Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Latest modules
Most recent practitioner playbooks across every track. Filter by topic, level, or search in the sidebar.
Quantum-Safe Blockchain — Bitcoin BIP-360, Ethereum PQ Roadmap, and the Custodial Migration Plan
Bitcoin and Ethereum both fall to Shor when CRQC arrives. BIP-360, Ethereum account abstraction for PQ signing, custodial implications, the lost-key coin recovery question. Module 15.
Post-Quantum PKI — Migrating Internal CAs, Certificate Hierarchies, and Trust Stores
Migrating PKI to PQ is the most operationally complex part. Algorithm choices per layer (root SLH-DSA, intermediate ML-DSA, leaf ML-DSA), parallel hierarchy strategy, EJBCA/Vault/step-ca tools, trust-store distribution. Module 14.
Crypto-Agility Engineering — Designing Systems for Algorithm Replacement Beyond Post-Quantum
Crypto-agility makes algorithm changes routine. Pluggable algorithm registries, multi-algorithm certificates, hybrid signatures, automated key rotation. The patterns and anti-patterns. Module 13.
Side-Channel Attacks on Post-Quantum Implementations — Kyber Timing Leaks and Constant-Time Defences
PQ algorithms are quantum-resistant but vulnerable to classical side-channel attacks if implemented carelessly. Documented Kyber/Dilithium timing leaks, constant-time defences, and how to verify your PQ libraries. Module 12.
Migrating to Post-Quantum Cryptography in Production — TLS, SSH, JWT, S/MIME (24-Month Playbook)
Operational playbook for enterprise PQ migration: cryptographic inventory, hybrid pilot, vendor coordination, JWT/SSH/PKI rollout phases. The 24-month engineering plan. Module 11.
Quantum Key Distribution (QKD) — Hype vs Reality, and Why PQ Cryptography Wins
QKD uses photonics for physics-based key exchange. Marketing pitches it as uncrackable. Reality: dedicated fibre, expensive, doesnt authenticate, and ML-KEM solves the same problem cheaper. When QKD makes sense (rarely). Module 10.
Hybrid PQ Deployment — TLS, SSH, IPsec, S/MIME with Classical + ML-KEM Together
Run classical (X25519) + post-quantum (ML-KEM-768) in the same handshake. Adversary needs both to break. Concrete configs for nginx, OpenSSH, strongSwan, Cloudflare. Migration checklist. Module 9.
SLH-DSA (SPHINCS+) — Hash-Based Signatures for the Long Haul
SLH-DSA (FIPS 205) is the conservative hash-based PQ signature alternative — security rests on hash functions only, no lattice assumptions. When to use it (root CAs, firmware), when not to (TLS, JWT). Module 8.
ML-DSA (Dilithium) Signatures — Replacing RSA and ECDSA in Code Signing, JWT, and PKI
ML-DSA (FIPS 204) replaces RSA and ECDSA for digital signatures. How lattice signatures work, three security levels, size impact on TLS/JWT/code-signing, the migration playbook. Module 7.
ML-KEM (Kyber) Deep Dive — Lattice-Based Key Encapsulation Explained
ML-KEM (FIPS 203) is the NIST-standard PQ key exchange replacing RSA and ECDH. Lattice math at intuition level, three security levels, hybrid TLS 1.3 deployment with concrete nginx/Apache/HAProxy/Cloudflare config. Module 6.
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.