diff --git a/2.Curriculum/05.Cryptography and Key Management/05.00 - Objectives.md b/2.Curriculum/05.Cryptography and Key Management/05.00 - Objectives.md
index 3c3cc7f..dcc8e74 100644
--- a/2.Curriculum/05.Cryptography and Key Management/05.00 - Objectives.md	
+++ b/2.Curriculum/05.Cryptography and Key Management/05.00 - Objectives.md	
@@ -4,17 +4,47 @@
 
 After completing this module, developers will be able to:
 
-- Apply cryptographic solutions appropriately for confidentiality, integrity, and authenticity
+- Apply cryptographic solutions appropriately for confidentiality, integrity, and authenticity and non-repudiation 
 - Select secure cipher suites and algorithms while avoiding deprecated options
-- Implement proper key management including generation, storage, rotation, and deletion
+- Implement secure key management practices including key generation, storage, rotation, distribution, backup, and destruction
 - Recognize and defend against common cryptographic attacks
-
----
+- Apply secure hashing, encryption, digital signatures, and certificate validation mechanisms in software applications
 
 ## Knowledge
+The student will need knowledge of the following topics for Module 5:
+- The fundamental goals of cryptography: confidentiality, integrity, authenticity, and non-repudiation. 
+- The difference between encoding, hashing, encryption, and signing, and when each should be used. 
+- Symmetric cryptography concepts, including shared-secret encryption, common algorithms (AES), block cipher modes (CBC, GCM), and authenticated encryption. 
+- Asymmetric cryptography concepts, including public/private key pairs, RSA, elliptic curve cryptography (ECC), key exchange, and digital signatures. 
+- Hashing algorithms and message authentication mechanisms, including SHA-2, SHA-3, HMAC, password hashing functions (bcrypt, scrypt, Argon2), and their appropriate use cases. 
+- Public Key Infrastructure (PKI), certificates, certificate authorities (CA), certificate validation, and trust chains. 
+- TLS and HTTPS fundamentals, including TLS handshakes, cipher suites, forward secrecy, certificate validation, and secure transport configuration. 
+- The risks associated with deprecated or weak cryptographic algorithms and protocols, including MD5, SHA-1, DES, RC4, SSL, and outdated TLS versions. 
+- Secure random number generation and the importance of cryptographically secure pseudorandom number generators (CSPRNGs). 
+- Key management lifecycle concepts, including key generation, storage, distribution, rotation, expiration, backup, revocation, and destruction. 
+- Secrets management approaches, including Hardware Security Modules (HSMs), cloud key management services (KMS), vault solutions, and environment secret handling.
+- Common cryptographic vulnerabilities and implementation mistakes, including hardcoded keys, insecure random generation, padding oracle attacks, downgrade attacks, weak entropy, improper certificate validation, and misuse of JWT signatures. 
+- The importance of salting and stretching for password storage and resistance to brute-force attacks. 
+- The distinction between data at rest and data in transit protections and the cryptographic controls applicable to each. 
+- Regulatory and compliance considerations related to cryptographic protections and key management practices. 
 
 
 ## Skills
+The student will be able to demonstrate the following skills:
+- Select appropriate cryptographic mechanisms based on security requirements and threat models.
+- Implement secure encryption and decryption workflows using approved libraries and modern algorithms.
+- Implement secure password storage using adaptive hashing algorithms and proper salting techniques.
+- Configure and validate secure TLS settings, certificates, and cipher suites for applications and APIs.
+- Generate, store, rotate, and revoke cryptographic keys securely using industry best practices.
+- Integrate secure secrets management solutions into application deployment pipelines and runtime environments.
+- Validate digital signatures and certificates correctly to ensure authenticity and integrity.
+- Identify insecure cryptographic implementations during code review and recommend remediation measures.
+- Test applications for common cryptographic weaknesses, insecure configurations, and certificate validation flaws.
+- Apply secure token signing and validation practices for JWTs and similar cryptographic tokens. 
 
