🛡

Learning Track · 15 modules

System Security

Hardening and operating systems defensively. Linux, Windows, logging, containers.

Why this track

Hardening and operating systems defensively. Linux, Windows, logging, containers. This track walks you from fundamentals through advanced techniques across 15 practitioner modules — the same body of knowledge senior security professionals build over years, structured for self-paced progression with India-specific context throughout.

Prerequisite: See module 1 for entry context. Most modules are self-contained but follow the suggested sequence for best results.

Modules

13.5 h

Total time

Free modules

∞

Quiz retries

Difficulty mix

Beginner · 2 Intermediate · 9 Advanced · 4

Module sequence

Linux Hardening Fundamentals

You get root on a fresh Linux server. Now what? Default installs — whether Ubuntu, RHEL, Amazon Linux — are not hardened out of the box. This module is your opinionated checklist: the baseline controls every production Linux server should have before it sees traffic. The hardening stack Network — firewall, SSH, services Users & […]

Beginner 60 min →

Windows Security Fundamentals

Windows hardening looks different from Linux. Different tools, different attacker tradecraft, different audit surface. This module covers the baseline every production Windows server and Windows 10/11 workstation should have — without drowning you in 500 pages of MS docs. The hardening stack Authentication — MFA, account policies, Credential Guard Network — firewall, SMB, RDP Endpoint […]

Beginner 60 min →

System Auditing and Logging

Detection requires visibility. Visibility requires logs. If your systems fall silent, you cannot investigate, cannot alert, cannot prove compliance. This module is about what to log, where to send it, and how to get real signal out of raw events. The logging stack Generation — the system produces events (auth, syscalls, application logs) Collection — […]

Intermediate 90 min →

Container Security Deep Dive

Containers are everywhere in 2026. Docker, Kubernetes, serverless platforms that are containers underneath. This module covers the security concerns specific to the container layer — separate from the Kubernetes module (Cloud Security M4) which focused on orchestration. Here: image supply chain, runtime isolation, secrets, and container escape. What a container is (and isn’t) A container […]

Intermediate 90 min →

Privilege Escalation Defence

Root escalation — getting from “regular user” to “root” or SYSTEM — is how most breaches turn catastrophic. A foothold becomes domain compromise via privilege escalation. This module covers the technique classes, the defences, and what a practitioner should be able to recognise on both the offensive and defensive sides. The privesc landscape Privilege escalation […]

Advanced 120 min →

Memory Forensics

Memory forensics is the discipline of examining volatile memory (RAM) to find evidence that disk-only forensics miss. Credentials cached in memory, in-memory malware, injected code, encrypted traffic plaintext — all live only in RAM. This module covers the tooling and workflow. Why memory forensics Traditional disk forensics recovers files, logs, persistence. Memory adds: Process list […]

Advanced 120 min →

Incident Response Playbook

An incident response (IR) playbook is the written plan your team executes when things go wrong. Not the feature of a tool, not an idea, not a slide deck — a concrete document that says “when X happens, do Y, then Z, with owner A accountable.” This module covers playbook structure, the core playbooks every […]

Intermediate 90 min →

M10

Windows Hardening — GPO Baseline

Microsoft publishes Security Baselines for Windows Server and Windows 10/11. Adoption rate in Indian enterprises: low. The Microsoft Security Baseline Free GPO templates from Microsoft. Includes 200+ settings tuned for security. Apply via Group Policy or Intune. High-impact specific settings Credential Guard on Windows 10/11/Server 2019+ Application Control (WDAC) / AppLocker BitLocker with TPM + […]

Intermediate 25 →

M12

EDR Evasion — Defender View

Modern EDRs (CrowdStrike, SentinelOne, Defender for Endpoint, Carbon Black) hook into kernel and user space. Attackers evolved evasion. Knowing the techniques helps defenders evaluate detection coverage. Common evasion techniques Process injection variants — APC injection, atom bombing, CTRL injection, NtMapViewOfSection. Each evades signature-based hooks. AMSI bypass — disable Microsoft’s anti-malware scan interface in-process. Many published […]

Advanced 25 →

M13

macOS Security in Enterprise

macOS isn’t niche anymore. Most Indian SaaS startups have 30-50% Macs. Security model differs from Windows. Native protections Gatekeeper — only signed/notarised apps run by default XProtect — Apple’s anti-malware System Integrity Protection (SIP) — even root can’t modify protected paths FileVault — full-disk encryption App Sandbox + Hardened Runtime — for App Store apps […]

Intermediate 20 →

M14

Disaster Recovery — RTO, RPO, Tabletop

Backups are the last line. They are also the prime target — modern ransomware encrypts backups before triggering payload. DR design must assume backups are attacker-accessible. RTO and RPO defined RTO (Recovery Time Objective) — how long you can be down RPO (Recovery Point Objective) — how much data you can lose Per-system RTO/RPO. Critical: […]

Intermediate 25 →

M15

Vulnerability Management Programme

Module 13 (DevSecOps) covered triage. This module is the program around it. Programme components Asset inventory — what to scan; tagged with owner, criticality Scanning cadence — Tenable / Qualys / Rapid7 weekly for infrastructure; daily for cloud (CSPM) Triage process — EPSS + KEV + reachability Patch SLAs — by criticality and exposure Exception […]

Intermediate 20 →

M16

Zero Trust Architecture

Zero trust is a posture, not a product. Module 16 (Cloud track) covered ZTNA specifically. This module is the architectural view. The seven pillars (NIST) User/identity Device Network/environment Application/workload Data Visibility/analytics Automation/orchestration Core principles Never trust; always verify Assume breach Least privilege Continuous verification Phased rollout (24-36 months realistic) Identity — strong IdP, MFA, conditional […]

Advanced 25 →

M17

Asset Inventory at Scale

Asset inventory is the unsexy foundation of every other security control. Without it, vuln management, IR, audit response all fail. What “asset” means in 2026 Physical and virtual servers Endpoints (laptops, desktops) Mobile devices Cloud accounts, projects, subscriptions Cloud resources (instances, storage, databases, functions) Containers and Kubernetes workloads Internet-exposed services (per Module 6, API track) […]

Intermediate 20 →

M18

Business Continuity Planning

BCP > DR. Disaster Recovery is the IT subset of Business Continuity. BCP includes processes, people, vendors, communications. Business Impact Analysis (BIA) Per business process: how long can it be down? What’s the financial / reputational / regulatory impact? Who depends on it? BCP components Crisis management team — named individuals, alternates, comms plan Critical […]

Intermediate 20 →

Common questions about this track

How long will this track take me? +

Most learners finish in 4-8 weeks at a sustainable 4-5 hours per week. Modules are self-paced so you can move faster or slower as life allows.

Do I need prior experience? +

Module 1 sets the entry baseline. The first module is always free; if it feels approachable, the track is for you.

Will this prepare me for industry certifications? +

Most modules align with the body of knowledge tested by senior security certifications. The Academy is not a cert-prep course but produces working knowledge that transfers to any cert exam in the same domain.

Ready to start?

Begin with Module 1. Work through at your own pace. Free modules require no signup — everything else unlocks with a free RingSafe Academy account.

Start Module 1 → View pricing tiers 🗺️ Explore Skill Map