SB
Spandana Bala
SOC Analyst
Hyderabad · India
Now at · Microsoft
Class 014 · CYBER SECURITY & AI AGENTS · RED + BLUE + AI SECURITY
Cyber Security
+ AI
Agents
Master end-to-end Cyber Security with Agentic AI. Run Red Team + Blue Team operations across ethical hacking, SOC with Splunk and Sentinel, and AWS / Azure / GCP cloud security, then ship the PayKart Fintech project and deploy an AI Security Coding Agent.
3mo
duration
100+
modules
4.7/5
class rating
100k+
enrolled
Where our Cyber Security alumni work
Microsoft
Amazon
SalesforceAI Engineer
Deloitte
Infosys
Accenture
TCS
Wipro
Capgemini
Cognizant
HCL
MicrosoftAmazonSalesforceAI EngineerDeloitteInfosysAccentureTCSWiproCapgeminiCognizantHCL
What you leave with
Four things every Cyber Security grad walks away with.
01
Agent-Ready security skills
Full Red + Blue stack — SIEM (Splunk, Sentinel), pentesting, cloud security, DevSecOps, GRC, forensics — plus AI Security with OWASP LLM/ASI Top 10, DeepTeam, and MCP Security.
02
Two shipped projects
The PayKart Fintech Security Programme (8 deliverables across SOC, pentest, cloud, AppSec, DPDP) plus an AI Security Coding Agent built on LangGraph + Claude Agent SDK + MCP for autonomous triage.
03
Verifiable credential
2026 Agent-Ready rubric mapped to Security+, CEH/eJPT/OSCP, AZ-500/CCSP, CISSP/CISM, plus the new CAISP for AI security, graded 1–5, with a public verification URL recruiters can check in 30 seconds.
04
Direct placement pipeline
GitHub + LinkedIn portfolio rewrite, security-tuned resume rebuild, and warm intros into our 1,000+ hiring partners actively staffing SOC, Pentest, Cloud Security, and AI Security roles.
3 MONTHS · FOUR PHASES · TWO CAPSTONES
From “opens a SOC ticket” toships agentic AI defence..
Weeks 1–2 · Foundations
IT/AI + Python for Security + Networking Fundamentals
- Python for Security — scapy, paramiko, python-nmap automation
- 2026 threat landscape — ransomware, APTs, deepfakes, AI phishing
- TCP/IP, OSI model, and Wireshark packet analysis
- Linux/Windows hardening, CIA triad, and defence in depth
YOU SHIPA Python security toolkit (port scanner, log analyser, IoC extractor) plus a Linux hardening checklist and Wireshark pcap analysis.
Weeks 3–7 · Defensive Security Core
Cryptography + Network Defence + Cloud + AppSec
- Cryptography — AES, RSA, TLS 1.3, PKI with OpenSSL
- IAM, Zero Trust, FIDO2/WebAuthn, OAuth 2.0, and secrets management
- Network defence — NGFW, Snort, Suricata, EDR/XDR, and VPNs
- Cloud security across AWS, Azure, GCP, plus DevSecOps and AppSec
YOU SHIPA defensive portfolio — internal PKI, Zero Trust IAM, AWS/Azure/GCP baselines, and a DevSecOps CI/CD pipeline with SAST/DAST gates.
Weeks 8–12 · Offensive + SOC Operations
Ethical Hacking + SIEM/SOC + Threat Hunting + Forensics
- PTES framework, OSINT, Nmap, Nessus, and Metasploit
- OWASP Web Top 10 attacker view with Burp Suite and OWASP ZAP
- SOC operations with Splunk, Microsoft Sentinel, and MITRE ATT&CK
- Threat hunting, SOAR, threat intelligence, and digital forensics
YOU SHIPA PTES pentest report, a SOC playbook library mapped to MITRE ATT&CK with Splunk/Sentinel detection rules, and a full DFIR analysis.
Weeks 12–16 · GRC + AI Security + Projects
Master GRC + the 2026 flagship AI Security & Agentic AI Defence — and ship TWO integrated projects (PayKart Fintech + AI Security Coding Agent) that close every cybersecurity interview.
GRC + Indian Regulations — ISO 27001 (93 controls), NIST CSF 2.0, GDPR/PCI-DSS/HIPAA/SOX. India focus — the DPDP Act 2023 now in active 2026 enforcement (penalties up to ₹250 crore), RBI Cybersecurity Framework, SEBI Cyber Resilience, CERT-In 6-hour incident reporting. AI Security & Agentic AI Defence (the flagship) — OWASP LLM Top 10 (2025) all 10 vulnerabilities (prompt injection → unbounded consumption), OWASP ASI Top 10 (2026) for autonomous agents (Agent Goal Hijack, Tool Misuse, Memory Poisoning, Inter-Agent Communication Attacks). DeepTeam for AI red teaming. MCP Security. Real-world CVE case studies — Flowise CVE-2025-59528, Claude Code CVE-2025-59536, ClawJacked CVE-2026-28363, Grafana AI Companion, Mercor Data Breach. AI governance — EU AI Act, NIST AI RMF, India’s Digital India Act. The CAISP credential prep. 🚀 Final projects — the PayKart Fintech enterprise security programme (8 deliverables D1-D8) AND a deployed AI Security Coding Agent (LangGraph + Claude Agent SDK + MCP exposing SIEMs, TI feeds, vuln DBs).
Partner orgs
(2026)58
Projects
deployed240+
→ Placement
offers93%
Course curriculum
Seven sections. 65+ modules. The AI-native Cyber Security stack.
01
Fundamentals of IT & AI
Foundational track building the conceptual bedrock every cybersecurity
professional needs — application lifecycle, Agile/Scrum, computing infrastructure,
AI/ML/Generative/Agentic AI fundamentals, and real-world digital systems. The context for everything
that follows in the security stack.
Application fundamentals — what applications are, their types, web architecture
Web Technologies — Frontend (HTML, CSS, JavaScript, React) and Backend (Python,
Java, Node.js)
Database Systems — SQL (PostgreSQL, MySQL) and NoSQL (MongoDB)
The seven SDLC phases — Planning, Analysis, Design, Implementation, Testing,
Deployment, Maintenance
Cybersecurity professionals must understand how applications are built before
they can defend or attack them
Methodology Evolution — Waterfall vs Agile, the Agile mindset
Popular frameworks — Scrum, Kanban, Extreme Programming (XP)
Scrum Roles, Events, Artifacts, User Stories
Estimating with story points
Backlog management with Azure Boards, JIRA
Security tasks must integrate into Agile sprints — shift-left security depends on
it
CPU vs GPU — when each matters
Memory, storage, network basics
Why these matter for security tool deployment
IaaS, PaaS, SaaS — the three deployment models
Shared responsibility model — what the cloud provider covers vs what you must
secure
Public, private, hybrid cloud
AI is reshaping cybersecurity in 2026 — from AI-powered phishing to AI-augmented
SOC operations to deepfake detection
Machine Learning — algorithms that improve through experience
Deep Learning — neural networks for complex pattern recognition
Generative AI — systems that generate code, phishing emails, deepfakes
Large Language Models — LLMs that draft attack scripts AND defensive detections
Agentic AI — autonomous systems that plan, reason, act, learn — and the new
attack surface they create
CRM systems — Salesforce, Dynamics — high-value targets for data theft
HRMS — Workday, SAP — sensitive data with strict compliance requirements
Retail & E-Commerce — high-volume payment systems
Healthcare Applications — HIPAA/DPDP-regulated workloads
Domain depth multiplies your security salary — BFSI, healthcare, fintech security
command premium rates
02
Python for Security
Python is the dominant language for cybersecurity automation, exploit
development, and security tooling. Five modules covering the Python depth a security professional
actually needs — lighter than the Python for AI track, focused on security-specific patterns.
