Your Questions. Straight Answers.
You're evaluating whether this training will actually change what you can do at work — not just add a line to your CV. Here's everything you need to know about the platform, courses, labs, and pricing before you commit.
Written by practicing security engineers
·
34 courses
·
New modules added regularly
From $179/year (Premium) or $289/year (Specialist) — every course includes free modules. Compare tiers →
About Ridgeline
Platform & Content
What is Ridgeline?
Structured professional development for security practitioners at training.ridgelinecyber.com. 34 courses covering identity security, endpoint security, detection engineering, incident response, threat hunting, security architecture, offensive security, GRC, and more. Every course produces operational artifacts you deploy — detection rules, architecture decisions, investigation playbooks, and hardening configurations. No video. Text-based, code-first, built by practitioners.
Who is this for?
Anyone who wants to build operational security capability. M365 administrators taking on security responsibility. SOC analysts building specialist depth. Security engineers designing architecture and detection programs. IT professionals transitioning into security. Career-changers building a portfolio of production-grade artifacts. Every course includes free modules — evaluate the depth and decide if it's right for you. The Learning Paths page maps roles to recommended course sequences.
What format is the content?
Written content only — no video. Annotated KQL code blocks with line-by-line explanation, SVG diagrams, worked investigation scenarios, knowledge checks, try-it exercises, and downloadable assets. Written content is searchable, bookmarkable, and referenceable during live investigations at 2 AM. This is a reference library, not a lecture series.
How is this different from other security training?
Three things. First, every course produces operational artifacts you deploy to your own environment — architecture decisions, detection rules, investigation playbooks, hardening configurations. Not a sandbox that disappears. Second, the content is built from real operational experience — sanitized names, real methodology. Third, the format is text-based and code-first — searchable, bookmarkable, and referenceable during live work at 2 AM.
How much content is free?
Two complete courses are entirely free: Admin to Defender (8 modules) and Claude Essentials (11 modules). Every paid course includes 2 free foundation modules — no account required, no email gate. Plus all reference tools are free. Start reading and evaluate the depth before subscribing.
How often is new content published?
Courses are updated continuously. New modules and courses are added regularly. All updates are included in your subscription at no extra cost.
Labs & Prerequisites
Labs & Prerequisites
Do I need a lab environment?
The free modules can be read without any lab. For hands-on exercises in paid modules, the Lab Setup Guide walks you through a complete security operations lab — VMware, Windows 11, Ubuntu, M365 E5 developer tenant, Sentinel, and the full forensic toolchain. You build it once, and it stays on your machine permanently — one environment for every course, every investigation, every real incident. Total cost: free.
Do I need an M365 tenant?
For cloud-focused courses (Microsoft 365 Security Operations, Detection Engineering, Threat Hunting, Entra ID Security, Mastering KQL, Security Automation), yes — a free M365 developer tenant is required. The Lab Setup Guide covers this in detail. For IR and Linux IR, the M365 tenant is recommended but not required.
Do I need specific tools for the IR course?
The IR course uses free and open-source tools: KAPE, EZ Tools, Velociraptor, Volatility 3, THOR Lite, Hayabusa, RegRipper, and Sysinternals. The Lab Setup Guide includes installation instructions for every tool. No commercial forensic software is required.
What KQL experience do I need?
None for the Mastering KQL course — it starts from first query. For Microsoft 365 Security Operations, basic KQL familiarity helps but Module 2 covers the essentials. For the IR course, KQL is used in the cloud investigation modules (Phase 3) and the Mastering KQL free phase provides sufficient foundation.
Pricing & Billing
Pricing & Billing
How much does it cost?
Two tiers. Premium ($179/year) covers most courses. Specialist ($289/year) adds M365 Security Architecture, Purple Teaming, Applied Memory Forensics, and Advanced Windows Forensics. Two complete courses are entirely free. Every paid course includes free foundation modules. See the Pricing page for full details and monthly options.
Can I cancel anytime?
Yes. Cancel through the account page or the Stripe billing portal. Access continues until the end of your current billing period. No cancellation fees.
Do you offer team pricing?
Yes. Team subscriptions provide access for up to 5 users under a single billing account. See the Pricing page for details.
Can I get a refund?
Free modules are available in every course — assess the quality and approach before purchasing. See the Refund & Cancellation Policy for full details.
Technical
Technical
What browser do I need?
Any modern browser — Chrome, Firefox, Edge, Safari. The platform is a static site with no special requirements. Code blocks have copy buttons.
Can I access the content offline?
The platform requires an internet connection. However, all KQL queries, PowerShell scripts, and detection rules can be copied directly from the modules for offline use in your environment.
Who built this?
Security practitioners with over 15 years of experience in DFIR, detection engineering, and security operations across M365, Azure, Windows, and Linux environments. The content is built from operational experience, not vendor documentation. See the About page for full background.
The best way to evaluate is to read a free module.
Every paid course opens with free foundation modules. No account, no email, no gate. Read the content, run the queries, and decide if this is the depth that closes the gap between where you are and where you need to be. Questions? training@ridgelinecyber.com