 
 ## Competencies
+With the knowledge and skills above, a developer is able to design, implement, and maintain secure cryptographic protections within modern applications and infrastructure. This includes selecting appropriate cryptographic primitives, implementing secure encryption and signing workflows, protecting sensitive data in transit and at rest, and managing cryptographic keys throughout their lifecycle. The developer understands how cryptographic failures manifest as real-world vulnerabilities — including weak encryption, improper certificate validation, insecure key storage, token forgery, and password compromise — and can apply cryptographic best practices consistently across application architecture, development, deployment, and operations.
+
+
+
diff --git a/2.Curriculum/05.Cryptography and Key Management/05.01 -  Cryptography and Key Management.md b/2.Curriculum/05.Cryptography and Key Management/05.01 -  Cryptography and Key Management.md
index aca3905..d8b7518 100644
--- a/2.Curriculum/05.Cryptography and Key Management/05.01 -  Cryptography and Key Management.md	
+++ b/2.Curriculum/05.Cryptography and Key Management/05.01 -  Cryptography and Key Management.md	
@@ -1,33 +1,198 @@
 # Module 5: Cryptography and Key Management
 
 5.1 What is cryptography
-- what are the main security properties addressed by cryptography 
-
-5.2 Uses of cryptography
-- keys
-- hashes
-- message digest
-- X.509 certificates
-- Digital signatures
-- etc.
-
-5.3 Common algorithm pitfalls
-- Cipher suites
-- Algorithm strength
-
-5.4 Attcks against cryptography solutions
-- Rainbow attacks
-- Brute force attacks
-- Collusion attacks
-- etc
-
-5.5 Insecure use of cryptography
-
-5.6 Key management
-- Key generation
-- Key storage
-- Key exchange
-- Key rotation
-- Key deletion
-- Key decommissioning
-- etc.
+- what are the main security properties addressed by cryptography
+- Definition and purpose of cryptography in modern systems 
+- Historical evolution of cryptographic methods 
+- Cryptography in modern applications, cloud services, APIs, and communications 
+
+5.2 Core Security Properties Provided by Cryptography
+- Confidentiality 
+- Integrity 
+- Authenticity 
+- Non-repudiation 
+- Availability considerations related to cryptographic services 
+
+5.3 Cryptographic Concepts and Terminology
+- Plaintext and ciphertext
+- Encryption and decryption
+- Keys and secrets
+- Cryptographic primitives
+- Trust and threat models 
+
+5.4 Types of Cryptography
+- Symmetric cryptography
+- Asymmetric cryptography
+- Hybrid cryptographic systems 
+
+5.5 Uses of Cryptography
+Encryption Technologies
+Symmetric Encryption
+-	AES and modern symmetric algorithms 
+-	Block and stream ciphers 
+-	Encryption modes (CBC, GCM, CTR) 
+-	Authenticated encryption 
+Asymmetric Encryption
+-	Public and private keys 
+-	RSA and Elliptic Curve Cryptography (ECC) 
+-	Key exchange mechanisms
+  
+Hashing and Integrity Protection
+Hash Functions
+-	SHA-2 and SHA-3 
+-	Message digests 
+-	Integrity verification 
+Message Authentication
+-	HMAC 
+-	MAC vs Digital Signature 
+Password Hashing
+-	bcrypt 
+-	scrypt 
+-	Argon2 
+-	Salting and stretching
+  
+Digital Trust and Identity
+X.509 Certificates
+-	Certificate structure 
+-	Certificate Authorities (CA) 
+-	Chain of trust 
+-	Certificate validation 
+Digital Signatures
+-	Signature generation and verification 
+-	Authenticity and non-repudiation 
+-	Code signing and document signing
+  
+Cryptography in Secure Communications
+TLS and HTTPS
+-	TLS handshake overview 
+-	Cipher suites 
+-	Perfect Forward Secrecy (PFS) 
