RingSafe Academy

Learning Tracks

Every track is a curated sequence of practitioner modules. Start with module 1, finish at your own pace. Tracks below are listed alphabetically.

Active Directory Security

Red-team and blue-team AD. Kerberos, BloodHound, defensive hardening, ADFS.

LLMOps for working engineers. vLLM, serving, quantization, GPU cost engineering, observability, scaling inference clusters that do not bankrupt the team.

Zero to working knowledge. Tokens, embeddings, context windows, evaluation. Read an arXiv abstract without panicking. Know when AI is the wrong tool.

For leaders and policy practitioners. ISO/IEC 42001, NIST AI RMF, DPDP × AI, RBI directions, EU AI Act for engineering teams. Policy, controls, audit trails.

AI Practitioner Path

From "what is a token?" to "I can red-team production AI systems." Tokens, prompts, RAG, fine-tuning, AI security — security mindset baked in.

AI / LLM Security — Beginner to Expert

22 modules, theory + hands-on. Prompt injection, data poisoning, agent threat models, building your own AI, optimisation, and reverse-engineering trending products like Cursor & Perplexity.

API Security Deep Dive

OWASP API Top 10, JWT/OAuth, GraphQL, rate limiting, gateways and zero-trust at scale.

Attacker Mindset — Active Directory

Fragile-by-design AD, BloodHound graphs, ACL abuse, ADCS (ESC1-16), trusts, delegation, hybrid attacks.

Attacker Mindset — Cloud

Shared responsibility reality, IAM sprawl, metadata endpoints, K8s + serverless + supply chain, data exposure, cloud-specific detection.

Attacker Mindset — Network

Segmentation, Layer 2 trust, C2 evasion, Kerberos, VPN, BGP, OT, wireless — why each class of network attack persists.

Attacker Mindset — Web

Why each web vuln class exists — trust boundaries, grammar confusion, authorization drift. Mindset first, tools second.

Microsoft Azure & M365

Entra ID, Azure resources, M365 — the Microsoft cloud security stack.

Business Continuity & Disaster Recovery

RTO and RPO, runbooks, tabletop exercises, dependency mapping — the operational craft of recovering from incidents that take systems offline.

Blue Team / SOC Operations

How defenders actually work. SOC structure, SIEM, detection engineering, EDR, malware triage.

Cloud Security Practitioner

AWS → Azure → GCP → Kubernetes. Real hardening, not checklists.

Cryptography & PKI

Modern crypto primitives, TLS, PKI architecture, secrets management at scale.

Cybersecurity Law — India

IT Act 2000, DPDP Act 2023, Intermediary Rules, CERT-In directions — the legal frame every Indian security practitioner must know.

Data Protection & Privacy Engineering

Data classification, DLP at scale, tokenisation, k-anonymity, CASB and SaaS data governance — the full data lifecycle, secured.

Security in the SDLC. SAST/DAST/SCA, IaC, CI/CD hardening, software supply chain.

DPDP Compliance Practitioner

Act, Rules, operations. From theory to shipping a compliant product.

Digital Forensics

Disk imaging, memory analysis, timeline reconstruction, chain of custody — the practitioner craft of forensic investigation.

Google Cloud Platform

GCP IAM, networking, VPC Service Controls, Workload Identity Federation, Confidential Computing.

Security Governance for CISOs

Security governance for senior practitioners. Board reporting, risk tolerance, policy architecture, programme metrics and the business of security.

GRC, ISO 27001 & SOC 2

Governance, risk, compliance. ISO 27001, SOC 2, vendor risk, internal audits.

Ethical Hacking Tools

Nmap, Burp Suite, Metasploit, Hashcat, Mimikatz — the core offensive toolkit.

Identity & Access Management

Identity is the new perimeter. AAA, federation (SAML, OIDC, SCIM), PAM, passwordless / FIDO2, identity governance — the full identity stack for modern environments.

IoT & OT Security

Connected devices and industrial control systems. Hardware, firmware, ICS protocols, safe OT testing.

Malware Reverse Engineering

Static and dynamic malware analysis, sandboxing, unpacking, indicator extraction — turning samples into actionable intelligence.

Mobile App Penetration Testing

Android + iOS pentesting. Frida, Objection, keychain, API surface, defeating hardening.

OSI layers, TCP/IP, subnetting, packet analysis — the foundation of every security skill.

Physical & Environmental Security

Facility design, access control, environmental hazards, secure destruction — the physical foundation that information security rests on.

Quantum Computing for Security Practitioners

Qubits, superposition, Shor and Grover, lattice-based post-quantum cryptography. From quantum mechanics fundamentals to deploying ML-KEM and ML-DSA in production.

Red Team Operations

Adversary simulation: initial access, C2, lateral movement, defeating modern EDR.

Risk Management Practitioner

Quantitative and qualitative risk management. FAIR, ISO 27005, risk registers, control selection, risk acceptance — how risk actually informs decisions.

Security Architecture

Secure-by-design patterns, hardware roots of trust, formal security models. From Bell-LaPadula to production zero-trust deployments.

Security Audit Practitioner

Conducting effective security audits: gap analysis, evidence gathering, control testing, defensible audit reporting.

Writing code that does not bleed. OWASP defensive patterns, language-specific pitfalls, SAST, dependency security and supply chain.

Social Engineering Defence

Defending against phishing, vishing, pretexting and physical social engineering. Awareness programmes that change behaviour, not just slides.

System Security

Hardening and operating systems defensively. Linux, Windows, logging, containers.

Cyber Threat Intelligence

OSINT, ATT&CK, Pyramid of Pain, and intel-driven hunting — actionable CTI.

Web Application Penetration Testing

From HTTP fundamentals to business-logic exploitation. The complete path.