Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Intermediate · modules
Modules tagged Intermediate. Use the sidebar to narrow by track or topic.
Secret Management Platforms
Module 7 (DevSecOps track) covered secret-leak prevention. This is the platform comparison. Comparison Platform Strengths Weaknesses HashiCorp Vault Open source; flexible; rich auth methods; dynamic secrets Operational complexity AWS Secrets Manager AWS-native; rotation built-in; KMS integration AWS-only; per-secret cost Azure Key Vault Azure-native Azure-only GCP Secret Manager GCP-native; simple GCP-only; fewer features Doppler Modern UX; […]
Hashing — Passwords & Integrity
“How do we hash passwords?” is the most-asked question. The answer evolved. 2026 password-hashing recommendations Argon2id — first choice; OWASP recommended bcrypt — second choice; widely supported scrypt — third; less library support PBKDF2 — only when FIPS 140 compliance forced NEVER — MD5, SHA-1, SHA-256/512 alone, plain hashing without salt Argon2id parameters (OWASP 2026) […]
TLS/PKI Incidents — What Happens When Crypto Breaks
Crypto breaks rarely; when it does, it’s catastrophic. Notable incidents DigiNotar 2011 — CA compromised; rogue certs for Google. Browser distrust = company death. Heartbleed 2014 — OpenSSL bug exposed memory to attacker. Remediation involved rotating every cert. POODLE 2014 — SSL 3.0 padding-oracle. End of SSL 3.0. Logjam 2015 — DH key-exchange weakness. End […]
Crypto Compliance Mapping
Auditors ask “is your encryption FIPS 140-2/3 compliant?” Industry answers vary by sector. FIPS 140 levels Level 1 — software-only crypto module; algorithms tested Level 2 — physical tamper-evidence (HSM with seal) Level 3 — physical tamper-resistance (HSM strong enclosure) Level 4 — full environmental protection (HSM with auto-zeroize) Indian sectoral requirements Sector Requirement RBI […]
GRC Metrics for Executives
Operational SOC metrics (Module 13 Blue Team) inform analysts. Executive metrics inform decision-making. Executive metrics Risk trend — total risk score, top-5 risks, treatment status Control coverage — % of controls implemented + tested Audit results — findings count by severity, time-to-remediation Vendor risk — % of tier-1 vendors with current SOC 2/ISO Incident metrics […]
Reporting Security to the Board
Board members aren’t security experts. They are fiduciaries who need to discharge oversight responsibility. What boards want to know What’s our risk posture? How does it compare to peers? What’s our biggest exposure? Are we investing the right amount? What incidents have happened? What’s coming up regulatorily? The 15-minute briefing Heat-map of top risks (1 […]
Regulatory Tracking Process
Indian + international regulations evolve constantly. Missing a notification = compliance failure. Establish process for tracking. Sources to monitor MeitY — DPDP, IT Act amendments RBI — for financial services SEBI — for capital markets IRDAI — for insurance CERT-In — directions, advisories NCIIPC — for critical infrastructure TRAI / DoT — telecom International — […]
Symmetric Cryptography in Practice
Symmetric crypto is fast, ubiquitous, and routinely misused. Modes that matter AES-256-GCM — authenticated encryption with associated data; default choice ChaCha20-Poly1305 — alternative AEAD; faster on devices without AES-NI AES-CBC — legacy; no built-in auth (vulnerable to padding-oracle if MAC absent) AES-CTR — fast; needs separate MAC; nonce reuse catastrophic AES-ECB — never use; reveals […]
IoT Protocols — MQTT, CoAP, Modbus
IoT/OT runs on protocols designed for constrained devices, often without security as primary concern. The big four MQTT — pub/sub for IoT. Default no auth; if auth, often password in plaintext. TLS optional. CoAP — HTTP-like for constrained devices. UDP-based; DTLS optional. Modbus — industrial. No auth. No encryption. Designed 1979. BACnet — building automation. […]
OT Network Monitoring
Active scanning breaks OT — even an Nmap can crash a PLC. Passive monitoring is the norm. Tools Claroty CTD — top-tier; Indian energy sector adoption Nozomi Networks — competitor Dragos Platform — industrial-control-specific Open source — Zeek with industrial parsers Detection patterns Unauthorised PLC programming (write to coil/register) HMI talking to non-PLC destinations Firmware […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.