Knowledge Hub

Practitioner-grade cybersecurity content

Technical playbooks, war stories, and how-to-think guides — written by practitioners, anchored to the Indian context.

Want structured, step-by-step learning instead? Explore the Academy (guided courses) or the AI security hub.

Latest articles

Most recent practitioner playbooks across every track. Filter by topic in the sidebar, or use search.

Module 6 · Risk Treatment — Mitigate, Transfer, Accept, Avoid

Why this module exists. A risk register that produces no closed risks is a registry, not a programme. The treatment lifecycle is…

May 14, 2026 · 5 min read

Academy

Module 5 · Third-Party and Supply-Chain Risk Management

Why this module exists. The threat model has shifted. The hardest perimeter to defend now is your vendors’ perimeter. This module is…

May 14, 2026 · 4 min read

Academy

Module 4 · Building a Risk Register That Drives Decisions

Why this module exists. Every Indian enterprise has a risk register. Few have one anyone uses to decide what to fund. The…

May 14, 2026 · 4 min read

Academy

Module 3 · Qualitative Risk Assessment — ISO 27005 / NIST 800-30 Done Well

Why this module exists. Done well, qualitative risk assessment is cheap, repeatable, and good enough for 90% of decisions. Done badly, it…

May 14, 2026 · 4 min read

Academy

Module 2 · Quantitative Risk Analysis with FAIR

Why this module exists. Boards make decisions in money. Heat maps in red, amber, green do not translate to “should we spend…

May 14, 2026 · 4 min read

Academy

Module 6 · Awareness Programmes That Change Behaviour

Why this module exists. Awareness training is the single most-funded, least-effective security investment in most Indian enterprises. The right structure — frequent,…

May 14, 2026 · 4 min read

Academy

Module 5 · Physical Social Engineering — Tailgating, Badge Cloning, USB Drops

Why this module exists. Physical access still beats remote-only attacks for certain target classes — server-room access to a regulated bank, badge-room…

May 14, 2026 · 5 min read

Academy

Module 4 · Business Email Compromise (BEC) — Four Variants and the Defender Stack

Why this module exists. BEC does not need malware, credential theft, or AiTM phishing. It only needs to convince one finance person…

May 14, 2026 · 4 min read

Academy

Module 3 · Vishing, Smishing & WhatsApp Pretext — The Indian Voice Channel

Why this module exists. The corporate phishing-defence stack — DMARC, anti-phishing platforms, FIDO2 — does not protect against an attacker calling the…

May 14, 2026 · 4 min read

Academy

Module 2 · Phishing — AiTM, MFA Bypass, and the 2026 Defender Stack

Why this module exists. Email-borne phishing is no longer “click this link, enter password.” Modern kits proxy the entire login flow, capture…

May 14, 2026 · 4 min read

← Newer 1 … 17 18 19 20 21 … 91 Older →