Learning Paths
Not sure where to start? Choose the path that matches your current role and goals. Each path is a recommended sequence of courses and modules — with the free content clearly marked so you can evaluate the platform before committing.
A SOC analyst who can triage alerts but wants to investigate end-to-end, write detection rules, and produce IR reports.
1Mastering KQL — Phase 1 Modules 0–3 · 15 hours
Free 2M365 Security Operations — Free modules Modules 0, 1, 6 · 15 hours
Free 3Mastering KQL — Phases 2–4 Modules 4–13 · 35 hours
Premium 4M365 Security Operations — Full course Modules 2–16 · 60 hours
Premium 5SOC Operations Modules 0–12 · 50 hours
Premium What you build: Detection rules, investigation playbooks, IR report templates, hardening checklists, a threat hunting query library, and a complete operational framework.
Start Free — Mastering KQL Module 0A security analyst or SOC team member who wants to specialise in writing, testing, and maintaining detection rules.
1Mastering KQL — Complete course Modules 0–13 · 50 hours
Phase 1 free 2SOC Operations — Detection modules Modules 0–6, 12 · 50 hours
Premium 3SOC Operations — Automation & metrics Modules 10–11 · 15 hours
Premium What you build: Complete KQL mastery, production detection rules across 4 domains, detection-as-code methodology, and a threat intelligence integration.
Start Free — Mastering KQL Module 0An IT administrator managing an M365 tenant who has been told "you're also responsible for security now."
1M365 Security Operations — Free modules Modules 0, 1, 6 · 15 hours
Free 2Mastering KQL — Phase 1 Modules 0–3 · 15 hours
Free 3M365 Security Operations — Full course Modules 2–16 · 60 hours
Premium What you build: Complete understanding of the M365 security stack, KQL investigation skills, and the ability to configure, investigate, and report within Defender XDR and Sentinel.
Start Free — M365 Module 0A security manager who needs governance frameworks, team processes, and the ability to measure and improve team performance.
1Claude for Security Professionals Modules 0–10 · 25 hours
Premium 2SOC Operations Modules 0–1, 7–12 · 40 hours
Premium 3Claude Field Guide All modules · 4 hours
Free What you build: AI governance framework, acceptable use policy, team deployment playbook, SOC charter, operating model, IR documentation standards, metrics dashboard, and threat intelligence programme.
Start Free — Claude Field GuideAn experienced security professional who wants to integrate AI into investigation, detection, documentation, and governance workflows.
1Claude Field Guide All modules · 4 hours
Free 2Claude for Security Professionals Modules 0–10 · 25 hours
Premium What you build: Investigation prompt library, AI-assisted detection engineering pipeline, IR documentation capability, automation scripts, compliance automation, governance framework, and adversarial AI defences.
Start Free — Claude Field GuideEvery path includes free starting modules. Evaluate the content quality and depth before subscribing.