Python interpreter installation
Visual Studio Code + Jupyter for security workflows
Variables, identifiers, data types, operators
Control flow — if/elif/else, while, for, match-case
String manipulation — slicing, methods, f-strings
Use case — parsing log files, building wordlists
Lists, Tuples, Dictionaries, Sets — when each is right
List/dict comprehensions for elegant data transformation
Collections module — Counter, defaultdict, deque
Function definition, *args, **kwargs
Lambda functions, map(), filter(), reduce()
Variable scope (LEGB rule)
Use case — building scanning tools, automated reconnaissance
File operations with open() and pathlib
CSV files — csv module for log analysis
JSON files — json module for API responses
Use case — parsing nmap output, scraping data, building OSINT tools
Exception Handling — robust error handling for security tools
Decorators — logging, timing, authentication wrappers
Generators — memory-efficient processing of large packet captures
Context Managers — proper resource management
OOP for security — building reusable scanner classes, attack frameworks
Essential libraries — requests for HTTP, scapy for packet manipulation, paramiko
for SSH automation
Building scanners — Nmap automation with python-nmap
Web scraping for OSINT — BeautifulSoup, requests
Packet analysis — Scapy for crafting packets
Exploit development basics — buffer overflow demos (educational, controlled lab)
SIEM automation — Splunk SDK, Sentinel REST APIs
AI-augmented Python — using LLMs to draft, debug, and review security scripts
Project — build a Python-based security automation toolkit with at least 3
utilities (port scanner, log analyser, IoC extractor)
03
Networking, OS & Security Fundamentals
The bedrock of every cybersecurity career. Before you can defend or attack a
system, you must understand how it communicates, how it is structured, and what principles govern
its security. Seven lessons taking you from the 2026 threat landscape through TCP/IP, Linux/Windows
for security, and the CIA Triad.
Ransomware — the dominant attack class of 2026
APTs (Advanced Persistent Threats) — nation-state actors and their playbooks
Deepfakes — synthetic media attacks against business processes
AI-powered phishing — LLM-generated spear-phishing at scale
CERT-In incident data — 2026 trends
$8 trillion global cybercrime cost
Career roadmap — from SOC L1 to CISO
The 7-layer OSI model
TCP/IP stack — application, transport, internet, link layers
IPv4 vs IPv6 addressing
Subnetting and CIDR — the building blocks of network design
Routing fundamentals
VLANs, trunking, and spanning tree for L2 network design
TCP 3-way handshake — SYN, SYN-ACK, ACK
UDP — connectionless protocol patterns
DNS — query types, DNS exfiltration techniques
DHCP — IP assignment and rogue DHCP attacks
HTTP/HTTPS — the web's protocols
FTP, SSH, Telnet (and why Telnet is forbidden)
SMTP/IMAP/POP3 — email infrastructure
SNMP — network management (and the v1/v2c security risks)
Wireshark — the universal packet analyser
Capture filters vs display filters
Reading TCP, UDP, HTTP traffic
Identifying anomalies and IoCs (Indicators of Compromise)
Hands-on lab — analyse real attack pcaps
Security-focused distributions — Kali, Parrot, Ubuntu
File system, permissions, users/groups
Essential commands — grep, awk, sed, find, netstat, ss, ps, top
Bash scripting for security automation
Log files and journalctl
Hands-on — build a Linux hardening checklist
Windows architecture, the registry
Active Directory basics — domains, forests, trusts
PowerShell fundamentals for both attack and defence
Event Viewer — Windows event logs for incident response
Group Policy for centralised security configuration
Sysinternals essentials — Process Explorer, Autoruns, TCPView
CIA Triad — Confidentiality, Integrity, Availability
AAA — Authentication, Authorisation, Accounting
Defence in depth — layered security
Least privilege and need-to-know principles
Threat actors — from script kiddies to nation-states
Building a personal threat model
04
Cryptography, PKI & Identity
Cryptography is the mathematical backbone of all digital security. Six lessons
taking you from symmetric ciphers to Zero Trust architecture — the modern security paradigm
replacing the traditional perimeter.
Symmetric ciphers — AES, ChaCha20
Asymmetric ciphers — RSA, ECC (Elliptic Curve Cryptography)
Hashing algorithms — SHA-256, SHA-3
HMAC — Hash-based Message Authentication Code
Digital signatures and non-repudiation
Why MD5 and SHA-1 are forbidden — collision attacks
TLS 1.2 vs 1.3 handshake mechanics
Cipher suites — naming conventions, secure choices
Forward secrecy with ephemeral key exchange
Certificate validation — chain of trust
HSTS — HTTP Strict Transport Security
Certificate pinning — preventing MITM
Historical attacks — Heartbleed, BEAST, POODLE
Certificate Authorities (CAs) — root and intermediate
Root of trust and certificate chains
X.509 certificate structure
CSR generation — Certificate Signing Requests
Certificate lifecycle — issuance, renewal, revocation
CRL, OCSP, OCSP stapling — revocation mechanisms
Hands-on — set up an internal CA with OpenSSL
Authentication factors — something you know/have/are
MFA — TOTP, FIDO2/WebAuthn
SSO protocols — SAML 2.0, OAuth 2.0, OIDC
Identity federation patterns
Identity providers — Okta, Azure AD/Entra ID, Auth0
PAM — Privileged Access Management
The "never trust, always verify" principle
Identity-centric vs perimeter-centric security
BeyondCorp and the Google Zero Trust model
ZTNA — Zero Trust Network Access
Micro-segmentation in modern architectures
Real-world Zero Trust deployments
Password storage — bcrypt, scrypt, Argon2 (modern best practice)
Password attacks — brute force, dictionary, rainbow tables, credential stuffing
Secrets management — HashiCorp Vault, AWS Secrets Manager, Azure Key Vault
Detecting hardcoded secrets — TruffleHog, GitGuardian
Hardcoded API keys are the #1 source of cloud breaches — invest here
05
Network Defence, Firewalls & Endpoint Security
The defensive stack. Knowing how to build and operate the defensive layer is the
core skill of every Blue Team professional. Six lessons covering the full defensive perimeter — from
packet filtering to behavioural endpoint detection.