+-	Certificate validation 
+Cryptography in Modern Applications
+-	API security 
+-	VPNs 
+-	Secure email 
+-	Secure file storage 
+-	Token signing (JWT) 
+
+5.6 Common Algorithm and Configuration Pitfalls
+Weak and Deprecated Algorithms
+-	DES and 3DES 
+-	MD5 and SHA-1 
+-	RC4 
+-	Weak RSA key sizes 
+-	Deprecated TLS and SSL versions 
+Cipher Suite Weaknesses
+-	Weak cipher negotiation 
+-	Downgrade risks 
+-	Lack of forward secrecy 
+-	Improper TLS configurations 
+Randomness and Entropy Problems
+-	Weak random number generation 
+-	Predictable keys 
+-	Insecure pseudo-random generators 
+Cryptographic Misuse
+-	Hardcoded secrets and keys 
+-	Reusing IVs and nonces 
+-	Improper encryption modes 
+-	Rolling custom cryptography 
+-	Insecure certificate validation 
+Token and Signature Pitfalls
+-	JWT algorithm confusion 
+-	Missing signature validation 
+-	Weak signing keys 
+-	Improper token storage 
+
+5.7 Attacks Against Cryptographic Solutions
+Password and Key Attacks
+-	Brute-force attacks 
+-	Dictionary attacks 
+-	Rainbow table attacks 
+-	Credential stuffing relevance 
+Cryptographic Protocol Attacks
+-	Man-in-the-middle (MITM) attacks 
+-	Downgrade attacks 
+-	Replay attacks 
+-	Padding oracle attacks 
+Key and Trust Attacks
+-	Key compromise 
+-	Certificate spoofing 
+-	Rogue certificates 
+-	Collusion attacks 
+Side-Channel and Implementation Attacks
+-	Timing attacks 
+-	Memory disclosure attacks 
+-	Weak entropy exploitation 
+Modern Threat Considerations
+-	Quantum computing considerations 
+-	Supply chain compromise affecting cryptographic trust
+
+5.6 Insecure Use of Cryptography
+Common Developer Mistakes
+-	Storing passwords using plain hashes 
+-	Using outdated algorithms 
+-	Encrypting without integrity protection 
+-	Client-side only encryption assumptions 
+-	Disabling TLS validation 
+Insecure Secret Handling
+-	Hardcoded API keys and secrets 
+-	Secrets in source code repositories 
+-	Insecure environment variable management 
+Session and Token Weaknesses
+-	Insecure JWT implementation 
+-	Long-lived tokens 
+-	Missing expiration validation 
+-	Insecure cookie configurations 
+Data Protection Failures
+-	Insufficient encryption for data at rest 
+-	Weak transport security 
+-	Improper backup encryption 
+-	Exposed private keys and certificates 
+Compliance and Operational Risks
+-	Failure to rotate keys 
+-	Poor certificate lifecycle management 
+-	Inadequate logging and monitoring of cryptographic events 
+
+
+5.7 Key Management
+Key Lifecycle Management
+-	Key generation 
+-	Key activation 
+-	Key distribution 
+-	Key usage 
+-	Key rotation 
+-	Key archival 
+-	Key revocation 
+-	Key deletion and destruction 
+-	Key decommissioning 
+Secure Key Generation
+-	Cryptographically secure random number generators (CSPRNG) 
+-	Key length requirements 
+-	Entropy considerations 
+Secure Key Storage
+-	Hardware Security Modules (HSM) 
+-	Cloud Key Management Services (KMS) 
+-	Secret vault solutions 
+-	Secure enclave technologies 
+Key Exchange and Distribution
+-	Diffie-Hellman and ECDH 
+-	Public key distribution 
+-	Secure provisioning mechanisms 
+Operational Key Management
+-	Key rotation policies 
+-	Backup and recovery procedures 
+-	Separation of duties 
+-	Access control for cryptographic material 
+Certificate and Trust Management
+-	Certificate issuance 
+-	Certificate renewal 
+-	Certificate revocation 
+-	Trust store management 
+Best Practices and Governance
+-	Principle of least privilege for key access 
+-	Cryptographic policy management 
+-	Auditing and monitoring key usage 
+-	Compliance and regulatory considerations 
+
+
+