Last updated: April 29, 2026
The Friday night that changed everything
It was a Friday in Bengaluru, around 11pm. Karthik, a senior backend engineer at a 60-person SaaS company, walked out of a Koramangala bar. His laptop bag was still on the back of the chair he had moved away from. By the time he realised, the bag was gone.
His laptop was encrypted. Screen-locked. He filed a police report and went home. The company’s security lead — a one-person team named Anjali — got the message at 7am the next day.
Here is what Anjali found by Saturday afternoon:
- The laptop was logged into Slack with a remembered session. Anyone opening it before the screen lock kicked in had read access to every customer support channel — including the one where engineers occasionally pasted production bearer tokens.
- His AWS console was logged in via SSO. Session token: 12 hours.
- His GitHub was authenticated. Personal access token in his shell history. The token had repo:* and workflow scopes.
- His VPN client auto-connected on boot. Once connected, the corporate network treated him as “trusted” — meaning he had reachability to the internal Jira, Confluence, the Postgres bastion, and three internal admin tools that had no MFA at all because “they’re internal.”
The laptop was eventually recovered, untouched. Lucky. But the post-mortem that Monday was brutal. The architecture had been built on a 1998 assumption: if you are inside the network, you are trusted. Every modern attack — phishing, stolen device, malicious insider, supply-chain compromise — punches a hole in that assumption.
What Anjali rolled out over the next 18 months is what this module is about. It is called Zero Trust.
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.