Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
DevSecOps · modules
Security in the SDLC. SAST/DAST/SCA, IaC, CI/CD hardening, and software supply chain.
Module 14 · Shift-Right Security — Runtime Defence
Why this module. “Shift-left” — find security issues earlier — became dogma. But shift-left has limits: bugs ship anyway, dependencies have CVEs you can’t anticipate, attackers find new exploits. Modern teams add “shift-right” — runtime detection and response — without abandoning shift-left. Where shift-left fails Zero-day exploits — by definition unknowable at build time Configuration […]
Module 15 · DevSecOps Metrics & Maturity
Why this module. Engineering teams measure DORA. Security teams measure CVE backlog. DevSecOps requires a unified metric set — measuring how secure software is delivered, not just secure or how fast. This module is the metrics blueprint. DORA — the engineering baseline Deployment Frequency — how often code reaches production Lead Time for Changes — […]
Module 9 · Dependency Management & Renovate
Why this module. 80% of application code is third-party dependencies. Each is a CVE waiting to happen. Manual updates don’t scale; automated bots are non-negotiable in 2026. The two leading bots Dependabot (GitHub) — free, easy, default for GitHub repos. Limited customization. Renovate — open source, very flexible, multi-platform (GitHub, GitLab, Bitbucket). Industry favourite for […]
Module 10 · Threat Modelling for Engineers (STRIDE/LINDDUN)
Why this module. Threat modelling has a reputation as a heavyweight, consultant-driven exercise. It doesn’t have to be. Done right, it’s a 90-minute workshop that produces a list of design-time security improvements worth more than 100 hours of post-deployment patching. STRIDE in 60 seconds Microsoft’s mnemonic for categories of threats: Spoofing — impersonating someone Tampering […]
Module 12 · Security Champions Programme
Why this module. A security team can’t be in every code review, every architecture meeting, every incident discussion. Security Champions are embedded engineers who carry the security mindset into their teams — multiplying the security team’s reach by 10-50x. Who is a Champion An engineer (not security professional) who: Volunteers (or is selected with consent) […]
Module 13 · Vulnerability Triage at Scale
Why this module. A typical enterprise scan returns 50,000+ CVEs across servers, containers, dependencies. Trying to “fix all critical/high” is mathematically impossible at that scale. Modern triage uses EPSS, KEV, reachability, and asset criticality to focus the 200 fixes that matter. The signals beyond CVSS CVSS — severity in theory. The original signal; loud and […]
Module 6 · Container & Image Scanning
Why this module. Every container starts from a base image with hundreds of packages, most of which the application doesn’t use, all of which could have CVEs. Scanning is mandatory; scanning well is the differentiator. Where to scan Build time — fail PRs that introduce new critical CVEs. Trivy / Grype in CI. Registry — […]
Threat Modelling — STRIDE, PASTA, LINDDUN in Practice
Threat modelling methodologies that work — STRIDE, PASTA, attack trees, LINDDUN for privacy. The practical workflow for engineering teams, anti-patterns to avoid, tooling, and DPDP/ISO alignment.
Module 2 · SAST, DAST & SCA in CI
What each scanner class detects, tool selection for 2026, CI integration patterns, false-positive tuning, triage workflow.
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.