# Module 5 Narration

## Opening

Open with the professional setting: a security operations center tuning AI-assisted detections before analyst rollout. Ask students what decision is being made, who is affected, and what evidence would be persuasive to a skeptical reviewer.

## Middle

Move through the module in four passes:

1. Define **Detection engineering and evaluation** in the context of AI in Threat Detection.
2. Walk through the lab as a proxy-data exercise, emphasizing what it can and cannot show.
3. Compare a baseline with an AI-enabled or more sophisticated alternative.
4. Translate the result into stakeholder language: recommendation, risk, mitigation, and next evidence.

## Closing

Close by returning to the module artifact: **detection engineering packet with threat model, false-positive analysis, and triage workflow focused on detection engineering and evaluation: Create detection rules and evaluate false positives.**. Students should leave knowing exactly what artifact they are producing and how it will be judged.