Module 2 Overview

Module 2 Overview#

Theme#

Anomaly detection foundations

Essential Question#

How can models detect unknown patterns?

Module Components#

Book prose: conceptual framing, domain scenario, methods, and failure modes
Assignment: evidence-backed production of a specific artifact
Slides: presentation sequence for seminar or lecture delivery
Narration: spoken version of the slide flow
Instructor notes: facilitation plan, discussion prompts, and grading cues
Rubric: criteria for evaluating the module artifact
Notebook: executable lab aligned with the module theme using synthetic security telemetry with login velocity, data transfer volume, process rarity, and threat labels

Module Artifact#

detection engineering packet with threat model, false-positive analysis, and triage workflow focused on anomaly detection foundations: Build a simple anomaly detector.

Professional Setting#

Students work as if advising a security operations center tuning AI-assisted detections before analyst rollout. Their work must be intelligible to SOC analyst, detection engineer, incident commander, and business system owner.