Sign In
Professional Track

For cybersecurity professionals deploying AI across investigation, detection, response, governance, and team operations

Aligned to NIST CSF 2.0OWASP Top 10 for LLMsMITRE ATT&CKISO/IEC 27017

Claude for Security Professionals

Integrate AI into your security workflow — investigation, detection, reporting, and automation.

Use AI as a force multiplier across security operations. Build AI-assisted investigation methodologies, generate and validate detection rules, draft incident response documentation at machine speed, automate compliance and policy work, deploy Claude Code for security scripting, and implement the governance framework that keeps AI use trustworthy.

Start Free — No Account Needed See Full Curriculum + Pricing
Content last updated: May 2026

Text-based · Persistent labs on your own hardware · 2 free modules available now · Content last updated: May 2026

What you'll deploy
Advanced Claude workflows for security architecture and design review
AI-powered threat modeling and policy analysis
Automated compliance documentation generation
Claude integration for detection rule development and testing
Security-specific prompt patterns for investigation support
Workflow templates for GRC, IR, and detection engineering tasks
AI for Cybersecurity Professionals — Capability Model Investigate 6 incident types Any SIEM/EDR 20+ prompts Detect KQL · SPL · Sigma Full lifecycle Rule template Govern Policy + monitoring NIST AI RMF Full framework Automate PS · Python · Bash SOAR integration 5 prod scripts Report IR reports · PIRs Board briefings Template pack Defend Adversarial AI Deepfakes · injection Threat model 10 Modules · 20-25 Hours · Deployable Assets in Every Module Environment-agnostic · SIEM-agnostic · From analyst to CISO
View Pricing Take End of Course Exam → 36 CPE Credits

What you'll be able to do

Build AI-assisted investigation and detection engineering workflows
Draft IR reports at machine speed with systematic verification
Generate and validate KQL detection rules using AI assistance
Implement AI governance frameworks for security team deployment
Identify and defend against AI-generated threats and adversarial AI

AI as an operational multiplier

This course teaches you to integrate AI into security operations workflows — investigation, detection engineering, IR reporting, governance, and automation. Every module produces a deployable asset: prompt libraries, detection templates, governance frameworks, and deployment playbooks. The methodology is platform-agnostic — examples use Claude but the techniques transfer to any AI assistant.

Who this course is for

Security operations practitioners. You investigate incidents, write detection rules, and manage security programs. This course teaches you to use AI to accelerate these workflows — not replace them.

Security managers building AI capability. You need to deploy AI across your team with governance, measurement, and a business case for leadership.

Anyone responsible for AI governance in a security context. Shadow AI detection, acceptable use policies, data classification, and AI incident response.

Anyone with a genuine interest in Claude for security. Whatever your background — whether you're transitioning from another domain, early in your career, or exploring a new direction — if the subject interests you and you're willing to put in the work, this course is for you. Backgrounds vary. Motivation is what matters.

Environment-agnostic

This course is not tied to Microsoft 365. The investigation methodology, detection engineering process, governance frameworks, and automation patterns apply to any security environment. Examples use KQL and Sentinel for illustration, but every technique translates to Splunk, CrowdStrike, Elastic, or any other platform. Updated for Claude Code, Cowork, MCP Connectors, and Computer Use.

What this produces

AI-assisted investigation methodologies, detection rule generation workflows, IR documentation templates, compliance automation procedures, and an AI governance framework. The operational AI toolkit for security teams — with the adversarial risk assessment that keeps it trustworthy.

What you will be able to do

1. Integrate AI into investigation workflows — using structured prompts to accelerate alert triage, evidence analysis, and IOC correlation across any SIEM or EDR platform.

2. Build a detection engineering pipeline with AI assistance — converting threat advisories into deployed detection rules using repeatable prompt templates and testing frameworks.

3. Generate IR reports and executive communications using AI-assisted drafting with verification discipline.

4. Deploy an AI governance framework — shadow AI detection, acceptable use policies, data classification, and AI incident response procedures.

5. Build organizational AI capability — team onboarding, role-specific configurations, ROI measurement, and a 12-month AI capability roadmap.

Course at a glance

Modules: 11 (C0–C10)

Estimated duration: 20–25 hours (self-paced)

Format: Written content — worked prompt examples, SVG diagrams, deployable artifacts, knowledge checks

Free content: C0 (1 module) — no account required

Paid content: C1–C10 (10 modules) — Premium or Team subscription

Platform: Updated for Claude Code, Cowork, MCP Connectors, and Computer Use

Typical pace: ~5-10 weeks at 5 hrs/week

MITRE ATT&CK coverage: 15 techniques mapped

Built by Ridgeline Cyber

Ridgeline Cyber Defence builds security operations training grounded in practical and operational experience. The team behind this course runs CSOC operations across on-prem, Splunk, and Microsoft 365 security stacks, Cisco and Palo Alto networks, and managed SOC partnerships.

Experience spans detection engineering, incident response, and DFIR investigation across on-prem, M365, and Linux environments — including leading cyber incident response engagements, deploying security controls and managing Governance, Risk and Compliance operations.

The investigation scenarios in this course are grounded in that operational work. The techniques, decision points, and mistakes are drawn from real investigations, sanitized and adapted for training.

What this course does NOT cover

Deliberate scope boundaries. If any of these is your primary need, the sibling course is the better fit.

Technical requirements

AI assistant account: Claude Pro/Team or equivalent with project/workspace capability.

