Overview
You write software. Someone will try to break it. This by-example guide teaches essential IT security skills through hands-on code, configurations, and real-world scenarios — built specifically for software engineers who are new to security.
Why Software Engineers Need This
Every production system you build has a security surface: the ports it listens on, the certificates it trusts, the users it authenticates, the logs it generates. When something goes wrong — a breach, a misconfiguration, a compromised dependency — engineers are the ones who must understand, fix, and harden the system.
This track starts from the code and tools you already know (bash, Python, HTTP) and builds security intuition incrementally. No security certification or prior background is required.
What Is IT Security By-Example Learning?
IT security by-example learning is a scenario-first approach where you learn through annotated, runnable code and real-world configurations rather than abstract theory. Each example shows:
- What it does — step-by-step annotations documenting system state, network traffic, or configuration effects
- Why it works — the security rationale behind each control or attack mechanic
- When to apply it — practical guidance on deploying each technique in production
- Trade-offs — security vs. usability vs. performance in context
Learning Progression
The three levels map directly to a software engineer's growing security responsibility:
| Level | Who It Is For | What You Build |
|---|---|---|
| Beginner | Any engineer writing or deploying code | Fluency in firewalls, TLS, SSH, file permissions, basic crypto |
| Intermediate | Engineers owning services in production | Vulnerability assessment, IAM, cloud security, SIEM basics |
| Advanced | Senior engineers and security-minded leads | Threat modeling, zero-trust design, CI/CD security gates, incident response |
Start at Beginner even if you have years of engineering experience. Security concepts build on each other, and the first 28 examples cover the fundamentals that every production engineer should know.
Coverage
What Is Covered
- Network security — firewall rules, packet analysis, TLS configuration, VPN setup
- System hardening — OS hardening, patch management, least-privilege configuration
- Cryptography in practice — symmetric/asymmetric encryption, hashing, PKI, certificate management
- Vulnerability assessment — scanning, CVE analysis, CVSS 4.0 risk scoring, remediation prioritization
- Cloud security basics — cloud IAM misconfigurations, CSPM concepts, shared responsibility model
- Incident response — detection, containment, eradication, recovery, and post-incident review
- Identity and access management — authentication, authorization, MFA, privilege escalation prevention
- Security monitoring — log analysis, SIEM queries, anomaly detection baselines
What Is Not Covered
- Offensive exploitation techniques (see Red Team by Example)
- Security governance and risk management (see CISO by Example)
- Threat detection and SOC operations (see Blue Team by Example)
Prerequisites
- Comfort with a Linux/Unix terminal (you can run commands and read output)
- Basic understanding of HTTP and TCP/IP (you know what a port is)
- Ability to read shell scripts or Python code
No security background required. If you have deployed a web server or written an API, you already have the context to understand every beginner example.
Structure of Each Example
Every example follows a consistent five-part format:
- What This Covers — what the example demonstrates and why it matters (2-3 sentences)
- Scenario — the system environment or threat scenario (always realistic, never abstract)
- Annotated Code or Configuration — runnable scripts, configs, or tool output with inline comments documenting what each line does and why
- Key Takeaway — the core security insight to retain (1-2 sentences)
- Why It Matters — production relevance (50-100 words)
Examples by Level
Beginner (Examples 1–28)
- Example 1: Analyzing Network Traffic with tcpdump
- Example 2: Reading iptables Firewall Rules
- Example 3: Writing a Basic iptables INPUT Rule
- Example 4: Understanding the TCP Three-Way Handshake
- Example 5: Scanning Open Ports with ss
- Example 6: Basic nmap Host Discovery and Service Scan
- Example 7: TLS Handshake Walkthrough
- Example 8: Generating a Self-Signed Certificate
- Example 9: Configuring HTTPS in nginx
- Example 10: Symmetric Encryption with AES
- Example 11: Asymmetric Encryption with RSA
- Example 12: Hashing Files with SHA-256
- Example 13: Password Hashing with bcrypt
- Example 14: SSH Key-Based Authentication
- Example 15: Hardening sshd_config
- Example 16: Linux File Permissions
- Example 17: setuid and setgid Risk
- Example 18: User and Group Management
- Example 19: sudo Configuration
- Example 20: Finding World-Writable Files
- Example 21: CVE Lookup and CVSS 4.0 Scoring
- Example 22: Checking Packages for Known Vulnerabilities
- Example 23: Reading /var/log/auth.log
- Example 24: Monitoring System Resources for Anomalies
- Example 25: Basic Syslog Forwarding Config
- Example 26: Password Policy with PAM
- Example 27: Account Lockout Policy with PAM
- Example 28: Checking for SUID Binaries After Install
Intermediate (Examples 29–57)
- Example 29: Network Segmentation with VLANs
- Example 30: WireGuard VPN Setup
- Example 31: Stateful Firewall with nftables
- Example 32: Suricata IDS Rule Writing
- Example 33: TLS Certificate Chain Validation
- Example 34: Setting Up a Simple Internal CA
- Example 35: DNSSEC Zone Signing
- Example 36: CVSS 4.0 Score Calculation Walkthrough
- Example 37: Vulnerability Scanning with OpenVAS
- Example 38: SQL Injection Detection and Mitigation
- Example 39: XSS Detection and Mitigation
- Example 40: CSRF Protection
- Example 41: RBAC Configuration
- Example 42: TOTP MFA Setup
- Example 43: Active Directory Security Basics
- Example 44: LDAP Authentication Hardening
- Example 45: API Key Rotation Workflow
- Example 46: Secrets Management with HashiCorp Vault
- Example 47: Centralized Log Aggregation
- Example 48: Writing a Basic SIEM Correlation Rule
- Example 49: Establishing a Log Baseline
- Example 50: AWS S3 Public Bucket Misconfiguration
- Example 51: AWS Config Rule for IAM
- Example 52: Docker Container Hardening
- Example 53: Kubernetes NetworkPolicy
- Example 54: Kubernetes RBAC
- Example 55: Incident Response Phases
- Example 56: Evidence Collection and Chain of Custody
- Example 57: Linux Memory Forensics Basics
Advanced (Examples 58–85)
- Example 58: Zero-Trust Network Architecture
- Example 59: Mutual TLS (mTLS) Configuration
- Example 60: Certificate Transparency Log Monitoring
- Example 61: Hardware Security Module Concepts
- Example 62: Key Derivation with Argon2
- Example 63: Full Disk Encryption with LUKS
- Example 64: Advanced nftables with Connection Tracking
- Example 65: STRIDE Threat Modeling
- Example 66: Security Architecture Review Checklist
- Example 67: Simulating an Attack and Defense
- Example 68: APT Detection with SIEM Correlation
- Example 69: Honeypot Deployment
- Example 70: ModSecurity WAF Configuration
- Example 71: DDoS Mitigation with Rate Limiting
- Example 72: Supply Chain Security
- Example 73: Software Composition Analysis
- Example 74: SBOM Generation and CycloneDX Format
- Example 75: Cryptographic Agility
- Example 76: Post-Quantum Cryptography Intro
- Example 77: Security Automation with Ansible
- Example 78: Compliance as Code with InSpec
- Example 79: Security Chaos Engineering
- Example 80: Purple Team Exercise Plan
- Example 81: Incident Communication Template
- Example 82: Business Continuity Runbook
- Example 83: Security KPIs and Metrics Dashboard
- Example 84: Security Testing in CI/CD
- Example 85: Advanced Cloud Security Posture Management
Last updated May 20, 2026