Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Latest modules
Most recent practitioner playbooks across every track. Filter by topic, level, or search in the sidebar.
Vendor Audits — Conducting and Surviving Them
Why this module exists. Enterprise customers increasingly conduct annual security audits of their critical vendors. Done well by both parties, this is efficient and effective. Done badly, it consumes hundreds of hours and produces no real assurance. This module covers what works. Being audited — the customer-driven audit The typical customer audit pattern for SaaS […]
RBI / SEBI / IRDAI Cyber Audit — Indian Regulator Patterns
Why this module exists. Indian regulated entities are audited by their sector regulator (RBI, SEBI, IRDAI, TRAI, etc.) on a different cadence and framework than ISO 27001 or SOC 2. Treating these as the same as international audits leads to surprise findings. This module covers what differs. The regulators and their cyber audit programmes Regulator […]
SOC 2 Audit Preparation — Type I to Type II
Why this module exists. Most Indian SaaS companies aim for SOC 2 because their customers demand it. The discipline differs materially from ISO 27001 — different framework, different cadence, different auditor expectations. This module is the practitioner navigation. The fundamentals SOC 2 = Service Organization Controls 2. AICPA-defined framework. Auditor is a licensed CPA firm. […]
Continuous Control Testing and Automation
Why this module exists. Manual quarterly access reviews break the moment the security team is busy with anything else. Continuous control testing — automated evidence collection — solves this for the controls that can be automated. This module is the operational pattern. Which controls automate well Control class Automation Configuration settings High — cloud APIs, […]
ISO 27001 Internal Audit — Pre-Certification Readiness
Why this module exists. ISO 27001:2022 has 93 Annex A controls grouped into four themes. The internal audit verifies these are implemented and effective. Done well, certification follows mechanically; done poorly, certification fails or extends. This module covers what works. The internal audit programme structure ISO 27001 requires internal audit at planned intervals. Practitioner cadence: […]
Cloud-Native Security Architecture — Kubernetes, Service Mesh, Serverless
Why this module exists. Cloud-native architecture moves so much of the trust boundary into automation that the security architecture must shift correspondingly. This module is the cloud-native-specific architectural reference. The cloud-native trust model Three observations that drive cloud-native security architecture: Workloads are ephemeral — pods come and go in seconds. Static-IP-based controls do not apply. […]
Threat Modelling at the Architecture Stage
Why this module exists. Threat modelling is referenced in every security architecture guide and practised by few engineering teams. The reason: it sounds like a workshop without a clear deliverable. This module makes the deliverable concrete. What threat modelling produces A documented list of threats relevant to the system being built. For each threat: the […]
Service Mesh Security — Istio, Linkerd, mTLS-Everywhere
Why this module exists. Microservices security cannot be solved at the firewall — there are too many internal calls, the topology changes constantly, and “inside the network” is too permissive. Service meshes are how mature programmes address this. This module is the practitioner pattern. What a service mesh does A service mesh deploys a sidecar […]
Reference Architecture for Indian Regulated Workloads
Why this module exists. Architects designing for Indian regulated workloads navigate four to six overlapping regulator expectations. The cost of architecting for one regulator at a time is rework; the cost of architecting for all simultaneously is one-time complexity. This module is the integrated reference. The recurring architectural requirements Data localisation — RBI (payment data), […]
Zero Trust Architecture — From Principle to Production
Why this module exists. “We’re doing Zero Trust” is said by Indian enterprises that have simply renamed their VPN. This module covers the actual model — what ZT changes, the architectural building blocks, and the realistic 3-year journey to a meaningful implementation. The principles — what ZT actually means NIST SP 800-207 codifies Zero Trust […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.