Stateful vs stateless firewalls
Next-Gen Firewalls (NGFW) — Palo Alto, Fortinet, Check Point
Rule design and best practices
Web Application Firewalls (WAF) — AWS WAF, Cloudflare, Imperva
Hands-on — pfSense or iptables configuration
Signature-based vs anomaly-based detection
Snort — open-source IDS, rule writing
Suricata — modern IDS/IPS engine
Network IDS (NIDS) vs Host IDS (HIDS)
Tuning and false positive reduction
IPSec, OpenVPN, WireGuard — VPN protocols
Site-to-site vs remote access VPNs
Network segmentation strategies
DMZ design
Micro-segmentation in modern architectures
Evolution from antivirus → EDR → XDR
CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint
Behavioural analysis and ML detection
Threat hunting from telemetry
Endpoint hardening patterns
WPA2, WPA3, the 802.11i family
WEP/WPA cracking (historical context, defensive understanding)
Evil twin attacks, KARMA, deauth
Wireless IDS patterns
Mobile threat landscape — iOS, Android
MDM solutions — managing fleet devices
IoT attack surface and defence patterns
BYOD policies and enforcement
06
Ethical Hacking & Penetration Testing
The most hands-on section in the programme — the Red Team track. Nine lessons
teaching you to think like an attacker — methodically, legally, and ethically — across every layer
of the modern attack surface.
The PTES (Penetration Testing Execution Standard) — industry framework
Pre-Engagement — define scope, rules, and goals
Engagement lifecycle — Recon → Scanning → Exploitation → Post-Exploitation
Rules of engagement, scope documents, legal considerations
OSINT — Open-Source Intelligence
Shodan, Censys — search engines for connected devices
Google dorking — advanced search operators
Maltego — graph-based OSINT
WHOIS, archive.org
Breach databases — Have I Been Pwned
DNS enumeration
Sub-domain discovery — Sublist3r, Amass
Nmap — full scan types and NSE scripting engine
Nessus / OpenVAS — vulnerability scanning
Service enumeration — SMB, SNMP, LDAP, NFS
Banner grabbing and version detection
Metasploit Framework — end-to-end usage
Manual exploitation techniques
Buffer overflows — conceptual understanding
Authentication bypass, RCE (Remote Code Execution)
Payload generation with msfvenom
Pivoting through compromised hosts
The 10 vulnerability classes every web security professional must master from the
attacker's perspective
A01 Broken Access Control — users access unauthorized resources
A02 Cryptographic Failures — insecure data encryption and protection
A03 Injection — SQLi, NoSQLi, OS command, LDAP — malicious commands executed by
the application
A04 Insecure Design — fundamental application security flaws
A05 Security Misconfiguration — default, unhardened settings
A06 Vulnerable and Outdated Components — known-exploitable libraries and versions
A07 Identification and Authentication Failures — user identity not reliably
verified
A08 Software and Data Integrity Failures — code/data tampering without detection
A09 Security Logging and Monitoring Failures — security events not recorded
A10 Server-Side Request Forgery (SSRF) — application manipulated to attack other
services
Burp Suite — proxy, repeater, intruder, scanner
OWASP ZAP — the open-source alternative
Testing methodology for each OWASP Top 10 vulnerability
Reporting findings with proper severity classification
Linux and Windows privilege escalation techniques
Persistence techniques — services, scheduled tasks, registry
Credential dumping — Mimikatz concepts
Living-off-the-land (LotL) techniques — using built-in OS tools
Professional report structure — Executive Summary, Methodology, Findings
Risk scoring — CVSS v3.1 framework
Remediation recommendations
Stakeholder communication
The report is what clients pay for — invest in writing skills
TryHackMe — guided learning paths
HackTheBox — challenge labs
PortSwigger Academy — web security labs
OSCP-style preparation patterns
Section Project — complete a full pentest engagement on a vulnerable lab
environment with PTES-compliant deliverables
07
SIEM, SOC Operations & Threat Hunting
The Blue Team's operational layer. The modern SOC is undergoing a fundamental
transformation. In 2026, AI handles approximately 40% of L1 alert triage — freeing human analysts to
focus on advanced threat hunting, detection engineering, and incident response. Nine lessons
covering the complete SOC stack.
L1 — Alert Triage — initial investigation, ticket creation, escalation
L2 — Investigation — deep-dive analysis, correlation, containment
L3 — Threat Hunting — proactive hunting, detection engineering, advanced IR
SIEM — Security Information and Event Management
SOAR — Security Orchestration, Automation and Response
EDR — Endpoint Detection and Response
TIP — Threat Intelligence Platform
Ticketing systems — ServiceNow, JIRA
Splunk — architecture, SPL (Search Processing Language), dashboards, correlation
rules, Splunk ES
Microsoft Sentinel — KQL (Kusto Query Language), workbooks, hunting queries,
Defender XDR integration
IBM QRadar — overview and enterprise use cases
Elastic Security — open-source SIEM
Chronicle (Google SecOps) — cloud-native scale
Splunk architecture — indexers, search heads, forwarders
SPL fundamentals — search, stats, eval, where, lookup
Common Information Model (CIM)
Correlation rules in Splunk Enterprise Security
Building dashboards for SOC operations
Azure architecture for Sentinel
KQL fundamentals — queries, joins, aggregations
Analytics rules — scheduled, NRT (near real-time), Fusion
Hunting queries library
Workbooks for executive reporting
Logic Apps for SOAR playbooks
Full ATT&CK matrix — tactics, techniques, sub-techniques
ATT&CK for Enterprise, Cloud, Mobile, ICS
Threat group profiling — APT29, APT41, etc.
ATT&CK Navigator for visualisation
Mapping detections to techniques — coverage analysis
Hypothesis-driven hunting vs alert-driven response
The PEAK framework — Prepare, Execute, Act, Knowledge
IoCs vs IoAs — Indicators of Compromise vs Attack
Behavioural hunting techniques
Hands-on — hunt for lateral movement in a real dataset
Playbook design for incident response automation
Splunk SOAR (formerly Phantom)
Microsoft Sentinel Logic Apps
Cortex XSOAR
AI-augmented SOAR — the 2026 frontier
TI types — strategic, tactical, operational, technical
MISP, OpenCTI — open-source TI platforms
Recorded Future, Mandiant — commercial TI
IOC feeds, STIX/TAXII standards
Integrating TI into SIEM and SOC operations
NIST IR lifecycle — Prep, Detection, Containment, Eradication, Recovery, Lessons
Learned
SANS PICERL model
Incident classification and severity
War room operations and stakeholder communication
08
Cloud Security (AWS, Azure, GCP)
The primary battleground of 2026. Over 70% of Indian enterprises are now on
hybrid or full cloud. Cloud security is no longer optional. Seven lessons covering all three major
platforms plus containers, Kubernetes, and DevSecOps.
