Cybersecurity, learned like a practitioner.

Advanced Free

Security Maturity Models — NIST CSF, ISO 27001, SAMM, CIS in Practice

Why this module exists. Every Indian enterprise we audit has a “maturity assessment” somewhere on file. Few have one that has been refreshed in the last 18 months; fewer still use it to drive funding decisions. The pattern is the same: a one-time scoring exercise that produced a slide, the slide got presented to the […]

May 13, 2026 35 min Open

Advanced Free

Risk Appetite Statement — Writing One That Drives Decisions

Why this module exists. Risk appetite is where governance meets engineering reality. Without a stated appetite, every risk decision becomes ad hoc — defended by whoever speaks loudest in the room. With a clear appetite stated in measurable terms, the same decision becomes mechanical: “this exceeds the stated threshold, escalation triggered.” This module walks the […]

May 13, 2026 30 min Open

Advanced Free

Board Reporting for Security — Metrics, Narrative, Cadence

Why this module exists. The board is not your peer audience. They are not security practitioners. The report that wins your peers’ approval — a 40-slide dive into MITRE ATT&CK coverage — is the report that loses the board. This module is the operational pattern for the inverse: the report that lets a non-technical decision-maker […]

May 13, 2026 35 min Open

Active Directory Security Advanced Free

AD Trust Relationships Deep Dive — Forest, External, Shortcut

Why this module exists. AD has six distinct trust types. Each has different transitivity, SID Filtering defaults, Kerberos behaviour, and attacker-reachable abuse pattern. The median Indian-bank AD environment we audit has at least one trust whose properties the owning team cannot explain. This module is the missing reference. The six trust types — at a […]

May 13, 2026 35 min Open

Active Directory Security Advanced Free

AdminSDHolder & SDProp Persistence

Why this module exists. AdminSDHolder is one of the cleanest persistence primitives in AD because it abuses a feature, not a bug. Microsoft built SDProp to protect privileged accounts from accidental ACL drift. Attackers turned that protection into a self-healing backdoor. If you have ever seen an environment where the IR team cleaned up the […]

May 13, 2026 30 min Open

Advanced Members

Quantum-Safe Blockchain — Bitcoin BIP-360, Ethereum PQ Roadmap, and the Custodial Migration Plan

Bitcoin and Ethereum both fall to Shor when CRQC arrives. BIP-360, Ethereum account abstraction for PQ signing, custodial implications, the lost-key coin recovery question. Module 15.

May 8, 2026 40 min Open

Advanced Members

Post-Quantum PKI — Migrating Internal CAs, Certificate Hierarchies, and Trust Stores

Migrating PKI to PQ is the most operationally complex part. Algorithm choices per layer (root SLH-DSA, intermediate ML-DSA, leaf ML-DSA), parallel hierarchy strategy, EJBCA/Vault/step-ca tools, trust-store distribution. Module 14.

May 8, 2026 50 min Open

Advanced Members

Crypto-Agility Engineering — Designing Systems for Algorithm Replacement Beyond Post-Quantum

Crypto-agility makes algorithm changes routine. Pluggable algorithm registries, multi-algorithm certificates, hybrid signatures, automated key rotation. The patterns and anti-patterns. Module 13.

May 8, 2026 40 min Open

Advanced Members

Side-Channel Attacks on Post-Quantum Implementations — Kyber Timing Leaks and Constant-Time Defences

PQ algorithms are quantum-resistant but vulnerable to classical side-channel attacks if implemented carelessly. Documented Kyber/Dilithium timing leaks, constant-time defences, and how to verify your PQ libraries. Module 12.

May 8, 2026 40 min Open

Advanced Members

Migrating to Post-Quantum Cryptography in Production — TLS, SSH, JWT, S/MIME (24-Month Playbook)

Operational playbook for enterprise PQ migration: cryptographic inventory, hybrid pilot, vendor coordination, JWT/SSH/PKI rollout phases. The 24-month engineering plan. Module 11.

May 8, 2026 50 min Open