Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Latest modules
Most recent practitioner playbooks across every track. Filter by topic, level, or search in the sidebar.
Identity and Access Management Programme
IAM as a programme — identity sources, JML lifecycle, role design, access reviews, SoD, service accounts, metrics. Why IAM tooling fails without process.
Privileged Access Management
PAM controls — vaulting, session brokering, JIT elevation, recording, tiered admin model, PAW, cloud-native PAM. Why PAM is the highest-leverage control for regulated orgs.
Federation — SAML, OIDC, SCIM in Production
SAML 2.0 vs OIDC, SP-/IdP-initiated flows, SCIM provisioning, group-claim mapping, step-up auth, conditional access. Real-world rollout sequence and operational gotchas.
Passwordless and FIDO2 Rollout
FIDO2/WebAuthn end-to-end — passkeys vs hardware keys, registration and login flows, account-recovery design, server-side WebAuthn implementation, enterprise rollout sequence.
Security Audit Programme and Reporting
Three lines of defence, audit calendar, continuous control monitoring, working papers, common-control framework across ISO/SOC2/PCI/RBI/SEBI, audit-fatigue management.
Secure Code Review at Scale
Per-PR vs feature-level vs deep-dive code reviews, OWASP Top 10 hunt patterns, Semgrep custom-rule programme, what humans find that tools miss, rollout for engineering scale.
Disaster Recovery — RTO, RPO, Recovery Testing
RTO/RPO tiers, DR architecture patterns (active-active, hot standby, pilot light, backup-restore), drill methodology, ransomware-specific DR, the 3-2-1-1-0 backup rule.
Digital Forensics and Chain of Custody
Order of volatility, RAM and disk imaging, NTFS/Linux artefacts, cloud forensics, mobile forensics, IT Act §65B, BSA admissibility — the practitioner forensic workflow.
Reverse Engineering and Malware Analysis
Static and dynamic RE workflow, Ghidra/IDA/Binary Ninja, packers, anti-analysis bypass, sandbox setup, YARA-rule writing — turning unknown binaries into hunting queries.
Secure Coding Across Languages
Language-specific secure-coding patterns — Python, Node/TS, Java, Go, Rust, PHP. Common pitfalls, safe alternatives, crypto patterns, dependency scanning.
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.