Live Practical Exam
We offer a practical exam you won’t find elsewhere on this subject: practical application, full-cycle detection engineering, and machine learning.
Live presentation with grading from a professional.
The Why Behind the Course
This course emerged from the frustration with bloated Detection Engineering education, brimming with superfluous history and irrelevant content. Our mission is clear: to equip you with the knowledge required for instant contribution to a Detection Engineering team. No need for five courses, twenty books, or a multitude of blogs - we’ve got you covered.
NOTE - This course is under development. The amount of units, quizzes, and labs subject to change! Anticipating end of Q2 to early Q3 release. Join the waitlist and stay tuned!
Course Description
Building off of Detection Engineering 100, we’ll introduce advanced concepts that are seen in matured programs, such as how to approach baselining an environment and dipping your toes into UBA with machine learning concepts.
We’ll also discuss how to manage a Detection Engineering program - while keeping track of your content metrics. This knowledge will not only complete your “schoolhouse” knowledge of Detection Engineering, but give you the capability to help stand up programs.
Learning Outcomes
-
Learn how to work with large datasets utilizing data science methods such as machine learning.
-
Create fluid documentation, processes, and methods to track success within a detection engineering program.
Prerequisites
-
Threat Detection Engineering 100
-
Level Effect’s Cyber Defense Analyst Program
-
2+ years of professional experience in technology, preferably Cybersecurity
0
Modules
0
Units*
0
Quizzes*
0
Labs*
Course Author
Name: Tallis Jordan of Team Ghost (LinkedIn)
Positions Held: Lead Incident Response, Threat Detection Engineer, Purple Team Engineer, and Senior Threat Hunter
Diverse Experience: SOC Prime (Detection Specialty), Nuspire (MSSP), Army (Federal), 2K (Internal Security)
Volunteer Work: Director of Operations @ VetSec
Certifications: GREM, GCFA, GCFE, GCIA, GPYC, GPEN, GCIH, GSEC, OSCP, OSWP, PNPT, PJMR, eCTHP, CDCP Gold, BTL1
Course Features
Real Malware
We utilize real malware that utilizes techniques you will see in the wild to teach our concepts and not just CTF or canned scenarios. You'll also find custom malware on the exam made by the course authors that you won't find online - this ensures exam integrity.
Tools of the Trade
Dive into a vast array of powerful tools in this comprehensive course, with over 20+ tools at your disposal. From FLOSS and HxD to Hidra, Wireshark, tshark, pySigma, Zeek, PEStudio, INetSim, RegShot, x64dbg, Caldera, and C2 Frameworks, and more
Experienced Authors
Our authors boast a combined experience of over 4.5 years in distinguished roles within the realm of senior detection engineering, and certifications on top. This isn't a theory course to memorize and then forget - it has been exclusively crafted by and for professionals in the field of detection engineering.
Cyber Range
Experience the power of a fully equipped cyber range, right at your fingertips. Accessible through any browser, our private cyber range offers a curated selection of cutting-edge machines, including REMnux, FLARE, Kali, an Analyst Workstation, ELK, and even a small enterprise network.
Exclusive Access
Gain exclusive access to a private Discord community as well as repository packed with cutting-edge detection logic crafted by both students and instructors. Join forces with a talented and vibrant community to collaborate and enhance your skills long after the course concludes.
Explore the Curriculum
Learning Modules
Develop the skills for cybersecurity threat detection and analysis over 5 modules, learning how to create sophisticated detection strategies for a wide range of cyber threats, both in network traffic and endpoint security.
-
Baselining
-
Explore baselining, the process of establishing what “normal” is across an entire environment - and how to do it efficiently.
-
-
User Behavior Analytics (UBA)
-
Explore the idea of utilizing baseline results to craft detection logic that can identify suspicious activity within your networks.
-
-
Machine Learning
-
Become acquainted with Jupyter Notebooks, Python, and Pandas to aid your data science efforts during baselining, UBA, and detection testing.
-
Revisit, or become introduced to, the world of regular expressions - and their part in manipulating data.
-
You’ll discover tools such as: Jupyter Notebooks, Python, and Pandas.
-
-
Hunt Packages
-
Learn how to devise a hunt package; a compilation of queries, mappings, and potential response activities other teams can pick up and use at a moment’s notice.
-
-
Managing Detection Monitoring & Metrics
-
Explore maturity models, realistic expectations, how you should monitor your logic, and potential metrics to ensure a well-oiled detection engineering program.
-
Detection Engineer 2 (DE2) Exam
-
Prerequisites: completion of Detection Engineering 100 and associated labs OR 2+ year(s) of experience in a threat role (Threat Hunter, Threat Detection Engineering)
-
You will receive a scenario and randomly selected malware sample at the beginning of this phase (within your VM range). You will find the sample, perform the entire process of detection engineering in the range - including all documentation (including an evaluation guideline to track success), and show your work to the course instructor over a live call in a presentable format.
-
A week-long period of time for you to complete your work, and your live presentation will be scheduled within the next 30 days (24 hours of range time).
-
You will receive feedback within 72 hours from the instructor.
Testimonials
His technical expertise in Cybersecurity and professionalism has provided me with a role model. His mentorship has helped me achieve my goals of making it into the industry - saving me enormous amounts of time with his guidance.
Travis S.
SOC Analyst
Tallis embodies the pinnacle of mentorship and leadership. He has guided me and pushed me to new heights; his confidence in me ignited a flame of pursuit towards achievement I never knew I possessed.
Brendan B.
Software Engineer
He has exposed me to an arsenal of skills and tools, guiding me through learning exploit development and reverse engineering. He doesn't hesitate to jump in and help when you get stuck either, no matter what it is.
Patrick W.
Threat Hunter
He readily shares his expertise, benefiting not only me, but everyone around him. I'm grateful for the opportunity to learn from him and value his organic guidance in order to advance my career.
Richard C.
Student of Cybersecurity
Cost of Attendance
The course will have multiple purchasing tiers. These tiers will meet the different needs of each student (i.e. course purchase with exam attempt, etc) and will soon be listed on the course page. You can expect a price range from $300-500.
We are also working on getting regional pricing so that it is affordable to the rate of your residence/citizenship. More details on this coming later!
Frequently Asked Questions
-
Do I need experience?
We highly recommend that you complete the Detection Engineering 100 course to gain a thorough understanding of our expectations for detection engineering, especially if you plan to take the exam. Otherwise, we suggest at least two years in a threat role (hunting or detection engineering).
-
Is this course and associated labs on-demand?
Yes. You will have unlimited access to the course material and may purchase your lab time in three different packages.
-
How does lab time work?
Once you purchase your lab time, you will consume hours while the range is running. At the completion of your lab time, if you do not purchase an extension, your range will be destroyed.
-
How accessible is the instructor?
Very. You can usually contact the instructor via Discord, or via email alternatively. Those contact methods will be available within the course.
-
What types of roles/jobs is this course good for?
-
Threat Detection Engineers
-
Threat Hunters
-
Security Operation Analysts
-
Digital Forensic Analysts
-
Incident Responders
-
and even Penetration Testers/Red Team Operators.
-
-
Is there a country restriction?
No, but be aware the course and exam will be entirely in English.