Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Latest modules
Most recent practitioner playbooks across every track. Filter by topic, level, or search in the sidebar.
Data Masking, Tokenisation, Pseudonymisation
Why this module exists. “Use real production data in development” is the line that produces audit findings and breaches. The alternatives — masking, tokenisation, pseudonymisation, synthetic data — each have tradeoffs. This module is the practitioner reference. The four techniques compared Technique Reversible? Use cases Static masking No Test / dev datasets; analytical exports Dynamic […]
Privacy Engineering Beyond Compliance
Why this module exists. “Privacy by design” is a phrase in every privacy framework and a practice in few organisations. The shift from “comply at audit time” to “design for privacy upfront” is what distinguishes mature programmes. This module covers the design patterns. The seven principles (Cavoukian) Proactive not reactive; preventative not remedial. Privacy as […]
Data Discovery and Classification — Automated Approaches
Why this module exists. Manual data classification fails. Survey-based “where is sensitive data” produces inventories that miss 40-60% of actual locations. Modern automated discovery + ongoing classification is the workable approach. The classification framework A simple, defensible scheme: Level Examples Treatment Public Marketing material, published API docs Standard controls Internal Org charts, internal policies, financial […]
DLP at Scale — Endpoint, Network, and Cloud
Why this module exists. Indian enterprises commonly buy DLP licences and never tune them effectively. The deployment runs in monitor-mode forever, alerts go to a queue nobody reads, and the same exfiltration paths remain open. This module covers what works. The three DLP channels Channel What it covers Endpoint DLP USB transfers, clipboard, screen capture, […]
Encryption Strategy — At Rest, In Transit, In Use
Why this module exists. “We encrypt everything” usually means “we encrypt some things at some layer, with key management we haven’t audited.” This module is the structured framework for an encryption strategy that survives both audit and operational reality. The three layers Layer Protects against Primitives At rest Stolen disk, exfiltrated backup, lost laptop AES-256 […]
SAST, DAST, and Security in the CI/CD Pipeline
Why this module exists. SAST that produces 1000 false positives per scan trains developers to ignore findings. SAST tuned and triaged surfaces real bugs caught before merge. The difference is operational discipline, not tool choice. The testing pyramid for AppSec Tool class When Catches SAST In IDE / pre-commit / PR Code-level bugs (injection, crypto […]
Dependency Security and SBOM Management
Why this module exists. Your application’s CVE exposure is mostly in its dependencies, not its own code. Managing that exposure requires inventory, monitoring, and a remediation cadence. SBOM — the Software Bill of Materials An SBOM is the declared list of components in a software artefact. Two standard formats: CycloneDX: OWASP-led. JSON/XML. Strong tooling support. […]
Authentication and Session Management — Modern Patterns
Why this module exists. Modern authentication is not “username + password + check the DB.” It is a stack of OAuth flows, token handling, cookie discipline, MFA orchestration. This module covers what works. Password handling — when you must store one Argon2id is the current default for password hashing. PBKDF2 acceptable; bcrypt acceptable; scrypt OK. […]
Application-Level Cryptography — Avoiding the Common Mistakes
Why this module exists. Cryptographic primitives have safe defaults that produce safe outcomes if used correctly. Developers who deviate — even with good intentions — introduce subtle but catastrophic bugs. This module is the practitioner safety pattern. The cardinal rule — use high-level APIs Cryptographic library design has converged on high-level APIs that hide the […]
Input Validation and Output Encoding — Universal Defences
Why this module exists. The single highest-leverage developer education is the principle “structure separates code from data.” Input validation and output encoding operationalise that principle. This module is the practitioner’s reference. The principle — structure separates code from data Injection vulnerabilities exist because data is interpreted as code by some downstream parser — SQL parser, […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.