IAM — users, roles, policies, permission boundaries
GuardDuty — threat detection
Security Hub — security posture management
Macie — data classification and DLP
KMS — key management
CloudTrail — API audit logging
Config — configuration compliance
VPC Flow Logs — network traffic analysis
AWS WAF, Shield — application and DDoS protection
Hands-on — secure a 3-tier AWS application
Azure AD / Entra ID — identity management
Defender for Cloud — security posture and threat protection
Microsoft Sentinel — cloud-native SIEM
Conditional Access policies
Key Vault — secrets, keys, certificates
Defender XDR family — Defender for Endpoint, Identity, Office 365
Hands-on — implement Azure security baseline
Cloud IAM — fine-grained permissions
Security Command Centre (SCC)
Cloud Armor — WAF and DDoS protection
VPC Service Controls — data exfiltration prevention
Chronicle Security Operations
Shared responsibility model — what each cloud secures vs what you must
Cloud-native security patterns
Multi-cloud security considerations
Cost-aware security — security tools have meaningful cloud bills
Container threat model
Image scanning — Trivy, Snyk Container, Anchore
Runtime security — Falco and eBPF-based detection
Kubernetes RBAC and Pod Security Standards
Service mesh security — Istio, Linkerd
Container registry security
Hands-on — secure a Kubernetes deployment end-to-end
Shift-left security — finding bugs in development, not production
SAST (Static Application Security Testing) — Snyk Code, Checkmarx, SonarQube,
Semgrep
DAST (Dynamic Application Security Testing) — OWASP ZAP, Burp Suite Enterprise
SCA (Software Composition Analysis) — Snyk Open Source, Dependabot
IaC scanning — Checkov, tfsec, Terrascan
Secrets scanning — TruffleHog, Gitleaks
Hands-on — build a secure CI/CD pipeline with security gates
AWS pentesting — PACU framework
Azure pentesting — MicroBurst
GCP pentesting — GCPBucketBrute
Common cloud misconfigurations
IAM privilege escalation paths
Hands-on — a full cloud pentesting lab on AWS
09
Application Security & Secure Coding
Where most breaches originate. Application security is the most consequential
discipline in cybersecurity. Eight lessons equipping you with both the attacker's and defender's
perspective — covering the full AppSec toolchain from threat modelling through to mobile app reverse
engineering.
The Secure SDLC — security in every phase
Threat modelling frameworks — STRIDE, PASTA, DREAD
Microsoft Threat Modelling Tool
OWASP Threat Dragon
Architecture review and design-time security
The same Top 10 from Section 6, but from the defender's perspective — secure
coding patterns to prevent each vulnerability
Defensive patterns for A01 Broken Access Control
Cryptographic best practices for A02
Parameterised queries and input validation for A03 Injection
Secure design patterns for A04
Hardening checklists for A05 Misconfiguration
Dependency management for A06
Authentication best practices for A07
Code signing and integrity verification for A08
Comprehensive logging for A09
Network egress controls for A10 SSRF
SAST tools — SonarQube, Snyk Code, Checkmarx, Semgrep — deep dive
DAST tools — OWASP ZAP and Burp Suite Pro — automated scanning
Interactive Application Security Testing (IAST) — combining SAST and DAST
Open-source vulnerability management
Snyk Open Source, Dependabot, OWASP Dependency-Check
License compliance for OSS components
Vulnerable dependency remediation strategies
Container image hardening
IaC security — Terraform, CloudFormation, Pulumi
Checkov, tfsec, Terrascan for IaC scanning
Security gates in CI/CD pipelines
API1 Broken Object Level Authorisation
API2 Broken Authentication
API3 Broken Object Property Level Authorisation
API4 Unrestricted Resource Consumption
API5 Broken Function Level Authorisation
API6-API10 — additional API-specific vulnerabilities
GraphQL-specific attacks
Testing with Postman, Burp Suite, OWASP ZAP, MockSpider
Input validation strategies — allowlists vs denylists
Output encoding for context (HTML, JS, SQL, LDAP)
Parameterised queries — preventing SQL injection
Secure session management patterns
CSRF tokens and SameSite cookies
Content Security Policy (CSP)
Subresource Integrity (SRI)
Secure coding patterns in Python, JavaScript/Node.js, Java
iOS and Android security models
OWASP Mobile Top 10
MASVS — Mobile Application Security Verification Standard
Mobile pentesting tools — MobSF, Frida, Objection
Reverse engineering mobile apps
Section Project — complete AppSec review of a target application with SAST +
DAST + SCA results, threat model, and remediation recommendations
10
Governance, Risk & Compliance + Indian Regulations
The strategic layer of cybersecurity — where technology meets law, policy, and
business risk. Eight lessons with a strong India-specific focus, covering the DPDP Act 2023 now in
active 2026 enforcement, plus RBI, SEBI, and CERT-In frameworks governing Indian enterprises.
The ISO 27001 ISMS — Information Security Management System
The 93 controls in Annex A (ISO 27002:2022)
Risk treatment and Statement of Applicability (SoA)
Internal audits, management reviews
The ISO 27001 certification process
The 6 functions — Govern, Identify, Protect, Detect, Respond, Recover
Implementation tiers — Partial → Risk-Informed → Repeatable → Adaptive
Profiles and maturity assessment
NIST SP 800-53 — security controls catalog
NIST SP 800-171 — Controlled Unclassified Information
GDPR — data subject rights, lawful basis, DPIAs
PCI-DSS v4.0 — 12 requirements, scoping, assessment
HIPAA — privacy rule, security rule, breach notification
SOX — IT general controls, change management
Rules notified November 2025 — staggered enforcement now active
Key roles — Data Fiduciary, Data Principal, Data Processor
Lawful processing — consent and legitimate uses
Cross-border data transfer rules
The Data Protection Board of India
Significant Data Fiduciary designation
Penalties up to ₹250 crore
The Data Protection Officer role in 2026
Data mapping and inventory
Consent management technology
Data subject request workflows
Breach notification procedures
Building a DPDP-compliant privacy programme
RBI Cybersecurity Framework for Banks (2016+)
RBI Master Direction on IT Governance
SEBI Cyber Resilience and Cyber Security Framework
CERT-In 6-hour incident reporting mandate
Sectoral CERT-In directions
Cyber Crisis Management Plans (CCMP)
Qualitative and quantitative risk assessment
Risk registers and risk treatment plans
Third-party / supply chain risk management
Vendor risk assessment programmes
Business Impact Analysis (BIA)
RPO and RTO objectives
Immutable backups and ransomware-resilient design
Tabletop exercises for BCP testing
11
AI Security & Agentic AI Defence
The highest-leverage specialisation in cybersecurity in 2026 — with structural
undersupply of skilled professionals. AI is now embedded in production workflows at every Fortune
500 enterprise — and traditional application security practices are no longer sufficient. This is
the section that distinguishes Digital Lync's programme — no other Indian cybersecurity curriculum
covers AI security at this depth. Twelve lessons covering the complete AI security stack.
