Practitioner-grade cybersecurity content
Technical playbooks, war stories, and how-to-think guides — written by practitioners, anchored to the Indian context.
Want structured, step-by-step learning instead? Explore the Academy (guided courses) or the AI security hub.
Latest articles
Most recent practitioner playbooks across every track. Filter by topic in the sidebar, or use search.
Physical and Environmental Security Programme
Why physical security is a cyber concern — perimeter, building entry, server hall, workstation security, USB controls, red-team physical pen-testing, and integrating…
AcademyHardware Roots of Trust — TPM, HSM, Secure Boot
TPM 2.0, HSM, ARM TrustZone, SGX/SEV, secure-element chips — what HRoT primitives offer, measured boot, key storage, attestation, confidential computing for cloud…
AcademySecurity Architecture Patterns and Models
Reference architectures encode known-good designs — authentication, authorisation, secrets, service-to-service, logging, encryption patterns. Catalogue, deviation process, ARB governance.
AcademyPrivacy Engineering — Tokenisation and k-Anonymity
Privacy-preserving primitives — tokenisation, format-preserving encryption, k-anonymity, l-diversity, differential privacy — when each applies, the engineering trade-offs, and DPDP §10 implications.
AcademyCASB and SaaS Data Governance
CASB modes (forward proxy, reverse proxy, API), SaaS-to-SaaS OAuth governance, shadow-IT discovery, sensitive-data inventory across 200+ SaaS apps, and the rollout pattern…
AcademyData Loss Prevention at Scale
DLP that works in 2026 — endpoint, network, cloud, email channels; pattern + classifier rules; rollout sequence (audit → block); fatigue management;…
AcademyData Classification and Labelling Programme
Building a data classification programme that engineering and business actually adopt — taxonomy, labelling tools (MIP, Google Drive labels), enforcement, DLP integration,…
AcademyCybersecurity Law for Indian Practitioners
IT Act, BNS/BSA replacement of IPC/Evidence Act, DPDP Act 2023, sectoral regulations (RBI/SEBI/IRDAI), CERT-In directions, evidence handling — a practitioner map of…
AcademyBusiness Continuity and Disaster Recovery
BCP and DR end-to-end — BIA, RTO/RPO, recovery strategies, plan documentation, drill cadence, ransomware-aware DR, and the operational discipline that makes plans…
AcademySocial Engineering Defence
Phishing, vishing, smishing, BEC, deepfake voice/video, MFA fatigue — modern social engineering and the layered defence programme: tooling, training, simulation, executive protection.