Module 1 Narration

Opening

Open with the professional setting: a security operations center tuning AI-assisted detections before analyst rollout. Ask students what decision is being made, who is affected, and what evidence would be persuasive to a skeptical reviewer.

Middle

Move through the module in four passes:

1. Define Security telemetry and threat models in the context of AI in Threat Detection.

2. Walk through the lab as a proxy-data exercise, emphasizing what it can and cannot show.

3. Compare a baseline with an AI-enabled or more sophisticated alternative.

4. Translate the result into stakeholder language: recommendation, risk, mitigation, and next evidence.

Closing

Close by returning to the module artifact: detection engineering packet with threat model, false-positive analysis, and triage workflow focused on security telemetry and threat models: Map telemetry to threat hypotheses.. Students should leave knowing exactly what artifact they are producing and how it will be judged.