Free with every account

Security training, evidence-based and built for real humans

No jargon. No 60-minute compliance videos. Every course is under ten minutes, cites its primary sources, and is rebuilt every time the threat landscape changes. Grounded in the 2024 Verizon DBIR, NIST SP 800-50 Rev 1, CISA advisories, and the most recent breach case studies.

14 courses · 99 minutes total · citations included

Core threats

Phishing, social engineering, and BEC — 60%+ of real breaches start here.

Spotting a phishing email

Phishing is still the single most common way attackers break into accounts. Learn the five signals that consistently give phishing emails away, and why reporting matters more than simply not clicking.

Not started
Duration
6 min
Difficulty
beginner
Tags
phishing · email · awareness · foundational

Smishing, vishing, and QR code scams

Phishing is no longer just an email problem. Learn how attackers pivot to SMS, phone calls, and QR codes — the three fastest-growing consumer fraud channels — and the simple rules that shut them down.

Not started
Duration
7 min
Difficulty
beginner
Tags
smishing · vishing · quishing · sms · phone · qr-code

Social engineering: the six levers attackers pull

Phishing, BEC, vishing, and pretexting are all applications of the same six psychological levers. Learn to spot them and you recognize every scam.

Not started
Duration
6 min
Difficulty
beginner
Tags
social-engineering · psychology · pretexting

Business Email Compromise: the $2.77 billion scam

BEC is now the single most expensive form of cybercrime. Learn the four common variants, why filters can't catch them, and the callback rule that stops them cold.

Not started
Duration
7 min
Difficulty
intermediate
Tags
bec · wire-fraud · ceo-fraud · invoice-fraud · pretexting

Malware and ransomware: what they are and how they get in

Ransomware is involved in 23% of breaches per the 2024 Verizon DBIR. Learn how modern malware enters, what the attack chain looks like, and the three habits that stop most infections.

Not started
Duration
8 min
Difficulty
intermediate
Tags
malware · ransomware · infostealer · eda · backups

For executives: whaling, deepfakes, and travel security

You're the highest-value target your company has. Learn how whaling, deepfake impersonation, and travel attacks specifically target executives, and the personal-protection routine that keeps your job (and your company) out of the headlines.

Not started
Duration
9 min
Difficulty
advanced
Tags
executive · whaling · deepfake · travel · vip

Authentication & identity

Passwords, MFA, passkeys, infostealers. The biggest single attack surface in 2024–2025.

Passwords, managers, and why you still need them

Why unique passwords still matter in the age of passkeys, how password managers make uniqueness painless, and the credential hygiene habits that stop the single most common cause of breaches.

Not started
Duration
7 min
Difficulty
beginner
Tags
passwords · password-manager · credentials · foundational

MFA, passkeys, and the end of passwords

Multi-factor authentication cuts account takeovers by more than 99%. Learn which MFA methods are strongest (and which are dangerously weak), why passkeys are the future, and how to turn both on in the right order.

Not started
Duration
8 min
Difficulty
beginner
Tags
mfa · 2fa · passkeys · webauthn · authentication

Infostealers and session theft — when MFA is not enough

Infostealers harvest saved browser passwords and live session cookies. Once they have your cookies, they don't need your password OR your MFA. Learn how this works and how to defend against it.

Not started
Duration
7 min
Difficulty
advanced
Tags
infostealer · session-theft · cookies · mfa-bypass · byod

Data & privacy

Classifying, handling, and sharing data without becoming a headline.

Data handling and classification

Misrouted emails and oversharing cause more breaches than malicious attacks. Learn what data classification means, which information needs protection, and the five habits that prevent accidental exposure.

Not started
Duration
6 min
Difficulty
intermediate
Tags
data-classification · pii · gdpr · ccpa · oversharing

Remote work & home network

Home routers, public Wi-Fi, VPNs. The office perimeter moved to your living room.

Safe remote work: home network, public Wi-Fi, VPNs

Working from home or on the road moves the security boundary from the office firewall to your router, your hotel Wi-Fi, and your travel laptop. Learn what actually matters and what's security theater.

Not started
Duration
7 min
Difficulty
intermediate
Tags
remote-work · wfh · vpn · public-wifi · home-network

AI-era threats

Deepfakes, AI phishing, prompt injection. New attacks made cheap by generative AI.

Deepfakes, AI phishing, and the new threat landscape

AI made phishing, voice cloning, and impersonation cheap and scalable. Learn what to expect from AI-driven attacks in 2025–2026 and the defenses that still work when the attack is perfect.

Not started
Duration
8 min
Difficulty
intermediate
Tags
ai · deepfake · voice-clone · prompt-injection · llm

Consumer protection

Identity theft, credit freezes, data brokers. What to do after your data leaks.

Identity theft: credit freezes, data brokers, and self-defense

Your Social Security number, date of birth, and address have been leaked in at least one major breach by now. Learn the four concrete steps that actually protect you — starting with the credit freeze that takes 10 minutes and costs nothing.

Not started
Duration
8 min
Difficulty
beginner
Tags
identity-theft · credit-freeze · data-brokers · consumer

Incident response

How to report fast — and why speed is the biggest cost lever on breach damage.

How to report a security incident — and why speed is everything

Incidents only turn into breaches when nobody acts. Learn the two-minute playbook for reporting an incident, why time matters more than politeness, and what a good report looks like.

Not started
Duration
5 min
Difficulty
beginner
Tags
incident-response · reporting · dwell-time · blast-radius

You’ll need a Breach Guardian account to start a lesson.

Create a free accountI already have one →
Security Training · Breach Guardian