A full cybersecurity worldview for Year 9-12, aligned to the College Board AP Cybersecurity framework. But this isn't a dry defence course — every concept is welded to a real Capture-the-Flag technique, so theory becomes attack. One body of work that feeds the AP exam, the ICOA, and the ICO.
A structured path from "what is cybersecurity?" to "I understand how every attack works."
Across 5 units — each concept explained from zero, with a real-world analogy first.
Every concept ends with "here's how this is used to capture a flag" — theory that attacks.
Interactive practice after every lesson, with instant feedback — mobile-friendly.
Aligned to the College Board CED — a head start on the 2027 AP Cybersecurity exam.
Ordered for understanding: build the analyst's framework first, then attack the highest-value domains.
The whole-field mental model — the five layers an attacker breaks through, the CIA triad, risk assessment, and the six stages of an attack. The language behind everything else.
How attackers fool people — and AI. Social engineering and phishing get a quick, real-world pass; the AI-attack section (prompt injection, extracting data from an LLM) is taught in depth — ICOA's biggest information edge.
How data travels — and how it's intercepted. Packets, ports, protocols and firewalls, with the focus on reading captured traffic to find hidden credentials and flags.
Password hashing and cracking, malware classification, and an introduction to reverse engineering and buffer overflows — the theory behind cracking and pwning.
The richest unit — it feeds two top CTF domains at once. Web vulnerabilities (SQL injection, XSS) plus modern cryptography (symmetric AES, asymmetric RSA), each tied to its signature flag.