Cybersecurity

Build practical security judgement across identity, web risk, detection, and response using plain language, realistic scenarios, and defensible evidence.

This course is written for people who need to understand security decisions without being buried in jargon or vendor theatre. By the end, you should be able to explain what matters, where the exposure sits, and what to do about it.

28 hours4 stages, 25 modulesBeginners welcomeFree, no account

Start with Module 1

What you will learn

Explain core cybersecurity concepts including the CIA triad, risk and controls in plain language
Apply structured threat modelling to simple systems and identify assets, actors and entry points
Use interactive tools to assess passwords, URLs, hashes and risk matrices
Relate enterprise security decisions to frameworks such as NIST CSF 2.0 and Cyber Essentials
Design high-level secure architectures for web and cloud-based systems
Communicate security risks and mitigations to non-technical stakeholders

Who this course is for

Non-technical professionals wanting to understand cybersecurity
Students studying computing, IT or business
Small business owners responsible for their own security
Developers who need security awareness
Teams preparing for the current Cyber Essentials question set or similar certifications

Prerequisites: None. Course starts from absolute basics with everyday examples.

Course curriculum

Read the modules in order on the first pass. Use the practice and stage tests when you want a stricter check on what stuck.

Stage 1. Foundations

9 modules · 8 hours

1What cybersecurity is and is not30 min 2Risk and outcomes30 min 3Data and integrity30 min 4Networks and transport30 min 5CIA triad and simple attacks30 min 6Identity and access30 min 7Human factors and phishing30 min 8Privacy and everyday data protection25 min 9Foundations capstone25 min PracticePractice testUntimed Stage testStage test30 min

Stage 2. Applied cybersecurity

7 modules · 8 hours

10Threat modelling as design30 min 11Identity and access control30 min 12Web application security30 min 13API and service security28 min 14Verification and release gates25 min 15Logging and detection basics25 min 16Applied capstone35 min PracticePractice testUntimed Stage testStage test30 min

Stage 3. Practice and strategy

9 modules · 11 hours

17Secure software development lifecycle45 min 18Exposure reduction and zero trust50 min 19Runtime and cloud security50 min 20Supply chain security30 min 21Vulnerability management28 min 22Detection and incident response32 min 23Privacy, ethics, and auditability30 min 24System quality attributes26 min 25Professional practice capstone40 min PracticePractice testUntimed Stage testStage test20 min

Cybersecurity summary and games

1 hour

A recap and practice space to consolidate judgement with scenarios and short drills.

Standards and references

This course is aligned to the following standards, frameworks, and certification objectives.

1NIST Cybersecurity Framework (CSF) 2.0 (2024)
2OWASP Top 10 (2025)
3OWASP ASVS 5.0.0
4ISO/IEC 27001:2022 Information security management systems
5CIS Controls v8.1
6MITRE ATT&CK v18.1
7IASME Cyber Essentials current question-set preview
8CompTIA Security+ (SY0-701)