Module 1 Overview

Module 1 Overview#

Theme#

Security telemetry and threat models

Essential Question#

What signals reveal malicious behavior?

Module Components#

Book prose: conceptual framing, domain scenario, methods, and failure modes
Assignment: evidence-backed production of a specific artifact
Slides: presentation sequence for seminar or lecture delivery
Narration: spoken version of the slide flow
Instructor notes: facilitation plan, discussion prompts, and grading cues
Rubric: criteria for evaluating the module artifact
Notebook: executable lab aligned with the module theme using synthetic security telemetry with login velocity, data transfer volume, process rarity, and threat labels

Module Artifact#

detection engineering packet with threat model, false-positive analysis, and triage workflow focused on security telemetry and threat models: Map telemetry to threat hypotheses.

Professional Setting#

Students work as if advising a security operations center tuning AI-assisted detections before analyst rollout. Their work must be intelligible to SOC analyst, detection engineer, incident commander, and business system owner.