Practitioner-grade cybersecurity content
Technical playbooks, war stories, and how-to-think guides — written by practitioners, anchored to the Indian context.
Want structured, step-by-step learning instead? Explore the Academy (guided courses) or the AI security hub.
Latest articles
Most recent practitioner playbooks across every track. Filter by topic in the sidebar, or use search.
Module 3 · SOC 2 for Indian SaaS
Type 1 vs 2, Trust Services Criteria, audit lifecycle, critical controls, choosing an auditor, India-specific gotchas.
AcademyModule 2 · ISO 27001:2022 Implementation
Required documents, the SoA, 2022 control structure, implementation timeline, common gaps for Indian implementations.
AcademyModule 1 · GRC Fundamentals
Governance, risk, compliance — the operating loop, frameworks, board reporting, common program failures.
AcademyModule 5 · IoT/OT Lab Walkthrough
Build a small ICS lab with OpenPLC, ScadaBR, run a complete assessment cycle, hardening, detection.
AcademyModule 4 · OT Security Testing Methodology
Safe OT assessment phases, scoping rules, dual-track reporting for engineering and CISO, India-focused compliance.
AcademyModule 3 · Industrial Control Protocols
Modbus, DNP3, OPC-UA, S7Comm, EtherNet/IP, BACnet — protocol attack surfaces and defenses.
AcademyModule 2 · IoT Device Security Testing
Hardware reconnaissance, UART/JTAG, firmware extraction with binwalk, BLE/Zigbee testing, cloud API audit.
AcademyModule 1 · IoT & OT Security Fundamentals
IoT vs OT, the Purdue model, defender constraints, threat landscape, notable real-world OT incidents.
AcademyModule 5 · API Gateways & Zero-Trust at Scale
Kong, Apigee, AWS API Gateway, service mesh (Istio, Linkerd), zero-trust architecture, observability stack.
AcademyModule 4 · Rate Limiting & API Abuse Prevention
Algorithms (token bucket, sliding window), enforcement layers, Redis Lua patterns, abuse patterns and defenses.