CyberSecurity Deep Dive

Welcome

Security for Beginners taught you to read the city — what "secure" means, and how identity, encryption, and attacks fit together. This course hands you the keys and teaches you to drive. It is the hands-on, practitioner half: cryptography you actually run, identity you configure, networks you segment, attacks you understand through a defender's eyes, and the detection, response, and hardening that keep a real organization standing. One fictional company, Meridian, is attacked and defended across the whole book the way a real security team works.

14 chapters 76 topics covered 7 hours audio Knowledge check on every topic

About This Course

Most security courses are either a pile of scary stories or a checklist of settings to obey. This one is neither. It teaches security the way a working defender practices it: model the threat, build the control, watch the attacker try anyway, and detect and respond when something gets through. Every chapter is one move in that loop, and every technique answers a specific question — what is the attacker trying to do, what does this control take away from them, and what does it cost you.

To keep it concrete, the whole book follows one fictional company. Meridian is a mid-size SaaS business with a customer-facing app at app.meridian.example, an API, a database full of customer data, a corporate network, and a cloud account — a real attack surface. You defend it as Priya, Meridian's security engineer, while the intruder runs a full campaign against those same systems across the middle of the book. The examples accumulate instead of resetting, so by the end you have watched one intrusion from reconnaissance to eviction.

This is the hands-on half of a pair. Where Security for Beginners explained what things are, this course puts them in your hands: real openssl, nmap, and nftables; password hashing done correctly; a SQL injection exploited and then fixed; a detection rule written and tuned. Attacks are taught in earnest — but always through a defender's eyes, and always against Meridian's own lab, never anything you do not own.

Who This Is For

Engineers who have finished Security for Beginners or already hold the concepts, and now want to defend real systems. It assumes you know roughly how TCP/IP works (the Networking Deep Dive covers it), can use Linux and a shell (the Linux Deep Dive covers that), and understand the ideas of security — the CIA triad, authentication, encryption — at the level the beginner course teaches. It does not assume you have ever run a security tool, configured a firewall, or investigated an incident. If those words are still fuzzy, start with the beginner course; this one moves fast and builds on them.

What You Should Already Know

  • The basics of TCP/IP networking — addresses, ports, DNS, and what a packet is
  • Comfort with Linux and the command line — running commands, editing files, reading output
  • The core security concepts from the beginner tier — the CIA triad, authentication versus authorization, what encryption and hashing are for
  • A safe, isolated lab or a virtual machine you own, since every hands-on command is meant to be run somewhere you control

How the Course Is Built

The fourteen chapters build in a deliberate arc. First the defender's foundation: the mindset and threat modeling, then the cryptographic, identity, and network controls that protect Meridian. Then the intruder's campaign, through a defender's eyes — reconnaissance, web exploitation, host compromise, malware, and phishing — each attack paired with the control that stops it. Then Priya fights back with detection and incident response, and finally the book closes the doors the campaign used, securing the build pipeline and the cloud, and lifts the whole thing into a security program.

Every topic has the same shape: an opening that frames the attacker's move and the defender's answer, the mechanics explained with real commands and configs, a comparison box where two things are genuinely confused, the specific mistakes that cause real breaches, the practices that prevent them, and a short knowledge check. It is written senior-engineer to peer — direct, specific, and honest about tradeoffs.

Defender's eyes on every attack
Offense is taught in real detail — recon, injection, privilege escalation, phishing — but always so you understand the adversary well enough to stop them. Every command runs against Meridian's own lab, never anything you do not own.
One company, all the way through
Meridian is attacked and defended the same way from the first chapter to the last. Controls you build early are the ones the intruder tests later, so the story compounds instead of resetting.
Hands on the real tools
Concepts become practice: openssl, nmap, nftables, argon2, Sigma and YARA on the page. You leave able to run and reason about the controls, not just name them.
Manage risk, assume breach
There is no unbreakable system. The whole book is about making an intrusion expensive, small, and visible — and planning for the day a control fails, because eventually one does.

