Track · Sentinel Defense
6 weeks · 4 missions · 0 in cohort
AI Cybersecurity Operations
Defend like a team of ten — with five and a few good agents.
§01 / The brief
Why this track exists.
A SOC-ready track. Build detections, run AI-assisted triage, and write the runbook before the incident, not during it.
Detection engineering, AI-assisted triage, runbooks that survive a real incident.
§02 / Who it's for
You are…
- →Security analysts
- →DevOps engineers wearing the security hat
- →IT leads of growing companies
§03 / What you'll learn
By the end…
- ✓Detection engineering with AI
- ✓Triage and enrichment pipelines
- ✓Incident communication
- ✓Tabletop with agentic adversaries
§05 / Missions
The work, in order.
- 01Detection engineering
Sigma rules and detection-as-code. AI-assisted authoring.
lesson - 02Triage pipelines
Enrichment, correlation and the human handoff.
challenge - 03Incident comms
Write the runbook before the incident, not during.
challenge - 04Tabletop with agents
Adversarial tabletop with agentic attackers.
peer_review
§06 / Tools
Your stack.
WazuhSigmaOpenAIPythonCloudflareTines
Tools shift fast. We teach the workflow so you can swap any of these without losing a beat.
§07 / What you ship
Portfolio you can defend.
- ◆A detection ruleset
- ◆A documented triage pipeline
- ◆A run-the-incident playbook
§08 / FAQ
Common questions.
Is this for offensive or defensive work?+
Defensive, with enough offensive context to know what to defend against.
§09 / Related
Stack it with…
Next cohort