ROADMAP
18 tracks / 415 lessons
TRACKS
[HIDDEN]
Legacy oversized source track retained for migration only. Prefer the split tracks for new review: reliability foundations, observability telemetry, incident management, chaos engineering, release safety, containers/platform runtime, and infrastructure as code.
Not published
[HIDDEN]
Caching layers, worker systems, profiling, and practical performance mechanics.
Not published
[HIDDEN]
Identity, supply chain, runtime hardening, and platform-level trust boundaries.
Not published
[DRAFT]
Load envelopes, queuing trade-offs, forecasting, and the methods used to plan system growth before painful saturation.
Not published
[DRAFT]
Incident response as an operational learning system: paging signals, roles, triage, communication, runbooks, mitigation, postmortems, corrective actions, on-call training, and durable organizational memory.
Not published
[DRAFT]
Canaries, feature gates, rollback design, change safety, and the release controls that reduce production risk.
Not published
[DRAFT]
SLIs, SLOs, failure budgets, operational trade-offs, and the core mental models behind production reliability work.
Not published
[DRAFT]
Failure injection, resilience drills, blast-radius control, and experiment design for hardening systems before real incidents.
Not published
[DRAFT]
Input validation, auth flaws, data exposure, secure defaults, and the design patterns that reduce common application risks.
Not published
[DRAFT]
Image provenance, runtime isolation, dependency trust, and the controls used to secure modern cloud software supply chains.
Not published
[DRAFT]
Cryptographic primitives, secret rotation, key hierarchy, and the operational discipline needed to use cryptography safely.
Not published
[DRAFT]
Identity boundaries, token flows, authorization models, policy engines, and the auditability of trust decisions in software systems.
Not published
[DRAFT]
Draft track for lineage, retention, deletion workflows, policy enforcement, auditability, and privacy-aware data operations.
Not published
[DRAFT]
Attack surfaces, trust boundaries, adversary models, and the threat-modeling habits needed before secure design becomes concrete.
Not published
[DRAFT]
Security telemetry, investigation workflows, triage, containment, and the evidence-handling needed after active compromise.
Not published
[DRAFT]
Understand software from the outside inward: binaries, protocols, traces, decompilers, symbols, patching, and ethical analysis.
Not published
[DRAFT]
Think like a defender who understands attackers: threat modeling, abuse cases, exploit chains, social engineering, controls, and responsible disclosure.
Not published
[DRAFT]
Production observability depth for backend systems: OpenTelemetry propagation, Prometheus cardinality, logs, sampling, traces, profiling, service maps, and incident evidence.
Not published