Chapter Map

Chapter 1
Thinking Like a Defender
The mindset the book runs on: the attacker-defender asymmetry, threat modeling with STRIDE, attack surface and trust boundaries, risk as likelihood times impact, the principles that recur in every control, and the kill chain and MITRE ATT&CK.
Chapter 2
Cryptography in Practice
Cryptography you use, not just describe: symmetric encryption and its modes, hashing and MACs, password storage done right, public-key crypto and key exchange, signatures and PKI, TLS under the hood, and the usage mistakes that void it all.
Chapter 3
Identity and Access Management
The control plane for everything: authentication factors and MFA, sessions and tokens and JWT, OAuth and OpenID Connect, RBAC and ABAC authorization, single sign-on and federation, and secrets management.
Chapter 4
Network Security
Defending a network you already understand: firewalls and filtering with real nftables, segmentation and zero-trust networking, VPNs and tunnels, intrusion detection and prevention, and TLS inspection and its tradeoffs.
Chapter 5
Reconnaissance and the Attack Lifecycle
The intruder's campaign begins: reconnaissance and OSINT, scanning and enumeration with nmap, initial access, exploitation basics, and post-exploitation and lateral movement — all through a defender's eyes.
Chapter 6
Web Application Security
The internet-facing crown jewel under attack: the web attack surface, injection, cross-site scripting, CSRF and SSRF, broken access control and IDOR, authentication and session flaws, security headers, and the OWASP Top 10 as a map.
Chapter 7
System and Host Hardening
Making a foothold reach nothing: the host attack surface, privilege escalation and how to stop it, hardening a Linux host, endpoint protection and EDR, and patch and vulnerability management.
Chapter 8
Malware and Analysis Basics
Hostile software up close: malware types and behavior, how it persists and hides, static and dynamic analysis in an isolated lab, indicators of compromise, and the evasion that fights the whole detection stack.
Chapter 9
Social Engineering and the Human Layer
The surest way in is a person: phishing and spear phishing, email authentication with SPF, DKIM, and DMARC, pretexting and physical security, and building human defenses that actually hold.
Chapter 10
Detection and Monitoring
Where Priya catches the campaign: logging that actually helps, SIEM and correlation, detection engineering with Sigma, threat hunting, and measuring detection with MTTD and MTTR.
Chapter 11
Incident Response and Forensics
Evicting the intruder without destroying the evidence: the IR lifecycle, digital forensics basics, containment and eradication and recovery, ransomware response, and the blameless post-incident review.
Chapter 12
Securing the Build
Closing the doors the code left open: secure coding principles, dependency and supply-chain risk, secrets in code and CI/CD, SAST and DAST and SCA, and shifting security left — with a clean handoff to DevSecOps.
Chapter 13
Cloud and Modern Infrastructure Security
Securing Meridian's cloud, vendor-neutral: the shared responsibility model, cloud IAM and misconfiguration, container and Kubernetes security, data protection and secrets, and the attack paths that chain misconfigurations to admin.
Chapter 14
Governance, Risk, and the Bigger Picture
Turning controls into a program: security frameworks like NIST CSF and ISO 27001, compliance and regulation, running security as a program, building a security career, and where to go next.

Disclaimer

This course is an independent educational project created and maintained by Sergey Okinchuk. It is provided for learning and reference purposes only.

No affiliation. This course is not affiliated with, sponsored by, endorsed by, or officially connected to any company, product, project, or standards body mentioned. All opinions, interpretations, and recommendations expressed are those of the author.

Trademarks. Product names, tools, standards, and regulations referenced — including "MITRE ATT&CK", "OWASP", "NIST", "ISO 27001", "GDPR", and "PCI DSS" — are the property of their respective owners and bodies. Use of these names is for identification and educational purposes only and does not imply any endorsement.

Authorized use only. This course teaches offensive techniques strictly so defenders can understand and stop them. Every command and technique is intended to be run only against systems you own or are explicitly authorized to test — such as a personal lab. Using these techniques against systems you do not own is illegal and is never condoned by this material.

Not security advice. This material teaches durable concepts and practices for understanding and defending systems, not turnkey instructions for any specific environment. Explanations are simplified for learning and are not a substitute for professional security advice. Always consult official documentation and qualified professionals before making real security decisions.

Accuracy and currency. Security evolves continuously — threats, tools, versions, and details drift over time. Facts in this course reflect the author's understanding at the time of writing and may not be current. Always verify against authoritative sources before acting.

No warranty. This material is provided "as is" without warranty of any kind. The author accepts no liability for any loss or damage arising from reliance on the content.