The complete framework for securing applications that use LLMs
LLM01 Prompt Injection — manipulating LLM output via malicious input
LLM02 Sensitive Information Disclosure — LLMs leaking training data or context
LLM03 Supply Chain Vulnerabilities — compromised models, datasets, plugins
LLM04 Data and Model Poisoning — adversarial training data
LLM05 Improper Output Handling — XSS, SSRF via LLM responses
LLM06 Excessive Agency — LLMs given too much autonomy
LLM07 System Prompt Leakage — extracting system instructions
LLM08 Vector and Embedding Weaknesses — RAG-specific attacks
LLM09 Misinformation — hallucinations and accuracy failures
LLM10 Unbounded Consumption — denial-of-wallet attacks
LLM01-LLM05 — detailed attack patterns and defences
Hands-on prompt injection labs
Sensitive information disclosure scenarios
Supply chain attack examples
Data poisoning detection
Output handling vulnerabilities
LLM06-LLM10 — detailed attack patterns and defences
Excessive agency case studies
System prompt extraction techniques
Vector database attacks
Misinformation propagation
Cost-exhaustion attacks
The brand-new framework for securing autonomous AI agents (released December
2025) — this is the cutting edge of cybersecurity in 2026
ASI01 Agent Goal Hijack — redirecting agent objectives
ASI02 Tool Misuse — agents using tools maliciously
ASI03 Improper Agent Output Handling
ASI04 Runtime Composition Attacks
ASI05 Memory Poisoning — corrupting agent memory
ASI06 Identity Spoofing
ASI07 Cascading Failures
ASI08 Inter-Agent Communication Attacks
ASI09 Privilege Escalation
ASI10 Emergent Behavior Risks
Detailed attack patterns for each ASI vulnerability
Defence-in-depth strategies for autonomous agents
Real-world case studies
The CAISP (Certified AI Security Professional) credential covers exactly this
content
Direct injection — instruction override, role-playing escapes
Indirect injection — hidden instructions in documents, RAG content, web pages,
multimodal images
Real-world prompt injection examples
Input validation strategies
Output filtering
Sandboxing LLM-generated content
Instruction hierarchies
Dual-LLM patterns — separating untrusted and trusted contexts
Intent Capsules — emerging defence pattern
The DeepTeam framework for AI red teaming
Running OWASP_LLM_Top_10 assessments
Running OWASP_ASI_2026 assessments
Adversarial attack generation
Building a custom AI red team toolkit
Hands-on — red-team an LLM application end-to-end
The MCP attack surface — server poisoning, tool poisoning, supply chain
Authentication and authorisation in MCP
Scope limitation and least-privilege tool access
Logging and observability for MCP servers
Active CVEs in 2026 and lessons learned
Case studies from the past year of AI security failures
Flowise CVE-2025-59528 (Critical) — JavaScript injection via CustomMCP, RCE in
agent deployments
Claude Code CVE-2025-59536 (8.7) — repository-controlled config files executing
shell commands at project open
Claude Code CVE-2026-21852 (5.3) — secondary config file execution vulnerability
in Claude Code
ClawJacked CVE-2026-28363 (9.9) — malicious websites brute-forcing localhost
WebSocket connections to hijack local agent instances
Grafana AI Companion (High) — indirect prompt injection via Markdown image
rendering, enterprise data exfiltration
Mercor Data Breach (Critical) — AI industry secrets breach, supply chain and
model provenance failure
Guardrails — input/output filtering
Rate limiting for cost protection
Content moderation APIs
Allowlisting tool calls
Audit logging for AI interactions
Building a defensible LLM application
EU AI Act — risk categories, obligations, penalties
NIST AI Risk Management Framework (AI RMF)
India's emerging AI regulatory framework — Digital India Act, IndiaAI Mission
AI usage policies for enterprises
The CAISP (Certified AI Security Professional) credential
Where AI security fits in the broader security programme
The AI-SOC concept — monitoring for prompt injection, anomalous tool use, agent
behaviour drift
Continuous AI red-teaming
The 2026 production checklist for AI systems
Section Project — conduct a complete AI security assessment on a target
LLM/agent system, with LLM Top 10 + ASI Top 10 coverage, written report, and remediation plan
12
Digital Forensics, Incident Response & Final Project
Where everything comes together. The final cybersecurity section brings together
forensics, incident response, purple team operations, and the comprehensive PayKart Fintech
enterprise project that demonstrates production cybersecurity competency across every layer of the
programme.
The DFIR 4-step process — Acquire, Authenticate, Analyse, Report
Chain of custody — legal admissibility
Order of volatility — what to capture first
Forensic readiness as an organisational capability
dd — bit-for-bit disk imaging
FTK Imager — Windows forensic acquisition
EnCase — enterprise forensics platform
NTFS, EXT4, APFS filesystem analysis
Deleted file recovery patterns
Autopsy — open-source forensic platform
LiME (Linux Memory Extractor)
WinPmem — Windows memory acquisition
Volatility 3 — the gold standard for memory analysis
pslist — process listing
netscan — network connections
malfind — malware detection
Reading memory dumps for IoCs
pcap analysis at scale
Zeek (formerly Bro) — network monitoring framework
Suricata — IDS/IPS for forensics
C2 traffic identification patterns
Reconstructing attack timelines from network data
Static analysis vs dynamic analysis
Cuckoo Sandbox — automated malware analysis
Any.Run — interactive malware analysis
Joe Sandbox — enterprise sandbox
YARA rules — pattern-based malware detection
Building custom YARA rules
NIST IR Preparation — runbooks, tooling, training
Detection & Analysis — alert triage, scoping
Containment — short-term isolation, long-term remediation
Eradication — removing the threat
Recovery — restoring operations
Post-Incident — lessons learned
SANS PICERL model — Preparation, Identification, Containment, Eradication,
Recovery, Lessons
Incident severity classification
Containment strategies — isolation, blocking, credential reset
Communication during incidents — internal, customer, regulatory
CERT-In 6-hour reporting workflow
Using TI to enrich incident context
Mapping IoCs to known threat actor TTPs
STIX/TAXII for sharing intelligence
Sharing within ISACs (Information Sharing and Analysis Centers)
Where Red and Blue collaborate — the most effective security maturity model
Coordinated red + blue team operations
Atomic Red Team — granular ATT&CK technique testing
Caldera — automated adversary emulation
Detection engineering loops — find → detect → tune → repeat
The full cybersecurity certification ladder mapped to Indian salary bands
Foundation — CompTIA Security+ (₹3.5–7 LPA)
Pentesting — CEH / eJPT / PNPT (₹6–12 LPA)
Elite Pentesting — OSCP, the ethical hacking gold standard (₹15–30 LPA)
Cloud Security — CCSP / AWS Security / AZ-500 (₹12–28 LPA)
Management & AI — CISSP / CISM / CISA + CAISP (₹20–40 LPA)
The project that closes interviews — a fictional Indian fintech "PayKart" needs
a complete enterprise security programme
Eight deliverables spanning every module — the portfolio piece that demonstrates
production cybersecurity competency
D1 — Network & endpoint security architecture
D2 — Pentest report (web application)
D3 — SIEM detection rules & SOC playbooks
D4 — Cloud security baseline + DevSecOps pipeline
D5 — AppSec review with SAST/DAST/SCA results
D6 — Complete DPDP Act compliance programme
D7 — AI security red-team report with LLM Top 10 + ASI Top 10
D8 — IR playbook & tabletop exercise
This project spans every layer of modern cybersecurity and includes the AI
security depth no other graduate in the Indian market is shipping
13
Generative AI & Agentic AI
The 2026 differentiator — and the section that produces your final AI Security
Coding Agent. 10 modules covering the complete GenAI engineering stack, tuned for cybersecurity
work. The named AI Security Coding Agent project lives here — distinct from the broader PayKart
Fintech enterprise project in Section 12.
