Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Latest modules
Most recent practitioner playbooks across every track. Filter by topic, level, or search in the sidebar.
SOC Metrics That Actually Drive Improvement
The bad metrics Total alerts processed — measures volume, not value. Encourages keeping noisy rules. Alerts per analyst per shift — encourages superficial triage. Closed-without-investigation rate — encourages closure, not analysis. Mean-time-to-acknowledge alone — encourages clicking without thinking. The good metrics For analysts Mean Time To Detect (MTTD): from compromise to detection. Hard to measure […]
Purple Team — Operationalising Adversary Emulation
Red vs purple — what differs Red team Purple team Adversary emulation, blue blind Adversary emulation, blue collaborating Goal: demonstrate impact Goal: improve detection Output: detailed report; blue may not see techniques used Output: detection rules + visibility-gap remediation Annual or quarterly engagement Continuous or monthly cadence The purple-team operating model Red team executes a […]
Threat Hunting Operationalised — Hypotheses, Pivots, Dashboards
What threat hunting is Proactive search for adversary presence based on hypothesis, not alert. The defender assumes a sophisticated attacker may already be present and searches for traces that current detection rules would miss. The hunt cycle Hypothesis: state what you’re looking for. “Adversaries may be using WMI for lateral movement.” Data sources: identify what […]
Detection Engineering — Sigma, ATT&CK Coverage, Validation
What detection engineering is Design rules that fire on adversary behaviour, not noise. Test rules against historical data and red-team data. Tune to acceptable signal-to-noise. Deploy with documentation. Maintain — update when adversary techniques evolve. The detection-engineering lifecycle Source: hunt finding, TI report, red-team exercise, ATT&CK coverage gap. Hypothesis: state what the rule should catch. […]
SOAR — Security Orchestration, Automation, Response
What SOAR does Orchestration: connect security tools via API; trigger actions across them. Automation: execute repeatable workflows without human intervention. Case management: structured incident workflow with audit trail. Playbook execution: pre-defined response runbooks triggered by alert type. The platforms Splunk SOAR (formerly Phantom), Palo Alto XSOAR (Demisto), IBM QRadar SOAR, Microsoft Sentinel SOAR, Tines, Torq. […]
Serverless Security — Functions, Event Sources, API Gateway
The serverless threat model What you no longer manage: OS patches, container runtime, network firewall (mostly). What becomes more critical: function code, IAM permissions, event sources, dependencies. The recurring vulnerability classes Over-privileged function roles: function role can do far more than the function actually needs. Compromise of function = wide IAM access. Injection via event […]
Cloud Workload Protection (CWPP) — VMs, Containers, Serverless
CWPP vs CSPM CSPM CWPP Configuration of cloud resources What is running on those resources Public buckets, broad SGs, unencrypted volumes Malware, intrusion, suspicious processes, file integrity Agentless (mostly) Agent or eBPF probe per workload Mature programmes deploy both. CNAPP (Cloud-Native Application Protection Platform) is the converged offering — CSPM + CWPP + CIEM (identity […]
Kubernetes Security at Production Scale
The four production K8s domains Cluster security: API server, etcd, kubelet, control plane hardening. Workload security: Pod Security Standards, admission control, runtime protection. Network security: NetworkPolicy, service mesh, ingress, egress. Supply chain: image signing, SBOM, admission control verification. API server hardening API server reachable only through bastion / VPN / private endpoint; never public. Audit […]
Cloud Security Posture Management (CSPM) at Production Scale
What CSPM tools do Connect to cloud accounts via API; continuously enumerate resources and configurations; check against benchmark rules; report findings. Tool Strength Prowler (open-source) AWS-focused; broad CIS coverage ScoutSuite (open-source) Multi-cloud (AWS, Azure, GCP) CloudSploit / Aqua (open-source) Multi-cloud; modern UI Wiz, Orca, Palo Alto Prisma Commercial; agentless scanning + risk graph AWS Security […]
Securing Multi-Cloud Architectures
Why organisations go multi-cloud Resilience against single-provider outage. Regulator preference (RBI may prefer certain providers for specific workloads). Best-of-breed (Azure for M365 integration, AWS for ML, GCP for data analytics). Vendor leverage in negotiation. Acquired company arrives with different cloud. The multi-cloud security challenges Distinct IAM models: AWS IAM, Azure RBAC, GCP IAM each have […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.