Module 7 Overview

Theme

Security operations integration

Essential Question

How do detections become action?

Module Components

• Book prose: conceptual framing, domain scenario, methods, and failure modes

• Assignment: evidence-backed production of a specific artifact

• Slides: presentation sequence for seminar or lecture delivery

• Narration: spoken version of the slide flow

• Instructor notes: facilitation plan, discussion prompts, and grading cues

• Rubric: criteria for evaluating the module artifact

• Notebook: executable lab aligned with the module theme using synthetic security telemetry with login velocity, data transfer volume, process rarity, and threat labels

Module Artifact

detection engineering packet with threat model, false-positive analysis, and triage workflow focused on security operations integration: Design a SOC triage workflow.

Professional Setting

Students work as if advising a security operations center tuning AI-assisted detections before analyst rollout. Their work must be intelligible to SOC analyst, detection engineer, incident commander, and business system owner.