From the 70-year arc of AI history to setting up your first workstation — the
conceptual bedrock every AI-fluent security professional needs
Narrow AI — pre-2022 era of task-specific intelligence
Generative AI — post-2022 era unleashed by ChatGPT
Agentic AI — Plan/Reason/Act/Learn loops, the post-2024 era
Two inflection points — 2022 (ChatGPT) and 2024 (Agentic emergence)
LLM internals, frontier model landscape, agent architecture, AI safety,
workstation setup across six lessons
GPT-5.5 — Terminal-Bench 2.0 leader at 82.7%
Claude Opus 4.7 — SWE-bench Pro leader, lowest hallucination rate
Gemini 3.1 Pro — 2M+ token context window
Offensive AI — drafting attack scripts, recon automation
Defensive AI — alert triage, detection writing, IR playbook generation
Microsoft Copilot integration — Security Copilot, Defender Copilot
Eight lessons from zero-shot to context engineering
Context Engineering — the 2026 frontier discipline
Domain prompts for security analysts, pentesters, IR responders, AppSec engineers
30+ security-focused prompt library on GitHub
ChatGPT, Claude, Gemini for daily security work
AI for detection writing, threat hunting queries, vulnerability research
Research with Perplexity for CVE/vulnerability deep dives
Microsoft Security Copilot
Reading network diagrams and architecture screenshots
Analysing screenshots from incidents
OCR for legacy security documentation
Audio analysis for deepfake detection (relevant to social engineering)
Hallucination — when an LLM invents a CVE that doesn't exist
Prompt injection through security tools
Privacy — keeping sensitive incident data out of public LLMs
EU AI Act and Indian AI regulatory landscape
The AI Safety mindset every security professional must adopt
Streamlit — rapid prototyping for internal security tools
FastAPI — production-grade Python API for AI security services
Building chatbots for security Q&A
Building AI-assisted IR playbooks
Build and deploy a Streamlit + FastAPI internal security tool
OpenAI, Anthropic, Google GenAI, DeepSeek Python SDKs
Function calling and structured outputs
Embeddings & Vector Databases — ChromaDB, Pinecone, Qdrant, pgvector
HNSW, IVF indexing strategies
RAG pipeline for security — the canonical flow over CVE databases, threat
intelligence feeds, runbooks, MITRE ATT&CK
Hybrid search for security technical documentation
Re-ranking with cross-encoders
Agentic RAG — self-improving retrieval over security knowledge
Project — Internal Security Docs RAG App: RAG over CVE databases, MITRE ATT&CK,
your IR playbooks, and prior incident reports
LangGraph 1.0 — the production default
Claude Agent SDK — deepest MCP integration
CrewAI — role-based multi-agent crews
Pydantic AI — type-safe Python
ReAct — investigate a security alert, then propose containment
Plan-and-Execute — generate a multi-step IR plan
Reflection loops — agent reviews its own detection rules before deploying
Multi-agent collaboration — Triage agent, Hunting agent, IR agent, Reporting
agent
Human-in-the-loop checkpoints — humans approve every production-impacting action
MCP — open standard for connecting agents to tools, data, systems
200+ servers, 97M+ monthly SDK downloads
MCP attack surface (cross-reference Section 11) — server poisoning, tool
poisoning, supply chain
Authentication and authorisation in MCP
Least-privilege tool access
Build an MCP server exposing SIEM platforms (Splunk, Sentinel) for agent-driven
alert triage
Build an MCP server exposing threat intelligence feeds
Build an MCP server exposing vulnerability databases (NVD, MITRE)
Connect LangGraph agents to multiple MCP servers
AI SECURITY CODING AGENT CAPSTONE — multi-agent AI Security Coding Agent using
LangGraph + Claude Agent SDK with MCP servers exposing SIEM platforms, threat intelligence feeds,
vulnerability databases, and your IR playbook library
The agent performs autonomous alert triage, generates detection rules from threat
intelligence, drafts IR runbooks for novel attack patterns, and assists analysts with
vulnerability research — with human approval gates for every production-touching action
Frontend with Streamlit, backend with FastAPI, observability via LangSmith —
built with the OWASP LLM Top 10 + ASI Top 10 defences from Section 11 applied throughout — the
named project for the entire Cyber Security & AI Agents programme, distinct from the PayKart
Fintech enterprise project in Section 12
Tools you'll master
32+ security & AI tools, one production project.
Real-time projects
You don't watch videos. You ship software.
Three full-production projects, each threaded through the entire curriculum. By the project, you've built the whole stack around them.
Hero project · weeks 3–12
Agentic SOC + MCP security + MITRE ATLAS threat model
Stand up a production-grade Security Operations Centre — SIEM correlation, agentic triage on LangGraph, MCP-served tools for analysts, and an adversarial-ML threat model mapped to MITRE ATLAS.
01Live SIEM stack — Splunk or Microsoft Sentinel ingesting endpoint, network, and cloud telemetry; tuned correlation rules mapped to MITRE ATT&CK techniques.
02Agentic SOC playbooks — LangGraph agents for triage, enrichment, and containment; SOAR runbooks; MCP-served tools for analysts in Claude / Cursor.
03MCP security & LLM red-team — auth + scope policies on every MCP tool, prompt-injection / jailbreak tests with Garak, output guardrails on the LLM layer.
04MITRE ATLAS threat model — adversarial ML risk assessment against your AI Agent Studio deployment, with a public verification dashboard recruiters can read in 60 seconds.
Outcome: ~85% triage automation
MTTR: <15 min
Reviewer: SOC leadership panel
SIEMLangGraphMCPMITRE ATT&CKMITRE ATLAS
Enterprise · weeks 6–11
Cloud security + IaC scanning
Stand up multi-cloud detection with AWS Security Hub + GuardDuty + Wiz, scan Terraform with Checkov + tfsec, and auto-create incidents with AI-drafted impact summaries.
