevOps: A Software Architect’s Perspective. IEEE Software 34(3), 16–20. Available online: https://doi.org/10.1109/MS.2017.62 (accessed on 04 February 2026).
Humble, J.; Farley, D.(2010) Continuous Delivery: Reliable Software Releases through Build, Test, and Deployment Automation; Addison-Wesley: Boston, MA, USA.
Myrbakken, S.; Colomo-Palacios, R.( 2017) DevSecOps: A Multivocal Literature Review. IEEE Access 5, 135–148. Available online: https://doi.org/10.1109/ACCESS.2017.2762696 (accessed on 09 February 2026).
Association for Computing Machinery (ACM); IEEE Computer Society. Computer Science Curricula 2013: Curriculum Guidelines for Undergraduate Degree Programs in Computer Science; ACM Press: New York, NY, USA, 2013. Available online: https://www.acm.org/binaries/content/assets/education/cs2013_web_final.pdf (accessed on 11 January 2026).
European Union Agency for Cybersecurity (ENISA). Cybersecurity Skills Development in the EU; ENISA: Heraklion, Greece, 2022. Available online: https://www.enisa.europa.eu/publications/cybersecurity-skillsdevelopment-in-the-eu (accessed on 02 January 2026).
Reeves, T. C. (2006) Design-Based Research and Educational Technology: Rethinking Technology and the Research Agenda. Educational Technology & Society 9(1), 1–5. Available online: https://www.jstor.org/stable/jeductechsoci.9.1.1 (accessed on 25 February 2026).
National Institute of Standards and Technology (NIST). Application Container Security Guide (SP 800-190); NIST: Gaithersburg, MD, USA, 2017. Available online: https://doi.org/10.6028/NIST.SP.800-190 (accessed on 25 February 2026).
Cloud Security Alliance (CSA); Microsoft. Cloud Native Application Protection Platform Survey Report 2023. CSA: Seattle, WA, USA, 2023. Available online: https://cloudsecurityalliance.org/research/topics/cnapp (accessed on 1 March 2026).
Dumbraveanu, R., Peca, L. (2022) E-learning in Developing ICT Skills of Future Engineers. In: 1st International Online Scientific Conference ICT in Life [online]: conf. proceedings, August 2022, Osijek, Croația. Osijek. 2022, pp. 86-95ISSN 2939-3930. Available online: https://www.researchgate.net/profile/aDumbraveanu/publication/362791467. Available online: (accessed on 22 February 2026).
Peca, L.; Țurcanu, D. (2023) Network security: Practical examples solved to be introduced in network security. Tehnica-UTM, Chisinau, 2023, pp. 7–232. Available online: https://www.researchgate.net/publication/370943880 (accesed on 6 February 2026).
Peca, L.; Dumbrăveanu, R. (2022) Learning Management System, Trends in E-Learning [In Romanian]. In: Proceedings of the National Scientific Conference with International Participation. Republican Conference of Teaching Staff. UST, Chisinau, Republic of Moldova, 2022. pp. 124-130. Available online: https://ibn.idsi.md/vizualizare_articol/153353 (accessed on 01 February 2026).
Downloads
Published
How to Cite
License
Copyright (c) 2026 JOURNAL OF ENGINEERING SCIENCE

This work is licensed under a Creative Commons Attribution 4.0 International License.