Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Blue Team / SOC Operations · modules
How defenders actually work. SOC structure, SIEM, detection engineering, EDR, and malware triage.
Module 9 · SOAR Playbooks — Practical Automation
Why this module exists. SOAR (Security Orchestration, Automation, Response) is the highest-leverage SOC investment after a competent SIEM. Done right, it cuts MTTR by 60-80%. Done wrong, it generates false confidence (“our automation handled it”) while alerts pile up in queues. The difference is playbook design discipline. What SOAR actually does Three layers of automation: […]
Module 10 · Insider Threat Detection
Why this module exists. External attackers get the headlines; insiders cause more breaches by volume. Verizon DBIR consistently shows ~20% of breaches are insider-driven (deliberate + accidental combined). Detecting them requires different signals from external-attack detection, and operating in the privacy-respecting envelope DPDP / labour law / cultural norms allow. The insider-threat taxonomy Malicious insider […]
Module 11 · Email Security & Phishing Triage
Why this module exists. Email is still the primary initial-access vector in 2026. Verizon DBIR: ~30% of breaches start with phishing. Modern phishing is sophisticated (AI-generated content, MFA-aware), and email-security tools have advanced (sandboxing, behavioural detection, DMARC enforcement). Defenders who haven’t kept pace have a 2018-grade email defence. The four phishing variants you’ll see Bulk […]
Module 7 · Incident Response Lifecycle — NIST + SANS in Practice
Why this module exists. Every CISO knows the NIST IR lifecycle (Prepare, Identify, Contain, Eradicate, Recover, Lessons Learned). Few have actually executed it under pressure. The translation from textbook diagram to “the breach is happening, what do we do at 02:30 IST” is what separates exercises from outcomes. The lifecycle in operational terms Phase What […]
Module 5 · Malware Triage
Static + behavioural triage, sandbox workflow, 30-minute triage playbook, and when to escalate to a reverse engineer.
Module 4 · EDR Fundamentals
EDR telemetry, process lineage, response actions, vendor landscape, and the live-response triage sequence.
Module 3 · Detection Engineering with Sigma
Sigma rule anatomy, the two mistakes beginners make, tuning workflow, and detection-as-code in Git.
Module 2 · SIEM Fundamentals
SIEM architecture, log pipeline, parsing and normalization, retention tiering, and vendor landscape for 2026.
Module 1 · SOC Fundamentals
SOC tiered analyst model, triage workflow, shift patterns, runbooks, and India-specific operational constraints.
Module 7 · Threat Hunting Workflow
Threat hunting is proactive — actively searching for adversary activity that automated detection missed. Unlike SOC triage (reactive, works from alerts), hunting starts with a hypothesis and tests it against available data. This module covers the workflow, the hypothesis-driven method, and practical queries to start hunting tonight. Why hunt Automated detections catch KNOWN patterns; hunts […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.