DAY 1 — Cybersecurity Foundations + AI/ML Basics
Module 1 — Cybersecurity Fundamentals
1.1 Core Security Principles
- CIA Triad (Confidentiality, Integrity, Availability)
- Threats vs Vulnerabilities vs Risks
- Attack surfaces
- Security layers (Network, Application, Endpoint, Cloud)
1.2 Modern Cyber Attacks
- Malware (virus, worm, ransomware, trojan)
- Phishing & social engineering
- DDoS attacks
- Man-in-the-middle
- Insider threats
1.3 Security Tools Overview
- Firewalls
- IDS/IPS
- SIEM systems
- Endpoint Detection & Response (EDR)
🔬 Lab: Analyze simulated attack logs
📋 Case Study: Enterprise ransomware incident
🤖 Module 2 — Foundations of AI & Machine Learning
2.1 AI & ML Basics
- What is AI, ML, Deep Learning
- Supervised vs Unsupervised learning
- Classification vs Regression
- ML lifecycle (data → training → evaluation → deployment)
2.2 Core ML Algorithms for Security
- Logistic Regression
- Decision Trees
- Random Forest
- SVM
- K-Means clustering
2.3 Evaluation Metrics
- Accuracy, Precision, Recall
- F1 Score
- ROC-AUC
- Confusion Matrix
🔬 Lab: Build basic phishing detection classifier
🔬 Lab: Anomaly detection using clustering
DAY 2 — AI-Powered Threat Detection & SOC Automation
Module 3 — AI for Threat Detection
3.1 Network Intrusion Detection
- Signature vs Behavior-based detection
- Feature engineering from network traffic
- Detecting DDoS using ML
🔬 Lab: Intrusion detection ML model
3.2 Malware Detection with AI
- Static analysis
- Dynamic analysis
- Feature extraction
- Deep learning basics for malware classification
🔬 Mini Project: Malware classification system
3.3 Phishing & Email Threat Detection
- NLP basics for phishing detection
- URL analysis
- Spam filtering
🔬 Lab: Build phishing email classifier
Module 4 — AI in SOC & Incident Response
4.1 AI-Powered SIEM
- Log aggregation
- Anomaly detection in logs
- Alert prioritization
4.2 Threat Intelligence Automation
- IOC extraction
- MITRE ATT&CK mapping
- Automated threat hunting
4.3 Incident Response Automation
- AI-assisted root cause analysis
- SOAR basics
- Automated playbooks
🔬 Lab: Build AI log anomaly detector
📋 Case Study: AI-assisted SOC workflow
Day 3: Advanced AI, Offensive Use Cases & Ethical Considerations
Module 5 — AI for Advanced Threat Detection
5.1 Behavioral Analytics (UEBA)
- User & Entity Behavior Analytics
- Insider threat detection
5.2 Fraud Detection Systems
- Transaction anomaly detection
- Feature engineering for fraud
5.3 Zero-Day Detection
- Unsupervised anomaly detection
- Isolation Forest
- Autoencoders (conceptual overview)
🔬 Lab: Insider threat detection simulation
Module 6 — Adversarial AI & AI Model Security
6.1 Adversarial Attacks
- Evasion attacks
- Data poisoning
- Model extraction
6.2 Defending AI Systems
- Model hardening
- Secure ML pipelines
- Robustness testing
6.3 Responsible AI in Security
- Bias in detection systems
- False positives vs false negatives
- Ethical AI in cybersecurity
🔬 Lab: Simulate adversarial attack
📋 Case Study: AI model compromise scenario
Module 7 — Cloud & Endpoint AI Security
7.1 AI in Cloud Security
- Cloud misconfiguration detection
- AI-driven monitoring
7.2 Endpoint Detection & Response
- Behavioral monitoring
- AI-driven ransomware detection
7.3 AI in Identity & Access Management
- Risk-based authentication
- Login anomaly detection
🔬 Lab: Build login anomaly detection model
FINAL CAPSTONE – AI-Powered SOC Simulation
Scenario:
You are a Security Analyst in a mid-size enterprise.
Tasks:
- Detect phishing campaign
- Identify insider anomaly
- Prioritize alerts using ML
- Create automated incident response plan
