2026 Edition · Offensive + defensive · For absolute beginners and beyond

How security is
actually done.

A field guide to security engineering — cryptography, app-sec, secure SDLC, offensive testing, detection & response, cloud and identity, and governance — taught from first principles to job-ready. All offensive material is for authorized testing, CTFs, and defense.

Start the first chapter →Browse all 14 chapters

The full path

Fourteen chapters, one discipline.

Read in order as a beginner and finish job-ready, or jump to what you need.

01Security FoundationsCIA, threats, attacker mindset 02CryptographySymmetric, asymmetric, TLS, PKI 03Web & App SecurityOWASP Top 10, injection, authz 04Secure SDLCThreat modeling, SAST/DAST, supply chain 05Pentesting & Red TeamRecon, exploitation, reporting 06Detection & ResponseSIEM, detection engineering, ATT&CK 07Incident & ForensicsIR lifecycle, forensics, breach 08Network SecuritySegmentation, WAF, DDoS, zero-trust 09Cloud & IdentityIAM hardening, CSPM, federation 10Compliance & RiskSOC2/ISO/PCI/HIPAA, audits 11AI SecurityThe new attack surface 12CareerRoles, certs, portfolio 13Case StudiesReal breaches, reconstructed 14GlossaryEvery term, defined

Ready?

Start with the attacker's mindset.

Security is a way of thinking before it's a toolkit. The first chapter builds it.

Start the first chapter →