Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Intermediate · modules
Modules tagged Intermediate. Use the sidebar to narrow by track or topic.
Disaster Recovery — RTO, RPO, Recovery Testing
RTO/RPO tiers, DR architecture patterns (active-active, hot standby, pilot light, backup-restore), drill methodology, ransomware-specific DR, the 3-2-1-1-0 backup rule.
Secure Coding Across Languages
Language-specific secure-coding patterns — Python, Node/TS, Java, Go, Rust, PHP. Common pitfalls, safe alternatives, crypto patterns, dependency scanning.
Security Governance for CISOs
How CISOs build a governance programme that survives both audits and incidents — security committee structure, risk appetite, policy hierarchy, board reporting, KRIs that matter.
Risk Management Practitioner
Risk identification, analysis, treatment, monitoring — practitioner-level workflow with FAIR-style quantification, risk register, KRIs, and the link between risk register and security investment.
Business Continuity and Disaster Recovery
BCP and DR end-to-end — BIA, RTO/RPO, recovery strategies, plan documentation, drill cadence, ransomware-aware DR, and the operational discipline that makes plans real.
Cybersecurity Law for Indian Practitioners
IT Act, BNS/BSA replacement of IPC/Evidence Act, DPDP Act 2023, sectoral regulations (RBI/SEBI/IRDAI), CERT-In directions, evidence handling — a practitioner map of Indian cyber law.
Data Classification and Labelling Programme
Building a data classification programme that engineering and business actually adopt — taxonomy, labelling tools (MIP, Google Drive labels), enforcement, DLP integration, audit evidence.
Physical and Environmental Security Programme
Why physical security is a cyber concern — perimeter, building entry, server hall, workstation security, USB controls, red-team physical pen-testing, and integrating physical with cyber programme.
Wireless Security and Wi-Fi Attacks — WEP to WPA3, and Why Captive Portals Lie
Wi-Fi has gone through five generations of security: WEP (broken, do not deploy), WPA/WPA2 (still common, still attackable via offline cracking and KRACK), WPA3 (the modern default with SAE replacing PSK), and 802.1X / WPA3-Enterprise for managed environments. This module covers
Threat Modelling — STRIDE, PASTA, LINDDUN in Practice
Threat modelling methodologies that work — STRIDE, PASTA, attack trees, LINDDUN for privacy. The practical workflow for engineering teams, anti-patterns to avoid, tooling, and DPDP/ISO alignment.
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.