Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Intermediate · modules
Modules tagged Intermediate. Use the sidebar to narrow by track or topic.
DNS Security — DoH, DoT, DNSSEC, Sinkholing
The classic DNS problems Plaintext queries visible to network observers. Response forgery / cache poisoning. No cryptographic authenticity. DNS used for data exfiltration. DGA and fast-flux evading blocklists. DoH and DoT Protocol Port Defender visibility DoT 853/TCP Recognisable at the network layer DoH 443/TCP mixed with HTTPS Hidden in HTTPS; hard to distinguish DoQ 443/UDP […]
SOC Metrics That Actually Drive Improvement
The bad metrics Total alerts processed — measures volume, not value. Encourages keeping noisy rules. Alerts per analyst per shift — encourages superficial triage. Closed-without-investigation rate — encourages closure, not analysis. Mean-time-to-acknowledge alone — encourages clicking without thinking. The good metrics For analysts Mean Time To Detect (MTTD): from compromise to detection. Hard to measure […]
Cloud Security Posture Management (CSPM) at Production Scale
What CSPM tools do Connect to cloud accounts via API; continuously enumerate resources and configurations; check against benchmark rules; report findings. Tool Strength Prowler (open-source) AWS-focused; broad CIS coverage ScoutSuite (open-source) Multi-cloud (AWS, Azure, GCP) CloudSploit / Aqua (open-source) Multi-cloud; modern UI Wiz, Orca, Palo Alto Prisma Commercial; agentless scanning + risk graph AWS Security […]
Identity Governance — Lifecycle, Access Reviews, SoD
What IGA covers Lifecycle management: joiner, mover, leaver workflows. Access provisioning: who gets what, on what basis. Access reviews / certification: periodic re-validation of access. Segregation of duties (SoD): enforcement that conflicting roles don’t combine. Compliance reporting: evidence for audits. The joiner-mover-leaver workflow Joiner HR creates employee record in HRIS. IdP receives event; creates user […]
Federation at Scale — SAML, OIDC, SCIM Patterns
The three protocols Protocol Purpose SAML 2.0 Browser-based SSO; enterprise standard since 2005 OIDC (OpenID Connect) SSO on top of OAuth 2.0; modern API-first SCIM Automated user provisioning and de-provisioning SAML in practice Service Provider (SaaS) redirects user to Identity Provider for authentication. IdP authenticates and returns signed SAML assertion to SP. SP validates signature, […]
Data Discovery and Classification — Automated Approaches
Why this module exists. Manual data classification fails. Survey-based “where is sensitive data” produces inventories that miss 40-60% of actual locations. Modern automated discovery + ongoing classification is the workable approach. The classification framework A simple, defensible scheme: Level Examples Treatment Public Marketing material, published API docs Standard controls Internal Org charts, internal policies, financial […]
DLP at Scale — Endpoint, Network, and Cloud
Why this module exists. Indian enterprises commonly buy DLP licences and never tune them effectively. The deployment runs in monitor-mode forever, alerts go to a queue nobody reads, and the same exfiltration paths remain open. This module covers what works. The three DLP channels Channel What it covers Endpoint DLP USB transfers, clipboard, screen capture, […]
SAST, DAST, and Security in the CI/CD Pipeline
Why this module exists. SAST that produces 1000 false positives per scan trains developers to ignore findings. SAST tuned and triaged surfaces real bugs caught before merge. The difference is operational discipline, not tool choice. The testing pyramid for AppSec Tool class When Catches SAST In IDE / pre-commit / PR Code-level bugs (injection, crypto […]
Dependency Security and SBOM Management
Why this module exists. Your application’s CVE exposure is mostly in its dependencies, not its own code. Managing that exposure requires inventory, monitoring, and a remediation cadence. SBOM — the Software Bill of Materials An SBOM is the declared list of components in a software artefact. Two standard formats: CycloneDX: OWASP-led. JSON/XML. Strong tooling support. […]
Authentication and Session Management — Modern Patterns
Why this module exists. Modern authentication is not “username + password + check the DB.” It is a stack of OAuth flows, token handling, cookie discipline, MFA orchestration. This module covers what works. Password handling — when you must store one Argon2id is the current default for password hashing. PBKDF2 acceptable; bcrypt acceptable; scrypt OK. […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.