Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Cloud Security Practitioner · modules
AWS → Azure → GCP → Kubernetes. Real hardening, not checklists.
Module 23 · Serverless Security — Functions, Event Sources, API Gateway
The serverless threat model What you no longer manage: OS patches, container runtime, network firewall (mostly). What becomes more critical: function code, IAM permissions, event sources, dependencies. The recurring vulnerability classes Over-privileged function roles: function role can do far more than the function actually needs. Compromise of function = wide IAM access. Injection via event […]
Module 21 · Cloud Workload Protection (CWPP) — VMs, Containers, Serverless
CWPP vs CSPM CSPM CWPP Configuration of cloud resources What is running on those resources Public buckets, broad SGs, unencrypted volumes Malware, intrusion, suspicious processes, file integrity Agentless (mostly) Agent or eBPF probe per workload Mature programmes deploy both. CNAPP (Cloud-Native Application Protection Platform) is the converged offering — CSPM + CWPP + CIEM (identity […]
Module 22 · Kubernetes Security at Production Scale
The four production K8s domains Cluster security: API server, etcd, kubelet, control plane hardening. Workload security: Pod Security Standards, admission control, runtime protection. Network security: NetworkPolicy, service mesh, ingress, egress. Supply chain: image signing, SBOM, admission control verification. API server hardening API server reachable only through bastion / VPN / private endpoint; never public. Audit […]
Module 20 · Securing Multi-Cloud Architectures
Why organisations go multi-cloud Resilience against single-provider outage. Regulator preference (RBI may prefer certain providers for specific workloads). Best-of-breed (Azure for M365 integration, AWS for ML, GCP for data analytics). Vendor leverage in negotiation. Acquired company arrives with different cloud. The multi-cloud security challenges Distinct IAM models: AWS IAM, Azure RBAC, GCP IAM each have […]
Module 19 · Cloud Security Posture Management (CSPM) at Production Scale
What CSPM tools do Connect to cloud accounts via API; continuously enumerate resources and configurations; check against benchmark rules; report findings. Tool Strength Prowler (open-source) AWS-focused; broad CIS coverage ScoutSuite (open-source) Multi-cloud (AWS, Azure, GCP) CloudSploit / Aqua (open-source) Multi-cloud; modern UI Wiz, Orca, Palo Alto Prisma Commercial; agentless scanning + risk graph AWS Security […]
Module 11 · Service Mesh Security — Istio, Linkerd, mTLS
Why this module exists. “We added Istio and now we have zero trust.” No, you don’t. Service mesh adds powerful primitives — mTLS, identity-aware authorization — but most installations use ~20% of those primitives. The remaining 80% is where attacks live. What service mesh actually does An Envoy / Linkerd-proxy sidecar intercepts every request entering […]
Module 10 · Container Escape — From Pod to Node
Why this module exists. Containers are isolation, not security. The Linux kernel boundary between container and host has historically had escape paths every 6-18 months. Most enterprises run Kubernetes with Pod Security policies set to “permissive” because it’s the default. Every red team checks for container-escape primitives first. What “container escape” means A process inside […]
Module 9 · Azure RBAC & Privilege Escalation Paths
Why this module exists. Azure has two parallel permission systems — RBAC for management plane (resources), Entra ID roles for identity plane. Most engineers treat them as one. Attackers know they’re separate, and the mismatched grants are where privilege escalation lives. The two-plane model Management plane (Azure RBAC). Who can create / read / modify […]
Module 8 · GCP IAM & Workload Identity Federation
Why this module exists. Every Indian SaaS that adopted GCP after 2022 inherited an IAM model fundamentally different from AWS. The pieces look similar — IAM, service accounts, roles — but the wiring is different and the attack paths are different. If you bring AWS muscle memory to GCP, you’ll either over-permission everything or miss […]
Module 12 · AWS Lambda & Serverless Attack Surface
Why this module exists. Serverless is “no server to harden” — and a new attack surface that most security teams don’t review with the same rigour as VMs. Lambda functions, Cloud Functions, Azure Functions all share patterns: event-triggered execution, IAM-defined permissions, ephemeral compute, third-party dependencies. Each is an attack vector. The Lambda attack surface — […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.