Start Here | DJBSec, CISSP

Guided

Pick your path

The site has 30+ explainers and a half-dozen tools. Without a path, that's a maze. These four routes are sequenced for a specific kind of reader. Pick the closest match — you can switch later.

New to Cybersecurity

For curious beginners with no prior background.

Build a working mental model of how attacks happen and how defenders respond. No tools, no jargon — start here, then branch into a role.

Start →

Blue Team Analyst

For aspiring SOC analysts or working defenders.

Move from concepts to daily operations: vulnerability triage, IOC research, log review, and incident response.

Start →

IT Leader

For directors, managers, and architects shaping security strategy.

Frameworks and architectural primitives for building a defensible program. Light on tools, heavy on principles and tradeoffs.

Start →

Small Business Owner

For owners and operators of teams under ~50 people.

Get the highest-leverage controls in place without a full-time security team. Focused on email, accounts, and recovery.

Start →

Explained

The CIA Triad

The three security goals every control maps back to.

Explained

Strong Passwords

Why length beats complexity and how attackers crack weak ones.

Explained

Password Managers

One vault, unique passwords, no reuse.

Explained

Multi-Factor Authentication

Even a leaked password should not be enough.

Explained

Phishing & Social Engineering

Most breaches start with a person, not a zero-day.

Explained

Malware

Viruses, worms, trojans — what they are and how they spread.

Explained

Ransomware

The dominant criminal threat to small organizations today.

Explained

Backups

The single most cost-effective ransomware control.

Checkpoint

Personal Hardening Checklist

Pick a password manager, turn on MFA on email + bank + work, set up backups for one important folder. Then continue.

Explained

CVEs & CVSS Scoring

How vulnerabilities get IDs and how severity is scored.

Explained

EPSS — Exploit Likelihood

Why CVSS alone is not enough and where EPSS fits.

Tool

EPSS Scanner

Look up a real CVE — try CVE-2021-44228 (Log4Shell).

Explained

Patch Management

Turn vulnerability data into a patching cadence.

Explained

Attack Surface

What you expose is what you have to defend.

Explained

Incident Response

The PICERL lifecycle — Prepare, Identify, Contain, Eradicate, Recover, Lessons.

Tool

IP Reputation

Pivot a suspicious IP across multiple intel sources.

Tool

Hash Lookup

Identify whether a file hash is known-good (NSRL) or known-malicious.

Explained

OSINT

Open-source intelligence techniques for analysts.

Explained

Red Team vs Blue Team

How offense and defense work together (purple teaming).

Tool

Blue Team Hub

Bookmark this — it is your daily toolkit landing page.

Explained

The CIA Triad

The vocabulary every policy and control maps to.

Explained

Least Privilege

The single most leveraged architectural control.

Explained

Zero Trust

Never trust, always verify — and what that means in practice.

Explained

Network Segmentation

Containing blast radius when (not if) something gets in.

Explained

Multi-Factor Authentication

Choosing app-based MFA over SMS — why and how to roll out.

Explained

Supply Chain Attacks

SolarWinds-class risk and how to reason about vendor dependencies.

Explained

Patch Management

The operational reality behind a "patched" environment.

Explained

Incident Response

Tabletop exercise material for your leadership team.

Explained

Backups

Your final, tested control against ransomware.

Checkpoint

Strategy Review

Map each principle to one control already in place and one gap. That is your next quarter's roadmap.

Explained

Annual Re-Audit

Schedule the next review for one year out. The threat landscape moves; your baseline must too.