Get Started

About Ridgeline Cyber Defence

Who we are

Ridgeline Cyber Defence is a cybersecurity consultancy and product business focused on Microsoft 365 security operations. We build training, toolkits, and services for the people who defend organisations against real threats — SOC analysts, IT administrators transitioning into security, and MSP technicians responsible for client environments.

Why this training exists

Most security training falls into two categories: exam prep that teaches you to pass a test but not to investigate an incident, or vendor documentation that explains what buttons exist but not when to press them.

We built this platform to fill the gap. Every module is written by a practising CSOC analyst who works in a Microsoft 365 environment daily — running investigations in Sentinel, writing KQL queries against live data, triaging alerts in Defender XDR, and producing incident reports for senior leadership.

The scenarios in this training are based on real attack patterns encountered in production environments, sanitised and structured for learning.

What we offer

Training — The SC-200 Security Operations track covers 28 modules mapped to every exam objective. A beginner track for IT admins transitioning into security is in development. Four modules are completely free with no account required.

Toolkits — The SOC Analyst Operations Kit provides production-ready detection rules, investigation playbooks, IR report templates, and hardening checklists. Deployable infrastructure — not PDF documents that sit in a SharePoint folder.

Community — Monthly scenario challenges with sample datasets, a subscriber newsletter with practical KQL tips, and a growing community of Microsoft security practitioners.

Our approach

Written, not video. Search it. Bookmark it. Copy the code. Reference it during a live investigation at 02:00. Written content updates in minutes when Microsoft changes something — video requires a reshoot.

Scenario-driven. Every investigation module walks through a complete attack chain — from initial alert through containment, eradication, and reporting. No isolated lab exercises disconnected from operational reality.

Production-ready outputs. KQL queries, ARM templates, and PowerShell scripts that work in your environment today. Not pseudocode. Not “left as an exercise for the reader.”

Transparent sourcing. Every technical claim references current Microsoft documentation. You can verify anything we state.

Contact

For training questions, content feedback, or partnership enquiries:

Email: training@ridgelinecyber.com

Company site: ridgelinecyber.com