Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Latest modules
Most recent practitioner playbooks across every track. Filter by topic, level, or search in the sidebar.
VPC Service Controls
VPC Service Controls = GCP’s data-exfiltration defence. Define a perimeter; data can’t leave it even with valid credentials. The model Perimeter wraps GCP services + projects Inside perimeter: free communication Outside attempting to access services inside: blocked unless explicit ingress rule Inside attempting to send to outside: blocked unless explicit egress rule Common patterns Lock […]
Azure RBAC Mastery
Module 9 (Cloud track) covered privesc paths. This module is the operational guide. Scope hierarchy Management Group → Subscription → Resource Group → Resource. Inheritance flows down. Least-privilege principle: assign at the lowest scope possible. Built-in roles to know Owner — full control + can manage access Contributor — full control without manage-access Reader — […]
BigQuery Security
BigQuery is the most-used data warehouse for Indian fintech. Security model is rich; most teams use 30%. Access patterns Dataset-level — coarse; user can see entire dataset or none Authorized views — view exposes subset to other users without granting access to underlying tables Row-level security — policies restrict which rows a user sees Column-level […]
Google Secret Manager
GCP’s native secrets store. Simpler than Vault; sufficient for most. Features Versioned secrets (latest, specific version) IAM-scoped access Replication policies (auto / user-managed) Cloud KMS encryption Audit log per access Secret Manager Notifications for rotation triggers Pattern gcloud secrets create my-secret --replication-policy=automatic gcloud secrets versions add my-secret --data-file=./secret.txt # In application from google.cloud import secretmanager […]
Cloud Armor for WAF & DDoS
Cloud Armor = Google’s edge security. WAF + DDoS + bot mitigation. Layers Standard — basic L3/4 DDoS, included with HTTP(S) load balancer Plus — adaptive DDoS protection, ML-based, paid tier WAF rules — preconfigured (OWASP CRS) + custom Bot management — reCAPTCHA Enterprise integration Common WAF rules OWASP CRS (XSS, SQLi, RCE, LFI/RFI) Custom […]
GKE Autopilot Security
GKE Autopilot = Google manages nodes; user manages workloads. Security defaults are enforced; less flexibility. What’s enforced Workload Identity Shielded GKE Nodes Network Policy Container-Optimized OS Auto-upgrade Limited node-level access (no SSH) Tradeoffs Higher per-pod cost than Standard Some advanced features (DaemonSets in kube-system, custom kernel modules) not allowed For most teams: tradeoff worth it […]
Microsoft Defender Suite
“Microsoft Defender” is a brand covering many products. Knowing which is which saves money and improves coverage. The portfolio Defender for Endpoint — EDR; replaces traditional AV Defender for Identity — on-prem AD detection (formerly ATA) Defender for Cloud Apps — CASB Defender for Office 365 — email/collab security Defender for Cloud — multi-cloud CSPM […]
Binary Authorization
Binary Authorization = admission controller for GKE/Cloud Run. Only deploy images that pass policy. How it works Build pipeline produces image + attestation (using Cloud KMS-signed key) Binary Auth policy specifies required attestations Deploy attempt: image checked against policy Match → allow; no match → deny Common policies “Image must be from this Artifact Registry” […]
Azure Network Security
Azure has multiple network security products with overlapping but distinct purposes. The layers NSG — Layer 4 ACLs at NIC or subnet level ASG — Application Security Group; tag-based grouping for NSG rules Azure Firewall — managed L4/L7 firewall; full-feature Application Gateway + WAF — L7 load balancer + OWASP CRS WAF Front Door + […]
Cloud DLP
Cloud DLP API: detect and transform sensitive data at scale. Built-in detectors Aadhaar number, PAN, Indian phone, credit card, email, US SSN, names, addresses — 100+ infoTypes. Use cases Scan BigQuery datasets for PII; report findings Tokenise PII before storing (FPE — format-preserving encryption) Mask in real-time during data export De-identify production data for dev […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.