Where Do You Want to Be in Six Months?

Each path ends with a specific operational capability you can demonstrate. Not "awareness of" — the ability to design, build, investigate, or detect in production. Pick the outcome you need, start with the free modules, and work through the sequence.

Written by practicing security engineers · 4 paths · 34 courses

From $179/year (Premium) or $289/year (Specialist) — every course includes free modules. Compare tiers →

Two tiers. Every path starts with free modules.

Premium $179/year · Specialist $289/year

Premium covers most courses. Specialist adds M365 Security Architecture, Purple Teaming, Memory Forensics, and Windows Forensics.

See Pricing & Compare Tiers →

Security Engineer Path

After this path, you design and operate the endpoint, identity, and detection stack across an M365 environment — with hardened endpoints, a documented CA framework, 71 production detection rules, and automated response playbooks.

8 courses · 70 modules · 8 free to start

Endpoint Security Engineering

MDE architecture, ASR rules, AV tuning, EDR, custom detections, forensic readiness, cross-platform.

16 modules · 2 free · Deployable ASR + detection stack

Entra ID Security Architecture

Conditional access, phishing-resistant MFA, token protection, PIM, workload identity, identity detection.

19 modules · 2 free · Production CA + PIM framework

Detection Engineering

Threat modeling, 71 KQL rules across 6 attack chains, testing, tuning, detection-as-code.

13 modules · 2 free · 71 production KQL rules

Security Automation

Sentinel playbooks, auto-containment, evidence collection, cross-environment orchestration.

14 modules · 2 free · Sentinel + Logic Apps playbooks

Start free — Endpoint Security Foundations →

Detection & Hunting Path

After this path, you build and operate a detection program with production KQL rules that catch real attacks, execute hypothesis-driven hunt campaigns, and automate response — threats that used to slip through don't anymore.

7 courses · 66 modules · 8 free to start

Mastering KQL

Every operator, join type, time-series pattern, and production technique — the query language that powers detection.

15 modules · 2 free · 68 production KQL exercises

Detection Engineering

Threat modeling, rule development, testing, tuning, detection-as-code, and coverage reporting.

13 modules · 2 free · 71 KQL rules + 6 attack chains

Threat Hunting in M365

Hypothesis-driven hunting — ten complete campaigns across authentication, OAuth, privilege escalation, and more.

17 modules · 2 free · 10 hunt campaigns + playbooks

Security Automation

Automate what you've built — playbooks triggered by detection rules, auto-containment with confidence thresholds.

14 modules · 2 free · Sentinel + Logic Apps playbooks

Start free — KQL Foundations →

Investigation & Response Path

After this path, you investigate incidents end-to-end across Windows, M365, Linux, and network evidence — from the first triage decision through forensic analysis to a report that holds up under legal scrutiny.

13 courses · 105 modules · 13 free to start

Incident Triage

The first 60 minutes — scope, preserve, and contain across cloud, Windows, and Linux.

16 modules · 2 free · Triage-to-containment playbook

Practical Incident Response

Windows and M365 forensics — KAPE, EZ Tools, Volatility 3, KQL. Ransomware, BEC, insider threat, APT.

20 modules · 2 free · 4 investigation scenarios

Practical Linux IR

Linux forensics — filesystem, memory, log analysis, container investigation, persistence, cloud VM incidents.

17 modules · 2 free · Linux forensic toolkit + labs

Network Detection and Forensics

Reconstruct attack chains from the wire — Zeek, Suricata, PCAP, DNS, TLS, NetFlow.

15 modules · 2 free · 5 network investigation scenarios

Start free — The Triage Problem →

New to Security Engineering

After this path, you've transitioned from IT administration into security engineering with M365 security foundations, KQL proficiency, and a deployed endpoint security stack — plus a portfolio of artifacts that prove it.

3 courses · 40 modules · first course 100% free

Admin to Defender

Complete M365 security course — MFA, conditional access, email protection, device compliance, monitoring, governance. Entirely free.

8 modules · 100% free · Security mindset + M365 foundations

Mastering KQL

The query language that powers every Microsoft security tool. Start with the free modules, then continue.

15 modules · 2 free · 68 production KQL exercises

Endpoint Security Engineering

Your first engineering course — build the endpoint security stack from OS internals through detection and response.

16 modules · 2 free · Deployable ASR + detection stack

Start free — Admin to Defender (100% free) →

Read a free module from the path closest to your goal.

Every paid course opens with free foundation modules — no account, no email, no gate. See the depth, run the exercises, and decide if this is the path that gets you where you need to be.

Start Free — No Account Needed Browse All Courses

Written by practicing security engineers · 34 courses · New modules added monthly · Cancel anytime