Practitioner-grade cybersecurity content
Technical playbooks, war stories, and how-to-think guides — written by practitioners, anchored to the Indian context.
Want structured, step-by-step learning instead? Explore the Academy (guided courses) or the AI security hub.
Latest articles
Most recent practitioner playbooks across every track. Filter by topic in the sidebar, or use search.
Digital Forensics and Chain of Custody
Order of volatility, RAM and disk imaging, NTFS/Linux artefacts, cloud forensics, mobile forensics, IT Act §65B, BSA admissibility — the practitioner forensic…
AcademyDisaster Recovery — RTO, RPO, Recovery Testing
RTO/RPO tiers, DR architecture patterns (active-active, hot standby, pilot light, backup-restore), drill methodology, ransomware-specific DR, the 3-2-1-1-0 backup rule.
AcademySecure Code Review at Scale
Per-PR vs feature-level vs deep-dive code reviews, OWASP Top 10 hunt patterns, Semgrep custom-rule programme, what humans find that tools miss, rollout…
AcademySecurity Audit Programme and Reporting
Three lines of defence, audit calendar, continuous control monitoring, working papers, common-control framework across ISO/SOC2/PCI/RBI/SEBI, audit-fatigue management.
AcademyPasswordless and FIDO2 Rollout
FIDO2/WebAuthn end-to-end — passkeys vs hardware keys, registration and login flows, account-recovery design, server-side WebAuthn implementation, enterprise rollout sequence.
AcademyFederation — SAML, OIDC, SCIM in Production
SAML 2.0 vs OIDC, SP-/IdP-initiated flows, SCIM provisioning, group-claim mapping, step-up auth, conditional access. Real-world rollout sequence and operational gotchas.
AcademyPrivileged Access Management
PAM controls — vaulting, session brokering, JIT elevation, recording, tiered admin model, PAW, cloud-native PAM. Why PAM is the highest-leverage control for…
AcademyIdentity and Access Management Programme
IAM as a programme — identity sources, JML lifecycle, role design, access reviews, SoD, service accounts, metrics. Why IAM tooling fails without…
AcademyWireless Security and Wi-Fi Attacks — WEP to WPA3, and Why Captive Portals Lie
Wi-Fi has gone through five generations of security: WEP (broken, do not deploy), WPA/WPA2 (still common, still attackable via offline cracking and…
AcademyQuantum-Safe Cryptography Readiness
ML-KEM, ML-DSA, SLH-DSA — what NIST PQC standards mean for 2026 organisations, harvest-now-decrypt-later threat, crypto-agility, hybrid TLS, migration roadmap for Indian banks.