Misconfigurations in infrastructure-as-code (IaC) can be just as dangerous as vulnerabilities in code. Small mistakes in configuration can lead to the exposure of sensitive data on the internet, or private endpoints and dashboards made vulnerable to anonymous users and abused as an initial point of compromise. Recent security research findings indicate the rise in malware targeting the Kubernetes platform brings home the need for secure configuration.