AWSWizTerraformGuardDuty
Real-time · weeks 8–12
Adversarial LLM red-team lab
Build a Garak/Pyrit-driven test harness against a live LLM agent — prompt injection, jailbreaks, data exfiltration, supply-chain attacks — feeding findings back into the SOC's correlation rules.
GarakPyritMITRE ATLASLLM Red-team
Project · weeks 11–12
Your AI security workspace in a real partner org.
Pick a real partner SOC. Deploy an agentic detection-and-response stack — SIEM correlation, LangGraph triage, MCP-served tools, MITRE ATLAS threat model — into a partner team that's running it for real production traffic.
Download the real world project
Full scope, sample partner orgs, weekly milestones, and grading rubric — PDF, 14 pages.
2026: 220+ deployed76% → placement offers
Your instructor
Taught by engineers who shipped agentic AI to production.
MK
Manikanta Kona
Founder, Digital Lync · Principal Security Architect
SIEM · MCP Security · MITRE ATT&CK · MITRE ATLAS · LangGraph · Cloud Security
"A 2026 security engineer doesn't stop at writing detection rules. They run an
agentic SOC, ship MCP tools that analysts trust with production credentials, and threat-model their own AI
stack against MITRE ATLAS before the adversary does. That's the bar I teach to, every cohort."
15 yrs
PLATFORM & SECURITY
2,400+
LEARNERS
4.9 /5
RATING
Manikanta is the founder of Digital Lync and brings 15 years of enterprise platform & security architecture from AT&T, Salesforce, Cox Communications, and Broadcom — where he led detection engineering, cloud security, and identity programmes for Fortune-500 banks, telcos, and insurers. Most recently he architected production agentic SOCs that pair classical SIEM correlation with LangGraph triage and an MCP tool layer the analyst team actually trusts in production.
His classes get you two things other programs don't give you: a founding architect who still ships production security systems, and a curriculum rewritten every quarter to match what hiring managers actually ask about — including agentic SOC adoption, MCP security policy, and MITRE ATLAS threat-modeling for GenAI systems. M.S. in Engineering, Purdue University.
RK
Ravi Krishna
Chief Technologist, Digital Lync · Agentic SOC & LLM Red-team Lead
SIEM · LangGraph · MCP · MITRE ATT&CK · MITRE ATLAS · Garak · IaC scanning
"An agentic SOC stops being a slide when you stake an SLA on it — when LangGraph
triage, MCP-served tools, and a MITRE ATLAS threat model on your own AI stack are the way the on-call
analyst actually works on a Tuesday at 3am. MCP security and LLM red-team rigor aren't optional anymore.
That's what I teach."
10 yrs
SECURITY ENG
1,800+
LEARNERS
4.8 /5
RATING
Ravi is Chief Technologist at Digital Lync, where he leads the agentic SOC and LLM red-team practice. After ~10 years building production detection-and-response across enterprise SOCs, he stepped into the Chief Technologist seat to wire Splunk, Sentinel, LangGraph, MCP, and Garak into the way security teams actually work — correlation rules tuned to MITRE ATT&CK, MCP tool policies analysts trust, drift-aware LLM guardrails, and threat models mapped to MITRE ATLAS.
His agentic SOC modules are built from real production post-mortems, not slide decks. Expect to leave with working SIEM correlation, LangGraph triage agents, an MCP server with auth + scope policy, a Garak red-team harness, and a MITRE ATLAS threat model you can stake an SLA on. Hyderabad- based, hands-on, and known for the unglamorous parts of security that everyone else skips.
HIRING PARTNERS · INDUSTRY VOICES
What security employers say about Digital Lync grads.
Real feedback from CISOs and SOC leaders at AI-first companies and the firms hiring our Cyber Security + AI graduates.
Digital Lync grads ramp 40% faster on agentic SOC rollouts than typical SOC analyst hires. Best Cyber Security + AI pipeline in India.
Aakash Mehta, Security Director, Microsoft
We've onboarded 80+ Digital Lync alumni in 18 months. Lowest ramp time we've seen for agentic SOC playbooks and LLM red-team practices.
Anita Sharma, Senior Manager, Deloitte
The Cyber Security + AI programme is comprehensive — SIEM, LangGraph triage, MCP security, MITRE ATLAS. Grads come pre-trained for production agentic SOC engineering.
Rahul Bhatt, Solutions Lead, Mphasis
Their agentic SOC + MITRE ATLAS track produces PMs who ship production-grade detection rules on day one. Rare combination of SOC rigor and threat-modeling craft.
Deepak Pillai, Senior Architect, TCS
What sets Digital Lync apart is the agentic SOC layer baked into the security track. Our enterprise clients ask for exactly this profile.
Suresh Menon, Practice Lead, Accenture
Their CompTIA Security+ + AWS Security Specialty prep is rigorous, and the shipped project — SIEM stack, LangGraph triage, MITRE ATLAS threat model — is what closes interviews for us.
Vikram Iyer, Director, Infosys
Digital Lync's Security engineers ship production agentic SOCs twice as fast in the first 90 days. Our internal MTTR metrics back this up clearly.
Lakshmi Nair, VP Security, Wipro
Best Cyber Security + AI pipeline we've sourced from in India. Their projects are real shipped detections, not screenshots.
Karthik Subramanian, Engineering Director, Cognizant
Strong SIEM and threat-modeling foundation. Their Cyber grads need almost zero ramp time on enterprise security engagements with us.
Arun Joshi, Practice Director, Capgemini
We've placed 40+ Digital Lync alumni across our security and watsonx engineering teams. Strong fundamentals, sharp on eval and detection engineering.
Sanjay Verma, Talent Director, IBM
agentic SOCs + LLM red-team is exactly the talent gap we've been struggling to close. Digital Lync is filling it for us reliably.
Anjali Desai, Practice Head, LTIMindtree
Their Cyber Security track delivers engineers who navigate SIEM, LangGraph, and MITRE ATLAS on customer engagements unsupervised.
Ramesh Iyer, Senior Manager, Tech Mahindra
Hired 25+ Digital Lync graduates for our security engineering practice. Strong on SIEM, sharp on LangGraph triage, fluent in MITRE ATLAS.
Geetha Pillai, Talent Acquisition Lead, Cyient
Digital Lync grads who blend agentic SOCs with Azure OpenAI red-team land production-ready on day one. Rare combination, well-trained.
Priya Reddy, Talent Lead, Microsoft
03Program certifications
An Agent‑Ready credential, not a participation trophy.
Digital Lync · Institute Certificate
Agent‑Ready Cyber Security Engineer
Presented to
Spandana Bala
For the successful design, build, and production deployment of an agentic SOC stack —
SIEM correlation, LangGraph triage, MCP-served tools, and a MITRE ATLAS threat model — evaluated against the CompTIA Security+, AWS Security Specialty, and OSCP credential rubrics.
