Sign In
Professional Track

For cybersecurity professionals deploying AI across investigation, detection, response, governance, and team operations

Aligned to NIST CSF 2.0OWASP Top 10 for LLMsMITRE ATT&CKISO/IEC 27017

AI-Powered Security Operations

Integrate AI into your security workflow — investigation, detection, reporting, and automation.

Use AI as a force multiplier across security operations. Build AI-assisted investigation methodologies, generate and validate detection rules, draft incident response documentation at machine speed, automate compliance and policy work, deploy Claude Code for security scripting, and implement the governance framework that keeps AI use trustworthy.

Start Free — No Account Needed See Pricing
What you'll deploy
Advanced Claude workflows for security architecture and design review
AI-powered threat modeling and policy analysis
Automated compliance documentation generation
Claude integration for detection rule development and testing
Security-specific prompt patterns for investigation support
Workflow templates for GRC, IR, and detection engineering tasks
AI for Cybersecurity Professionals — Capability Model Investigate 6 incident types Any SIEM/EDR 20+ prompts Detect KQL · SPL · Sigma Full lifecycle Rule template Govern Policy + monitoring NIST AI RMF Full framework Automate PS · Python · Bash SOAR integration 5 prod scripts Report IR reports · PIRs Board briefings Template pack Defend Adversarial AI Deepfakes · injection Threat model 10 Modules · 20-25 Hours · Deployable Assets in Every Module Environment-agnostic · SIEM-agnostic · From analyst to CISO
View Pricing Take End of Course Exam → 36 CPE Credits

What you'll be able to do

Build AI-assisted investigation and detection engineering workflows
Draft IR reports at machine speed with systematic verification
Generate and validate KQL detection rules using AI assistance
Implement AI governance frameworks for security team deployment
Identify and defend against AI-generated threats and adversarial AI
Premium tier | 11 modules | 20–25 hours at your own pace | 36 CPE credits | 2 free modules — no account needed | SIEM-agnostic | Updated May 2026
Course Agenda View all 12 modules

Who this course is for

“I paste logs into ChatGPT and hope for the best.” Generic prompting produces generic output. Security-specific prompt engineering — structured investigation prompts, detection rule generation patterns, evidence chain reasoning — produces output you'd actually deploy. This course teaches the difference.

“I spend 3 hours writing every IR report.” AI-assisted documentation: incident reports, post-incident reviews, board briefings, stakeholder communications. You draft at machine speed and validate with practitioner judgment. The module produces templates you use on every incident.

“A threat advisory drops and I need a detection rule fast.” Turn a threat advisory into a Sigma rule, KQL query, and SPL search within minutes. The AI generates the first draft; you validate the logic, tune the thresholds, and deploy. Detection engineering at advisory speed.

“My team wants to use AI but we have no governance framework.” NIST AI RMF-aligned governance: acceptable use policy, data classification for AI input, output verification requirements, monitoring and audit. The framework that lets your team use AI without creating unmanaged risk.

“I need to write PowerShell and Python scripts but I'm not a developer.” Claude Code for security scripting: triage collectors, evidence parsers, compliance report generators, log analysis tools. You describe the requirement; AI generates the code; you validate and deploy. From idea to working script in minutes.

“I need to understand adversarial AI threats, not just use AI.” Prompt injection, deepfake social engineering, AI-powered phishing, model manipulation. The defensive perspective: how attackers use AI against your organization, and the controls that detect and prevent it.

Whatever your background — if the subject interests you and you're willing to put in the work, this course is for you.

Before and after this course

Before

You paste alert data into a chat window and get a vaguely helpful paragraph. The output isn't structured enough to put in an incident ticket or confident enough to act on.

Writing an IR report takes 3 hours. A board briefing takes a full day. Compliance documentation is a quarterly project.

Your team uses AI individually with no governance. Some analysts paste sensitive incident data into consumer tools. Nobody tracks what's being shared.

You don't know how attackers are using AI against your organization — deepfake voice for vishing, AI-generated phishing, prompt injection in AI-powered tools you've deployed.

After

Structured investigation prompts produce actionable triage output: IOCs extracted, timeline reconstructed, next investigation steps recommended. You validate the reasoning, not start from scratch.

IR reports draft in 20 minutes. Board briefings in an hour. Compliance documentation generates continuously from your operational data. You spend your time on judgment, not formatting.

Your team operates under a governance framework: approved tools, data classification rules, output verification requirements, monitoring and audit. AI use is productive and managed.

You have a threat model for adversarial AI: deepfake detection procedures, prompt injection defenses for AI-powered tools, and AI-generated phishing indicators in your detection rules.

How the course works

Six capability domains, each producing deployable workflow assets you use immediately:

Investigate
AI-Assisted Triage

Structured investigation prompts for 6 incident types. Evidence chain reasoning. Output validation methodology. Any SIEM, any EDR.

Detect
Rule Generation

Threat advisory to detection rule pipeline. Sigma, KQL, SPL generation from natural language. Validation and tuning workflow.

Automate
Security Scripting

Claude Code for PowerShell, Python, Bash. Triage collectors, evidence parsers, compliance generators. From requirement to working script.

Report
Documentation Speed

IR reports, post-incident reviews, board briefings, stakeholder communications. Draft at machine speed, validate with practitioner judgment.

Govern
AI Governance

NIST AI RMF-aligned framework. Acceptable use, data classification, verification requirements, monitoring. Deploy AI without unmanaged risk.

Defend
Adversarial AI

Prompt injection, deepfake social engineering, AI-powered phishing. Threat model for how attackers use AI against your organization.

What the content looks like

This is a real investigation prompt pattern from the course. Instead of pasting raw logs and hoping, you provide structured context that produces actionable triage output.

Prompt Pattern — From Module 3: Investigation Methodology
# Structured investigation prompt for BEC triage

ROLE: Senior SOC analyst performing BEC triage
CONTEXT: Alert fired on inbox rule creation
  - User: j.martinez@northgate-eng.com
  - Rule: Forward all email to external address
  - Source IP: 185.220.101.x (Tor exit node)
  - Time: 02:47 UTC (user typically active 08:00-17:00 GMT)

TASK: Provide structured triage assessment:
  1. Classify likelihood of compromise (High/Medium/Low)
  2. List 3 immediate containment actions in priority order
  3. Identify 5 follow-up queries to scope the compromise
  4. Flag what this triage CANNOT determine

CONSTRAINTS: Do not assume compromise without evidence.
  Distinguish confirmed indicators from suspicious signals.

The CONSTRAINTS line is the most important part. Without it, the AI assumes compromise and gives you dramatic containment advice. With it, you get a structured assessment that distinguishes what the evidence shows from what it suggests — the same discipline a senior analyst applies.

Usage rights and disclaimer

Course materials: Licensed for individual professional development. You may use prompt patterns, workflow templates, and governance frameworks in your professional work. You may not redistribute course content or share account credentials.

AI output: All AI-generated content requires human validation before use in security decisions, documentation, or production deployments.

Fictional environment: All scenarios use Northgate Engineering. Any resemblance to real organizations is coincidental.

Version and changelog

Current version: 1.0  |  Last updated: 2026

2026 — v1.0: Complete course. 11 modules (C0–C10). Updated for Claude Code, Cowork, MCP Connectors, and Computer Use.

This course is actively maintained as AI capabilities evolve.

COURSE ASSESSMENT

End of Course Exam

Complete the course, then prove your skills under time pressure. Pass mark: 70. Earn your certificate with CPE credits.

40minutes
3phases
100points
1scenario
Take End of Course Exam

Requires 80% course completion. One random scenario per attempt. Certificate issued on pass.