Cybersecurity Fundamentals — from threats and crypto to defending real systems

Security isn't a bolt-on; it's a way of thinking about every system you build or run. This path teaches that mindset from the ground up, entirely from the defender's side. Start with the core goals — confidentiality, integrity, availability — and the vocabulary of threats, vulnerabilities, and risk, then build a working understanding of the cryptography that underpins modern security. From there you'll cover identity and access, the common attacks every developer should recognise (explained so you can defend against them, not carry them out), and the layered defenses that stop them — hardening systems, writing secure code, and protecting data. The path closes with security in practice, including personal safety online and the wireless-and-RF security world a scanner like GopherTrunk lives in, where the law and ethics matter as much as the technology. No security background required; the Linux and Networking paths pair well.

Security isn’t a feature you add at the end — it’s a way of thinking about every system you build or run. This path teaches that mindset from the ground up, entirely from the defender’s side: the goal is to understand how things break so you can keep them from breaking, not to break them.

Who this is for. Developers, operators, and curious learners who want a solid, practical grounding in security. No prior security background is needed. The attacks in this path are explained conceptually — enough to recognise and defend against them — not as recipes. The Linux and Networking paths give you systems to practise on and pair well with this one.

How the path works. Six modules build in order. The first two lay the foundations — the vocabulary and mindset of security, then the cryptography that underpins everything trustworthy. The middle modules cover identity and access, and the common attacks with the layered defenses that stop them. The last two get practical: hardening systems, writing secure code, protecting data, staying safe as an individual, and the wireless-and-RF security world a scanner like GopherTrunk lives in — where the law and ethics matter as much as the technology. Mark lessons complete as you go — your progress is saved in your browser. New here? Start with lesson 1: What is cybersecurity?

Module 1 — Security Foundations

The mindset and vocabulary of security: what it protects, the goals it aims for, how threats and risk are described, who attacks, and how a defender thinks.

  1. What is cybersecurity? What security actually protects, why every system needs it, and the defender's job — the one idea everything else builds on. beginner 8 min
  2. The CIA triad Confidentiality, integrity, and availability — the three goals that define what "secure" even means. beginner 9 min
  3. Threats, vulnerabilities & risk The words security people actually use — threat, vulnerability, exploit, risk, and attack surface — and how they fit together. beginner 9 min
  4. Who attacks, and why From opportunists and criminals to insiders and nation-states — the actors, their motives, and what that means for your defenses. beginner 8 min
  5. The security mindset Thinking like an attacker to defend like a pro — assume breach, least privilege, and defense in depth as habits, not slogans. intermediate 9 min

Module 2 — Cryptography Essentials

The math-free version of the cryptography that underpins everything secure: encryption, keys, hashing, signatures, and where each shows up in real life.

  1. What is cryptography? Plaintext, ciphertext, and keys — what encryption does, what it doesn't, and why you never roll your own. beginner 9 min
  2. Symmetric & public-key encryption One shared secret versus a public/private key pair — the two families of encryption and what each is good for. intermediate 10 min
  3. Hashing & integrity One-way hashes, checksums, and how they detect tampering and store passwords safely — and why hashing isn't encryption. intermediate 9 min
  4. Digital signatures & certificates Proving who sent something and that it wasn't changed — signatures, public-key infrastructure, and the certificates behind HTTPS. intermediate 10 min
  5. Cryptography in practice Where the theory shows up — TLS, SSH, disk and end-to-end encryption — and how the encryption on a radio system fits the same ideas. intermediate 9 min

Module 3 — Identity, Authentication & Access

Proving who you are and controlling what you can do: authentication, passwords and MFA, authorization, managing secrets, and the human layer attackers love.

  1. Authentication basics The three factors — something you know, have, and are — and how a system decides you are who you claim to be. beginner 8 min
  2. Passwords, MFA & passkeys Why passwords fail, how they should be stored, and how multi-factor authentication and passkeys close the gap. beginner 9 min
  3. Authorization & access control The difference between who you are and what you're allowed to do — least privilege, roles, and access models. intermediate 9 min
  4. Managing secrets & keys API keys, tokens, and passwords in software — keeping them out of code, rotating them, and using a secrets manager. intermediate 9 min
  5. Social engineering & the human layer Phishing, pretexting, and why the easiest way past strong technology is often a person — and how to defend against it. beginner 9 min

Module 4 — Attacks & Defenses

The attacks every developer should recognise — explained so you can defend against them — and the layered defenses that stop them.

  1. Common attacks, in plain terms A field guide to the attacks you'll hear about — malware, phishing, credential attacks, and denial of service — and what each targets. beginner 9 min
  2. Web application attacks How injection, cross-site scripting, and CSRF work at a high level, why they happen, and the coding habits that prevent them. advanced 10 min
  3. Network attacks Interception, spoofing, and floods — the network-layer attacks from the networking path, seen through a defender's eyes. intermediate 9 min
  4. Malware & endpoint security Viruses, worms, ransomware, and trojans — how malware spreads, what it does, and how endpoints are defended. intermediate 9 min
  5. Defense in depth Why no single control is enough — layering prevention, detection, and response so one failure isn't a breach. intermediate 9 min

Module 5 — Securing Systems & Software

Applying the defenses: hardening a machine, writing secure code, protecting networks and services, watching for trouble, and safeguarding data.

  1. Hardening systems Shrinking the attack surface — least privilege, disabling what you don't need, patching, and the config that keeps a box safe. intermediate 9 min
  2. Secure coding The handful of habits that stop most software vulnerabilities — validate input, avoid injection, handle errors, and watch dependencies. intermediate 10 min
  3. Securing networks & services Putting network security to work — firewalls, encryption in transit, segmentation, and exposing a service without regret. intermediate 9 min
  4. Monitoring & incident response You can't stop everything, so you plan to notice and recover — logging, detection, a basic incident-response flow, and backups. advanced 9 min
  5. Privacy & data protection Security serves privacy — classifying data, minimizing what you collect, protecting personal information, and the rules around it. intermediate 9 min

Module 6 — Security in Practice

Everything applied: a developer's security checklist, staying safe as an individual, the wireless-and-RF security world, and where to keep learning.

  1. Security for developers A practical, repeatable checklist for building security into what you ship — a secure development lifecycle without the jargon. intermediate 10 min
  2. Staying safe online The personal security that actually matters — updates, a password manager, MFA, backups, and a healthy suspicion. beginner 8 min
  3. Wireless & RF security Security on the airwaves — Wi-Fi and radio encryption, jamming and replay, what monitoring can and can't reveal, and the law and ethics that govern it. intermediate 10 min
  4. Where to go next Turning fundamentals into skill — CTFs, certifications, responsible disclosure, and how to keep up with a field that never sits still. beginner 8 min
  1. Glossary of cybersecurity terms Plain-language definitions for every term in the path — CIA triad, threat, vulnerability, encryption, hash, MFA, least privilege, phishing, injection, malware, and more — cross-linked to the lessons.