Manikanta Kona
CEO · Digital Lync
AGENT
READY
2026
READY
2026
01
Industry‑recognized
Co‑branded with the security engineering community and mapped to CompTIA Security+
and AWS Security Specialty credentials — names that hiring managers already scan for on resumes.
02
Project artifact included
Every certificate carries your shipped project — agentic SOC stack with SIEM, LangGraph triage, MCP tools, MITRE ATLAS model — with
a link to the live partner-org deployment. Proof, not a promise.
03
Enhanced skill validation
Graded against the 2026 Agent‑Ready rubric: SIEM correlation, LangGraph triage playbooks, MCP security, MITRE ATLAS threat models,
LLM red-team & cloud detection. No pass/fail — a level 1‑5 band.
04
Verifiable on a public URL
Each credential has a public verification page recruiters can check in 10 seconds — no PDF
back‑and‑forth.
04Job placement support
Your first Security Engineer offer isn't a lottery ticket. It's a built process.
GitHub, LinkedIn, resume — and most importantly, warm intros into security teams at AI-first companies. Our
placement team works your search like an account, not a helpdesk.
01 / GITHUB & PORTFOLIO
A portfolio, not a graveyard.
Guidance on building a portfolio that showcases your SIEM stack, LangGraph triage playbooks, MCP-served tools, MITRE ATLAS threat model, and a public verification URL — reviewed 1:1, not via template.
02 / RESUME PREP
Rewrite, don't proofread.
A one-page resume rebuilt around the security workspaces you shipped (agentic SOC stacks, LLM red-team labs, MITRE ATLAS models), the partner-org project, and the business outcome. Reviewed by security leaders who've read 10,000+ resumes.
03 / LINKEDIN + INTROS
Where most opportunities actually live.
Profile tuning plus direct warm introductions into security teams at AI-first companies — Microsoft, CrowdStrike, Wiz, SentinelOne, Splunk, Palo Alto Networks, Okta, Anthropic, Hugging Face, Stripe, Razorpay, plus services that staff SOC teams (Deloitte, Accenture, Cognizant, TCS). You leave with recruiter contacts, not a generic "good luck."
Cyber Security alumni
Hundreds of Cyber Security careers launched — here are eight.
NV
Naveen Vedala
Senior Security Engineer
Hyderabad · India
Now at · Atlassian
TA
Tejashwini Addla
Staff Security Engineer (Agentic SOC)
Hyderabad · India
Now at · Salesforce
TD
Tharunesh Dillikar
Principal Security Engineer
Seattle · United States
Now at · Wiz
MM
Mujahed Mohammed
Detection Engineer
Hyderabad · India
Now at · Databricks
BK
Bhargav Kumar Murala
Threat Hunter
Hyderabad · India
Now at · Adobe
SL
Sai Manasa Leburi
LLM Red-team Lead
New York · United States
Now at · Hugging Face
RD
Rahul Dhamma
Director of SOC
Hyderabad · India
Now at · CrowdStrike
Our locations
Come chat with us — over coffee, or over Zoom.
One flagship campus in Hyderabad, plus online Principal Security Engineer cohorts running on Indian and US timezones.
Flagship campus
Hyderabad
2nd Floor, Hitech City Road · Above Domino's · Opp. Cyber Towers, Jai Hind Enclave ·
Hyderabad, Telangana
Call
+91 90003 29956
US desk
+1 858 666 6719
Hours
Mon–Sat · 9am–9pm
Online class
Global
Weekend and evening Cyber Security cohorts running on IST and PST. Every online cohort ships
the same shipped project — agentic SOC stack, LangGraph triage, MITRE ATLAS threat model — as the on‑campus track.
Timezones
IST & PST
Format
Live + 1:1 mentorship
Next class
25 May 2026
FAQ
Questions we actually get — answered honestly.
Straight answers on prerequisites, the security stack, certifications, and placement. If something's missing, book a 20-minute advisor call — no slides, no pitch.
Do I need a CS or networking background?
No on both counts. Roughly 40% of every class comes from non-CS streams — engineering, BCom, BBA, ITSM staff, and self-taught defenders. Weeks 1–2 cover the TCP/IP fundamentals, OS internals, and SIEM operations from scratch. What you do need: consistency and 12–15 hours a week.
Will I actually run a real SOC, or only do tutorials?
You actually run it. Every learner stands up a live SIEM stack (Splunk or Microsoft Sentinel) ingesting endpoint, network, and cloud telemetry, builds LangGraph triage playbooks, deploys an MCP-served toolset for analysts, and runs LLM red-team tests with Garak/Pyrit. The project runs on a partner SOC — not a tutorial.
Which tools, frameworks, and AI models will I use?
SIEM & EDR: Splunk, Microsoft Sentinel, Elastic, CrowdStrike, SentinelOne. Network & offense: Wireshark, Nmap, Burp Suite, Metasploit, OWASP ZAP, Kali, Nessus, Suricata, Zeek, Snort. Cloud security: AWS Security Hub, GuardDuty, Azure Defender, Wiz, CrowdSec. AI & agentic: OpenAI, LangChain, LangGraph, MCP. Frameworks: MITRE ATT&CK, MITRE ATLAS.
Will I prep for AIPMM SOC Analyst and Pragmatic Principal Security Engineer certs?
Yes. The curriculum is mapped to the AIPMM SOC Analyst track and the Pragmatic Principal Security Engineer credential. We run two full mock exams and reimburse the voucher fee on first-attempt pass.
What's the time commitment per week?
Plan for 12–15 hours: 2 live classes × 2 hours, 1 lab × 3 hours running detections in your training SIEM, and ~5 hours of project work (LangGraph, MITRE ATLAS, red-team). Saturday office hours with the TA team are optional, but most learners use them.
Is placement support really 1:1, and which companies hire security engineers?
Yes — a dedicated placement advisor from week 8, not a helpdesk. AI product hiring partners include Microsoft, Adobe, Salesforce, Atlassian, Notion, Linear, Anthropic, Hugging Face, Databricks, Snowflake, Stripe, Razorpay, Freshworks, Zoho, and Postman. Resume, LinkedIn, mock interviews, and warm intros are individual.
Online, weekend, or on-campus?
All three. On-campus at the Hyderabad flagship, live online (IST and PST cohorts), and a weekend track for working professionals. Every format ships the same shipped project — agentic SOC stack, LangGraph triage, MITRE ATLAS threat model — only the schedule changes.
What if I fall behind, or can't continue mid-class?
Freeze your seat for up to 90 days and rejoin the next class — no extra fee. TAs run catch-up sessions every Saturday for anyone more than a week behind, and recordings of every live session are available for the lifetime of your account.
Still have a question? Talk to an advisor — no slides, no pitch.
Class CYB-027 starts 1 Jun 2026.
40 seats. 12 already claimed.
Book a 20-minute advisor call. We'll walk through the curriculum, match it to your current role, and show you two real projects from class 022.
