Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Latest modules
Most recent practitioner playbooks across every track. Filter by topic, level, or search in the sidebar.
IoT Supply Chain Risk
IoT devices ship with security debt. Default creds, no update mechanism, hardcoded keys. Supply chain compounds it. Issues Default credentials never changed (Mirai botnet exploited this) No firmware updates after sale (10-year-old vulns active) Hardcoded private keys discovered post-shipment Foreign-manufacture concerns (geopolitical) Recycled chips with unknown firmware Indian regulatory environment 2022 CERT-In Direction requires equipment […]
IoT Cloud Integration Security
Modern IoT goes cloud. Cloud security + IoT security overlap. Patterns Device identity — per-device X.509 cert (best); shared key (acceptable); password (avoid) MQTT over TLS — standard transport Device shadows — last-known state for offline devices OTA updates — signed firmware; A/B partition for rollback Cloud-specific AWS IoT Core — most mature; per-device certs; […]
Purdue Model & ICS Architecture
Purdue Model = standard reference architecture for ICS networks. Six levels of segmentation. Levels Level 0 — physical process (sensors, actuators) Level 1 — basic control (PLCs, RTUs) Level 2 — area supervision (HMIs, historians) Level 3 — site operations (MES, plant historians) Level 3.5 — DMZ between OT and IT Level 4-5 — corporate […]
IoT Penetration Testing Methodology
IoT pentesting spans more layers than typical web. Methodology to cover all of them. Phases Reconnaissance — manuals, FCC IDs, FCC database, related devices Hardware — open device, identify chips, find debug ports (UART, JTAG) Firmware extraction — flash dump, firmware update interception, OTA capture Firmware analysis — Module 9 above Wireless — Wi-Fi, BLE, […]
ISO 27001:2022 Implementation
ISO 27001:2022 is the global infosec standard. Indian SaaS that sells to enterprise customers needs it. The ISMS lifecycle Define scope (which systems, departments, locations) Risk assessment (assets, threats, vulnerabilities, risk treatment) Statement of Applicability (SoA) — which Annex A controls apply Implement controls Internal audit Management review External audit (Stage 1 + Stage 2) […]
SOC 2 Type II — Indian SaaS Reality
SOC 2 isn’t a certification — it’s an attestation. CPA opines on your controls. Indian SaaS selling to US customers will have it requested. Trust Services Criteria (TSC) Security — required Availability — for SLA-bound services Confidentiality — when handling sensitive customer data Processing Integrity — for transaction processors Privacy — when handling PII Most […]
Policy Architecture
Most security policies are written, ignored, retrieved only for audits. The structure that actually drives behaviour: Three layers Policy — what we believe (high level, stable, board-approved) Standard — how we comply (specific, technical, refreshed annually) Procedure — step-by-step (operational, refreshed as systems change) Hierarchy example Information Security Policy (the umbrella) ↳ Access Control Standard […]
Enterprise Risk Register
Risk register = single source of truth for organisational security risks. Too often a spreadsheet that nobody reads. Done right, drives quarterly executive conversation. Risk record fields Risk description Likelihood (1-5) Impact (1-5) Inherent score Existing controls Residual likelihood + impact Residual score Owner Treatment (accept / mitigate / transfer / avoid) Action items + […]
Vendor Risk Management Programme
Module 7 (DPDP track) covered DPA-specific. This is the broader vendor-risk programme. Programme components Vendor classification (tier 1/2/3 by data sensitivity, criticality) Onboarding due diligence (questionnaire, contracts, SOC 2/ISO collection) Continuous monitoring Periodic reassessment (annual for tier 1; biannual for tier 2) Offboarding (data return / deletion) The classification matrix Tier Criteria Treatment 1 Handles […]
IoT Protocols — MQTT, CoAP, Modbus
IoT/OT runs on protocols designed for constrained devices, often without security as primary concern. The big four MQTT — pub/sub for IoT. Default no auth; if auth, often password in plaintext. TLS optional. CoAP — HTTP-like for constrained devices. UDP-based; DTLS optional. Modbus — industrial. No auth. No encryption. Designed 1979. BACnet — building automation. […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.