Course overview
Build practical security judgement across identity, web risk, detection, and response using plain language, realistic scenarios, and defensible evidence.
Start at the top, move stage by stage, then use practice and stage tests when you want a stronger check.
Stage 1 of 3
Friendly on-ramp for data, networks, passwords, phishing and everyday defences using in-browser practice tools.
Level 1 of my cybersecurity course. Data, networks, attackers, and everyday defences with hands-on practice.
Start here
Friendly on-ramp for data, networks, passwords, phishing and everyday defences using in-browser practice tools.
Level 1 of my cybersecurity course. Data, networks, attackers, and everyday defences with hands-on practice.
Module 1
Cybersecurity is the practice of reducing risk in digital systems .
Keep this sequence in mind whenever a new threat or tool appears.
Not started
Module 2
Security is risk management.
This module maps well to the “risk and governance” parts of common frameworks and syllabi, including CISSP domain language and the NIST CSF “Identify” thinking.
Not started
Module 3
I want you to see how data turns into bits, how meaning is encoded, and why small changes can quietly break integrity.
Use the right parser for the data format instead of ad hoc string handling.
Not started
Module 4
Networks move data in pieces, not in one blob.
Packet Metadata Port Protocol Network security concepts
Not started
Module 5
CIA is a simple lens I use to explain what went wrong and what to fix first.
Once you can name the impact clearly, choosing controls becomes calmer and more defensible.
Not started
Module 6
Identity is where most real world attacks start because stolen access is cheaper than breaking encryption.
This module is about calm, repeatable habits that reduce the damage when credentials leak.
Not started
Module 7
If we design the system so the safe action is slow and awkward, people will route around it.
This module is about making security human, practical, and repeatable.
Not started
Module 8
Privacy is not only a legal idea.
It is a safety idea.
Not started
Module 9
This capstone turns learning into action.
Keep it calm and practical.
Not started
Practice test
Test recall and judgement against the governed stage question bank before you move on.
Use this after the stage modules when you want to spot weak areas without the pressure of a timed assessment. Includes 20 published questions.
Stage test
Take the stage-end test when you want a governed timed check before the next stage.
Use this after practice when you want a stronger signal. 20 questions, 80% pass mark.
Stage 2 of 3
Think like attackers and defenders with threat modelling, web auth flows, common vulns, logs, and risk trade-offs.
Level 2 of my cybersecurity course. Applied threat modelling, attack surfaces, identity, detection and risk trade offs with hands-on practice.
Start here
Think like attackers and defenders with threat modelling, web auth flows, common vulns, logs, and risk trade-offs.
Level 2 of my cybersecurity course. Applied threat modelling, attack surfaces, identity, detection and risk trade offs with hands-on practice.
Module 1
Security improves fastest when I can answer one question clearly.
A threat model is a simple story about risk.
Not started
Module 2
Authentication answers who you are.
A session is a bridge in a stateless world.
Not started
Module 3
Most breaches start with what is exposed, not with exotic zero days.
Operating systems run services, services open ports, and apps expose inputs.
Not started
Module 4
When you review an API, focus on these ideas.
Check identity and permission on every sensitive action server side.
Not started
Module 5
In practice, you verify three things.
The safeguard is present on the true enforcement point, not only in the interface.
Not started
Module 6
Prevention is never perfect.
I log what I fear.
Not started
Module 7
This capstone is a short design review.
Choose one feature you understand.
Not started
Practice test
Test recall and judgement against the governed stage question bank before you move on.
Use this after the stage modules when you want to spot weak areas without the pressure of a timed assessment. Includes 18 published questions.
Stage test
Take the stage-end test when you want a governed timed check before the next stage.
Use this after practice when you want a stronger signal. 18 questions, 80% pass mark.
Stage 3 of 3
Join up governance, secure design, DevSecOps, CVEs, incident response and business-focused risk thinking.
Level 3 of 3: crypto in practice, secure architecture, detection and response, and governance you can apply in real organisations.
Start here
Join up governance, secure design, DevSecOps, CVEs, incident response and business-focused risk thinking.
Level 3 of 3: crypto in practice, secure architecture, detection and response, and governance you can apply in real organisations.
Module 1
Security becomes real when it is built into how work ships.
A secure SDLC is not a list of gates that slow teams down.
Not started
Module 2
Zero trust is simple.
Patterns that help include strong identity and device posture, least privilege, service to service authentication, network policy that defaults to deny, explicit trust boundaries, and observability.
Not started
Module 3
Crypto is only useful when it is applied correctly.
Good practice includes modern suites, short lived certificates, hardware backed keys where possible, least privilege access to key stores, and a rotation story that you have actually exercised.
Not started
Module 4
Supply chain risk is the uncomfortable truth that you inherit other people’s security decisions.
Libraries, build tools, CI runners, contractors, and SaaS vendors all become part of your system.
Not started
Module 5
Vulnerability management is not a panic feed.
Check whether the vulnerable path is reachable from untrusted zones.
Not started
Module 6
Detection closes the gap between compromise and action.
Before the tools, agree on the decision you are practising.
Not started
Module 7
This section is the glue.
Cyber is not only for the security team.
Not started
Module 8
System ilities are the properties that decide whether you survive a bad day.
Reliability, recoverability, auditability, and the ability to change safely.
Not started
Module 9
Pick one system you understand.
Produce a short professional pack you could defend in a review.
Not started
Practice test
Test recall and judgement against the governed stage question bank before you move on.
Use this after the stage modules when you want to spot weak areas without the pressure of a timed assessment. Includes 12 published questions.
Stage test
Take the stage-end test when you want a governed timed check before the next stage.
Use this after practice when you want a stronger signal. 12 questions, 80% pass mark.