Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
System Security · modules
Hardening and operating systems defensively. Linux, Windows, logging, containers, privesc.
Module 10 · Windows Hardening — GPO Baseline
Microsoft publishes Security Baselines for Windows Server and Windows 10/11. Adoption rate in Indian enterprises: low. The Microsoft Security Baseline Free GPO templates from Microsoft. Includes 200+ settings tuned for security. Apply via Group Policy or Intune. High-impact specific settings Credential Guard on Windows 10/11/Server 2019+ Application Control (WDAC) / AppLocker BitLocker with TPM + […]
Module 13 · macOS Security in Enterprise
macOS isn’t niche anymore. Most Indian SaaS startups have 30-50% Macs. Security model differs from Windows. Native protections Gatekeeper — only signed/notarised apps run by default XProtect — Apple’s anti-malware System Integrity Protection (SIP) — even root can’t modify protected paths FileVault — full-disk encryption App Sandbox + Hardened Runtime — for App Store apps […]
Module 14 · Disaster Recovery — RTO, RPO, Tabletop
Backups are the last line. They are also the prime target — modern ransomware encrypts backups before triggering payload. DR design must assume backups are attacker-accessible. RTO and RPO defined RTO (Recovery Time Objective) — how long you can be down RPO (Recovery Point Objective) — how much data you can lose Per-system RTO/RPO. Critical: […]
Module 15 · Vulnerability Management Programme
Module 13 (DevSecOps) covered triage. This module is the program around it. Programme components Asset inventory — what to scan; tagged with owner, criticality Scanning cadence — Tenable / Qualys / Rapid7 weekly for infrastructure; daily for cloud (CSPM) Triage process — EPSS + KEV + reachability Patch SLAs — by criticality and exposure Exception […]
Module 17 · Asset Inventory at Scale
Asset inventory is the unsexy foundation of every other security control. Without it, vuln management, IR, audit response all fail. What “asset” means in 2026 Physical and virtual servers Endpoints (laptops, desktops) Mobile devices Cloud accounts, projects, subscriptions Cloud resources (instances, storage, databases, functions) Containers and Kubernetes workloads Internet-exposed services (per Module 6, API track) […]
Module 18 · Business Continuity Planning
BCP > DR. Disaster Recovery is the IT subset of Business Continuity. BCP includes processes, people, vendors, communications. Business Impact Analysis (BIA) Per business process: how long can it be down? What’s the financial / reputational / regulatory impact? Who depends on it? BCP components Crisis management team — named individuals, alternates, comms plan Critical […]
Module 8 · Incident Response Playbook
An incident response (IR) playbook is the written plan your team executes when things go wrong. Not the feature of a tool, not an idea, not a slide deck — a concrete document that says “when X happens, do Y, then Z, with owner A accountable.” This module covers playbook structure, the core playbooks every […]
Module 4 · Container Security Deep Dive
Containers are everywhere in 2026. Docker, Kubernetes, serverless platforms that are containers underneath. This module covers the security concerns specific to the container layer — separate from the Kubernetes module (Cloud Security M4) which focused on orchestration. Here: image supply chain, runtime isolation, secrets, and container escape. What a container is (and isn’t) A container […]
Module 3 · System Auditing and Logging
Detection requires visibility. Visibility requires logs. If your systems fall silent, you cannot investigate, cannot alert, cannot prove compliance. This module is about what to log, where to send it, and how to get real signal out of raw events. The logging stack Generation — the system produces events (auth, syscalls, application logs) Collection — […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.