Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Google Cloud Platform · modules
GCP IAM, networking, VPC Service Controls, Workload Identity Federation, Confidential Computing.
Module 4 · VPC Service Controls
VPC Service Controls = GCP’s data-exfiltration defence. Define a perimeter; data can’t leave it even with valid credentials. The model Perimeter wraps GCP services + projects Inside perimeter: free communication Outside attempting to access services inside: blocked unless explicit ingress rule Inside attempting to send to outside: blocked unless explicit egress rule Common patterns Lock […]
Module 5 · BigQuery Security
BigQuery is the most-used data warehouse for Indian fintech. Security model is rich; most teams use 30%. Access patterns Dataset-level — coarse; user can see entire dataset or none Authorized views — view exposes subset to other users without granting access to underlying tables Row-level security — policies restrict which rows a user sees Column-level […]
Module 6 · Google Secret Manager
GCP’s native secrets store. Simpler than Vault; sufficient for most. Features Versioned secrets (latest, specific version) IAM-scoped access Replication policies (auto / user-managed) Cloud KMS encryption Audit log per access Secret Manager Notifications for rotation triggers Pattern gcloud secrets create my-secret --replication-policy=automatic gcloud secrets versions add my-secret --data-file=./secret.txt # In application from google.cloud import secretmanager […]
Module 7 · Cloud Armor for WAF & DDoS
Cloud Armor = Google’s edge security. WAF + DDoS + bot mitigation. Layers Standard — basic L3/4 DDoS, included with HTTP(S) load balancer Plus — adaptive DDoS protection, ML-based, paid tier WAF rules — preconfigured (OWASP CRS) + custom Bot management — reCAPTCHA Enterprise integration Common WAF rules OWASP CRS (XSS, SQLi, RCE, LFI/RFI) Custom […]
Module 8 · GKE Autopilot Security
GKE Autopilot = Google manages nodes; user manages workloads. Security defaults are enforced; less flexibility. What’s enforced Workload Identity Shielded GKE Nodes Network Policy Container-Optimized OS Auto-upgrade Limited node-level access (no SSH) Tradeoffs Higher per-pod cost than Standard Some advanced features (DaemonSets in kube-system, custom kernel modules) not allowed For most teams: tradeoff worth it […]
Module 9 · Binary Authorization
Binary Authorization = admission controller for GKE/Cloud Run. Only deploy images that pass policy. How it works Build pipeline produces image + attestation (using Cloud KMS-signed key) Binary Auth policy specifies required attestations Deploy attempt: image checked against policy Match → allow; no match → deny Common policies “Image must be from this Artifact Registry” […]
Module 10 · Cloud DLP
Cloud DLP API: detect and transform sensitive data at scale. Built-in detectors Aadhaar number, PAN, Indian phone, credit card, email, US SSN, names, addresses — 100+ infoTypes. Use cases Scan BigQuery datasets for PII; report findings Tokenise PII before storing (FPE — format-preserving encryption) Mask in real-time during data export De-identify production data for dev […]
Module 11 · Security Command Center
SCC = GCP’s security findings hub. Like Defender for Cloud (Azure) or Security Hub (AWS). Tiers Standard — free; CIS benchmark scanning, basic IAM recommender Premium — Container Threat Detection, Event Threat Detection, Web Security Scanner, Compliance modules What it surfaces Misconfigurations (open buckets, weak IAM) Vulnerabilities in workloads Threat indicators (anomalous IAM grant, suspicious […]
Module 12 · Confidential Computing
Confidential Computing = data encrypted in use, not just at rest and in transit. Hardware-based memory encryption. GCP options Confidential VMs — based on AMD SEV-SNP or Intel TDX Confidential GKE Nodes — same hardware for K8s workloads Confidential Spaces — for multi-party computation Use cases Process sensitive data without exposing to cloud admin Multi-party […]
Module 3 · GCP Organisation Hierarchy
GCP’s hierarchy is the foundation of multi-project security. Levels Organisation — top; tied to your Google Workspace / Cloud Identity domain Folders — group projects (by environment, business unit) Projects — workload boundary; resources live here Resources — buckets, instances, etc. IAM inheritance Roles granted at higher levels apply to all child resources. Org-level Owner […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.