Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Intermediate · modules
Modules tagged Intermediate. Use the sidebar to narrow by track or topic.
Vendor Risk Management Programme
Module 7 (DPDP track) covered DPA-specific. This is the broader vendor-risk programme. Programme components Vendor classification (tier 1/2/3 by data sensitivity, criticality) Onboarding due diligence (questionnaire, contracts, SOC 2/ISO collection) Continuous monitoring Periodic reassessment (annual for tier 1; biannual for tier 2) Offboarding (data return / deletion) The classification matrix Tier Criteria Treatment 1 Handles […]
Purdue Model & ICS Architecture
Purdue Model = standard reference architecture for ICS networks. Six levels of segmentation. Levels Level 0 — physical process (sensors, actuators) Level 1 — basic control (PLCs, RTUs) Level 2 — area supervision (HMIs, historians) Level 3 — site operations (MES, plant historians) Level 3.5 — DMZ between OT and IT Level 4-5 — corporate […]
IoT Protocols — MQTT, CoAP, Modbus
IoT/OT runs on protocols designed for constrained devices, often without security as primary concern. The big four MQTT — pub/sub for IoT. Default no auth; if auth, often password in plaintext. TLS optional. CoAP — HTTP-like for constrained devices. UDP-based; DTLS optional. Modbus — industrial. No auth. No encryption. Designed 1979. BACnet — building automation. […]
OT Network Monitoring
Active scanning breaks OT — even an Nmap can crash a PLC. Passive monitoring is the norm. Tools Claroty CTD — top-tier; Indian energy sector adoption Nozomi Networks — competitor Dragos Platform — industrial-control-specific Open source — Zeek with industrial parsers Detection patterns Unauthorised PLC programming (write to coil/register) HMI talking to non-PLC destinations Firmware […]
Bluetooth & Zigbee Security
Wireless protocols for IoT have specific attack surfaces. BLE Pairing modes: Just Works (no auth), Passkey, OOB Many devices use Just Works (vulnerable to MITM during pairing) Tools: Ubertooth, BTLEjuice, Sniffle, ESP32-based Zigbee / Z-Wave Network keys; if leaked once during initial pairing, devices vulnerable forever Tools: KillerBee, Z-Wave Hacking Toolkit Common findings Smart locks […]
IoT Supply Chain Risk
IoT devices ship with security debt. Default creds, no update mechanism, hardcoded keys. Supply chain compounds it. Issues Default credentials never changed (Mirai botnet exploited this) No firmware updates after sale (10-year-old vulns active) Hardcoded private keys discovered post-shipment Foreign-manufacture concerns (geopolitical) Recycled chips with unknown firmware Indian regulatory environment 2022 CERT-In Direction requires equipment […]
ISO 27001:2022 Implementation
ISO 27001:2022 is the global infosec standard. Indian SaaS that sells to enterprise customers needs it. The ISMS lifecycle Define scope (which systems, departments, locations) Risk assessment (assets, threats, vulnerabilities, risk treatment) Statement of Applicability (SoA) — which Annex A controls apply Implement controls Internal audit Management review External audit (Stage 1 + Stage 2) […]
SOC 2 Type II — Indian SaaS Reality
SOC 2 isn’t a certification — it’s an attestation. CPA opines on your controls. Indian SaaS selling to US customers will have it requested. Trust Services Criteria (TSC) Security — required Availability — for SLA-bound services Confidentiality — when handling sensitive customer data Processing Integrity — for transaction processors Privacy — when handling PII Most […]
Strategic Threat Intelligence
Tactical TI is for SOC. Strategic TI is for executives. Different language, different cadence, different artefacts. Strategic questions Which threat actors target organisations like ours? What are their goals (extortion, espionage, disruption)? What’s their technical sophistication level? Are we more or less targeted than peers? What investments would meaningfully shift the risk? Strategic artefacts Threat […]
Red-to-Purple Handoff
One-shot red team engagement: report → file in drawer. Purple-team handoff: report → workshop → detections built. The latter is what produces lasting improvement. The handoff workshop Red team walks through engagement chronologically For each step: blue team confirms what (if any) signal fired Where signal fired but ignored — investigate why Where no signal […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.