Security operations environment: Access to any SIEM and EDR platform for the investigation and detection modules. The course uses M365 and Sentinel for examples but the methodology is platform-agnostic.

Prerequisite: Complete Claude Essentials for Security Professionals or have equivalent AI tool experience.

How to get the most from this course

Recommended pace: 1–2 modules per week, 20–25 hours total over 5–8 weeks.

Each module produces a deployable asset. Start with whichever matches your most immediate operational need.

Verify everything. AI-assisted output requires verification discipline. The course teaches you when and how to verify — this is the skill that separates productive AI use from dangerous AI use.

Support and community

Questions about course content: training@ridgelinecyber.com

Billing and account management: Self-service via your account page or training@ridgelinecyber.com

LinkedIn: Follow Ridgeline Cyber for operational security content and course updates

X: @RidgelineCyber

Course Syllabus

Four tracks. C0 is free — no account required.

Free Foundations

00
Course Introduction — What this course teaches, who it is for, prerequisites, learning path, and how to get the most from AI-assisted security operations.
 01
AI in Security Operations: The Landscape — What AI actually offers security teams. Capabilities matrix. SANS AI Blueprint, NIST AI RMF, OWASP LLM Top 10, MITRE ATLAS. Tool evaluation frameworks. The build vs buy decision.

Operational Skills

02
Building Your AI-Assisted Investigation Methodology — Universal investigation feedback loop. Covers endpoint, email, identity, insider threat, cloud, and ransomware incidents. SIEM-agnostic. 20+ investigation prompt templates.
 03
Threat Intelligence & Detection Engineering with AI — Advisory analysis, IOC enrichment, MITRE ATT&CK mapping, detection rule generation in KQL, SPL, and Sigma. Rule testing framework. Documentation automation.
 04
Incident Response Documentation & Communication — Four-pass IR report methodology. Executive summaries, board briefings, regulatory notifications, law enforcement referrals. Downloadable template pack.
 05
Security Automation & Scripting — AI-assisted PowerShell, Python, Bash. SOAR integration. Automated reporting. Code review methodology. Human-in-the-loop production deployment framework.

Governance and Risk

06
Compliance, Policy & Risk Management — AI-assisted policy drafting, gap analysis, risk assessment, framework cross-mapping. EU AI Act and NIST AI RMF implications for security teams.
 07
AI Governance for Security Organizations — Shadow AI detection, data classification, vendor assessment, acceptable use policies, AI incident response, board-level reporting. Complete governance deployment.
 09
AI Threats, Adversarial AI & Defensive Countermeasures — Prompt injection, deepfakes, AI-powered social engineering, model poisoning. Defending your AI-assisted workflows and detecting AI-powered attacks.

Strategic Deployment

08
Deploying AI Across Your Security Team — Onboarding, access controls, data handling, role-specific configurations, ROI metrics, and the business case for leadership. The organizational adoption playbook.
 10
The Future of AI in Security Operations — Agentic security, autonomous triage, AI-powered threat hunting, SANS AI Blueprint implementation. Build a 12-month AI roadmap for your security program.

What you get that you will not find elsewhere

This is not a prompt engineering course. Prompt engineering courses teach generic techniques. This course teaches AI-assisted security operations — how to use AI effectively for investigation, detection engineering, threat analysis, and reporting within your security workflow.

Security-specific AI integration. Every prompt, every workflow, every technique is built for security practitioners working with real security data. Not generic business AI.

The human judgment boundary. Where AI accelerates and where human expertise must remain. The course teaches both — and the verification discipline that keeps AI-assisted work trustworthy.

Where this course fits

AI-assisted techniques complement every other Ridgeline course. Practical IR uses AI for report drafting. Detection Engineering uses AI for rule specification. Threat Hunting uses AI for hypothesis generation.

This course teaches the AI integration skills those courses reference.

The outcome

You start copying prompts from Twitter. You finish with a systematic AI-assisted security workflow.

Security-specific AI workflows — investigation, detection, threat analysis, reporting.

Verification discipline — AI output validation techniques for security-critical decisions.

Measurable acceleration — time savings on investigation, documentation, and analysis tasks.

Prerequisites

Required: 1+ years in a security operations, detection engineering, or incident response role. Working knowledge of KQL, Sentinel, and security investigation methodology. Claude Essentials for Security Professionals or equivalent AI tool experience.

Recommended: Experience writing detection rules and investigating security incidents — the course applies Claude to these workflows directly.

Usage rights and disclaimer

Course materials: Licensed for individual professional development. You may use scripts, queries, detection rules, templates, and frameworks from this course in your professional work. You may not redistribute course content, share account credentials, or republish course materials.

Fictional environment: All scenarios use the fictional Northgate Engineering environment. Any resemblance to real organizations, incidents, or individuals is coincidental.

No legal advice: Compliance and regulatory content in this course is educational, not legal advice. Consult qualified legal counsel for obligations in your jurisdiction.

Version and changelog

Current version: 1.0  |  Last updated: 2026

2026 — v1.0: Complete course. All 11 modules (C0–C10) active. Updated for Claude Code, Cowork, MCP Connectors, and Computer Use.

This course is actively maintained. Content is updated as the security landscape evolves.

COURSE ASSESSMENT

End of Course Exam

Complete the course, then prove your skills under time pressure. Pass mark: 70. Earn your certificate with CPE credits.

40minutes
3phases
100points
1scenario
Take End of Course Exam

Requires 80% course completion. One random scenario per attempt. Certificate issued on pass.