Cybersecurity, learned like a practitioner.

Cryptography & PKI Advanced Free

Key Management at Scale

Crypto without good key management is decoration. Every breach has a “where did the keys live” question. The hierarchy of safety HSM (FIPS 140-3 Level 2-4) — most secure; keys never leave hardware Cloud KMS — managed; keys logically scoped; audit trails HashiCorp Vault — flexible; software-based; supports HSM backend Application-level keystore — least secure […]

Apr 27, 2026 20 min Open

Cryptography & PKI Advanced Free

Quantum-Safe Cryptography Readiness

Quantum computers will break RSA and elliptic curve crypto. NIST published post-quantum standards in 2024. Migration is a multi-year project. The NIST winners ML-KEM (Kyber) — key encapsulation; replaces RSA-KEM and ECDH ML-DSA (Dilithium) — digital signatures; replaces RSA-PSS, ECDSA SLH-DSA (SPHINCS+) — alternative signature; stateless hash-based FN-DSA (Falcon) — compact lattice signatures “Harvest now, […]

Apr 27, 2026 15 min Open

Cryptography & PKI Intermediate Free

Secret Management Platforms

Module 7 (DevSecOps track) covered secret-leak prevention. This is the platform comparison. Comparison Platform Strengths Weaknesses HashiCorp Vault Open source; flexible; rich auth methods; dynamic secrets Operational complexity AWS Secrets Manager AWS-native; rotation built-in; KMS integration AWS-only; per-secret cost Azure Key Vault Azure-native Azure-only GCP Secret Manager GCP-native; simple GCP-only; fewer features Doppler Modern UX; […]

Apr 27, 2026 15 min Open

Cryptography & PKI Intermediate Free

Hashing — Passwords & Integrity

“How do we hash passwords?” is the most-asked question. The answer evolved. 2026 password-hashing recommendations Argon2id — first choice; OWASP recommended bcrypt — second choice; widely supported scrypt — third; less library support PBKDF2 — only when FIPS 140 compliance forced NEVER — MD5, SHA-1, SHA-256/512 alone, plain hashing without salt Argon2id parameters (OWASP 2026) […]

Apr 27, 2026 15 min Open

Cryptography & PKI Intermediate Free

TLS/PKI Incidents — What Happens When Crypto Breaks

Crypto breaks rarely; when it does, it’s catastrophic. Notable incidents DigiNotar 2011 — CA compromised; rogue certs for Google. Browser distrust = company death. Heartbleed 2014 — OpenSSL bug exposed memory to attacker. Remediation involved rotating every cert. POODLE 2014 — SSL 3.0 padding-oracle. End of SSL 3.0. Logjam 2015 — DH key-exchange weakness. End […]

Apr 27, 2026 15 min Open

GRC, ISO 27001 & SOC 2 Intermediate Free

Enterprise Risk Register

Risk register = single source of truth for organisational security risks. Too often a spreadsheet that nobody reads. Done right, drives quarterly executive conversation. Risk record fields Risk description Likelihood (1-5) Impact (1-5) Inherent score Existing controls Residual likelihood + impact Residual score Owner Treatment (accept / mitigate / transfer / avoid) Action items + […]

Apr 27, 2026 15 min Open

GRC, ISO 27001 & SOC 2 Intermediate Free

Vendor Risk Management Programme

Module 7 (DPDP track) covered DPA-specific. This is the broader vendor-risk programme. Programme components Vendor classification (tier 1/2/3 by data sensitivity, criticality) Onboarding due diligence (questionnaire, contracts, SOC 2/ISO collection) Continuous monitoring Periodic reassessment (annual for tier 1; biannual for tier 2) Offboarding (data return / deletion) The classification matrix Tier Criteria Treatment 1 Handles […]

Apr 27, 2026 20 min Open

IoT & OT Security Intermediate Free

IoT Protocols — MQTT, CoAP, Modbus

IoT/OT runs on protocols designed for constrained devices, often without security as primary concern. The big four MQTT — pub/sub for IoT. Default no auth; if auth, often password in plaintext. TLS optional. CoAP — HTTP-like for constrained devices. UDP-based; DTLS optional. Modbus — industrial. No auth. No encryption. Designed 1979. BACnet — building automation. […]

Apr 27, 2026 20 min Open

GRC, ISO 27001 & SOC 2 Beginner Free

Security Awareness Training

Annual click-through training is theatre. Modern awareness is continuous, simulated, measured. The programme Onboarding — security 101 within first week Quarterly refresh — short, role-specific Phishing simulation — monthly Just-in-time — real incident → relevant training Specialised tracks — engineers, finance, executives have role-specific content Tools KnowBe4 — most-used; large content library Cofense — phishing-focused […]

Apr 27, 2026 15 min Open

IoT & OT Security Intermediate Free

OT Network Monitoring

Active scanning breaks OT — even an Nmap can crash a PLC. Passive monitoring is the norm. Tools Claroty CTD — top-tier; Indian energy sector adoption Nozomi Networks — competitor Dragos Platform — industrial-control-specific Open source — Zeek with industrial parsers Detection patterns Unauthorised PLC programming (write to coil/register) HMI talking to non-PLC destinations Firmware […]

Apr 27, 2026 20 min Open