Cybersecurity, learned like a practitioner.

24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.

24
Learning paths
398+
Live modules
0
You've completed
Free
Your tier
Browse the academy

Intermediate · modules

Modules tagged Intermediate. Use the sidebar to narrow by track or topic.

273 results · Page 18/28
Filtering: Level: Intermediate × Clear all →
API Security Deep Dive Intermediate Free

SDKs as Attack Surface

Why this module. If you publish an SDK (Python, JS, mobile native), attackers analyse it to learn about your API’s structure, undocumented endpoints, and assumptions. Plus: SDK becomes part of customer’s supply chain — your bugs become their problems. The SDK threat model Attacker reverse-engineers SDK to learn API structure Attacker finds hardcoded endpoints, debug […]

Apr 27, 2026 20 min Open
DevSecOps Intermediate Free

Dependency Management & Renovate

Why this module. 80% of application code is third-party dependencies. Each is a CVE waiting to happen. Manual updates don’t scale; automated bots are non-negotiable in 2026. The two leading bots Dependabot (GitHub) — free, easy, default for GitHub repos. Limited customization. Renovate — open source, very flexible, multi-platform (GitHub, GitLab, Bitbucket). Industry favourite for […]

Apr 27, 2026 20 min Open
DevSecOps Intermediate Free

Threat Modelling for Engineers (STRIDE/LINDDUN)

Why this module. Threat modelling has a reputation as a heavyweight, consultant-driven exercise. It doesn’t have to be. Done right, it’s a 90-minute workshop that produces a list of design-time security improvements worth more than 100 hours of post-deployment patching. STRIDE in 60 seconds Microsoft’s mnemonic for categories of threats: Spoofing — impersonating someone Tampering […]

Apr 27, 2026 30 min Open
DevSecOps Intermediate Free

Security Champions Programme

Why this module. A security team can’t be in every code review, every architecture meeting, every incident discussion. Security Champions are embedded engineers who carry the security mindset into their teams — multiplying the security team’s reach by 10-50x. Who is a Champion An engineer (not security professional) who: Volunteers (or is selected with consent) […]

Apr 27, 2026 20 min Open
DevSecOps Intermediate Free

Vulnerability Triage at Scale

Why this module. A typical enterprise scan returns 50,000+ CVEs across servers, containers, dependencies. Trying to “fix all critical/high” is mathematically impossible at that scale. Modern triage uses EPSS, KEV, reachability, and asset criticality to focus the 200 fixes that matter. The signals beyond CVSS CVSS — severity in theory. The original signal; loud and […]

Apr 27, 2026 25 min Open
DevSecOps Intermediate Free

Shift-Right Security — Runtime Defence

Why this module. “Shift-left” — find security issues earlier — became dogma. But shift-left has limits: bugs ship anyway, dependencies have CVEs you can’t anticipate, attackers find new exploits. Modern teams add “shift-right” — runtime detection and response — without abandoning shift-left. Where shift-left fails Zero-day exploits — by definition unknowable at build time Configuration […]

Apr 27, 2026 25 min Open
DevSecOps Intermediate Free

DevSecOps Metrics & Maturity

Why this module. Engineering teams measure DORA. Security teams measure CVE backlog. DevSecOps requires a unified metric set — measuring how secure software is delivered, not just secure or how fast. This module is the metrics blueprint. DORA — the engineering baseline Deployment Frequency — how often code reaches production Lead Time for Changes — […]

Apr 27, 2026 20 min Open
DevSecOps Intermediate Free

Container & Image Scanning

Why this module. Every container starts from a base image with hundreds of packages, most of which the application doesn’t use, all of which could have CVEs. Scanning is mandatory; scanning well is the differentiator. Where to scan Build time — fail PRs that introduce new critical CVEs. Trivy / Grype in CI. Registry — […]

Apr 27, 2026 25 min Open
Blue Team / SOC Operations Intermediate Free

SOC Metrics & MTTR Reduction

Why this module exists. “Is our SOC effective?” CISOs need a measurable answer. Common metrics — alert volume, ticket count — measure activity, not effectiveness. The metrics that matter are MTTD (mean time to detect), MTTR (mean time to respond), false-positive rate, and ATT&CK technique coverage. Each has a target; each has specific operational levers. […]

Apr 27, 2026 25 min Open
Blue Team / SOC Operations Intermediate Free

DNS-Based Detection Strategy

Why this module exists. Almost every internet attack starts with a DNS query — beaconing to C2, exfiltration via DNS tunneling, phishing-link resolution, malware updating itself. DNS logs are the highest-signal-per-byte log source in your environment, and most SOCs underuse them. What DNS logs reveal Beaconing — same source contacting same destination at fixed intervals […]

Apr 27, 2026 25 min Open
02 / Why learn here

Practitioners who've
shipped the controls.

Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.

Why learn here

01

Practitioner-written.

Each lesson is authored by someone who has shipped the control or run the engagement in production.

02

Quiz after every module.

20+ questions with explanations. 70%+ to mark complete. Unlimited retries.

03

Progress tracked.

Completions, scores and streaks saved automatically. Resume exactly where you left off.

04

India-priced.

Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.

Pick a path, get to work.

Browse all 398 modules View skill map