
Meet the instructor, who blends professional experience as an architect with practical AI security and cybersecurity insights from Azure and Microsoft. He offers real-world, hands-on insights.
Explore how on-demand self-service, rapid elasticity, resource pooling, and measured service enable fast provisioning, production network access, and pay-as-you-go billing in cloud environments.
Explore public, private, multi cloud, and hybrid cloud models with Azure, AWS, and GCP, and see how enterprises use Azure Stack, AWS Outposts, and Google Anthos to run workloads.
The Azure global backbone links data centers worldwide with fiber and subsea cables, edge sites, and thousands of peering connections to ensure performance, fault tolerance, and disaster recovery.
Explore the shared responsibility model across on premises to IaaS, PaaS, and SaaS in Azure, illustrating what customers and Microsoft must manage from physical layer to data and identities.
Explore the Azure resource hierarchy, from management groups to subscriptions and resource groups, and learn how grouping by location, department, or criticality and sharing the same lifecycle shapes governance.
Explore Azure subscription types, including free credits for 30 days and student options without a credit card. Compare pay-as-you-go and enterprise agreements, focusing on the free option for demos.
Clarify how an Entra ID tenant, the identity provider, enables identities to access Azure resources in subscriptions and resource groups, and debunk the notion that subscriptions are tenants.
Define zero trust as a security strategy and mindset that verifies every action using identity and device health, enforces just-in-time access, and assumes breach to minimize blast radius.
Explore the microsoft security cosmos with a focus on cloud security, SOC, and CTI, leveraging Defender XDR, Defender for Cloud, Defender for Endpoint, and Microsoft Sentinel.
Learn how to defend a cyber kill chain using Microsoft security products, from phishing protection to data exfiltration, across Defender for Office, Defender for Endpoint, and Defender for Cloud Apps.
Gen AI uses machine learning to create text, images, and audio, employing generative adversarial networks, while raising ethical questions and showcasing applications such as ChatGPT, M365 Copilot, and Google Bart.
Define a large language model as a probabilistic predictor of the next token based on prior context, and clarify it has no feelings, guiding attention to the Mighty Atlas framework.
Learn how prompts interact with large language models to shape inputs, context, and tasks for accurate outputs, from simple questions to complex, structured queries about cyber threat intelligence.
Learn how ai models train on data to form a foundation model and adapt for use cases like analysis or object recognition, with cybersecurity examples like Microsoft Copilot for security.
Explore the lms architecture from user prompts through application services to the model and training data, including automation agents, plugins, and downstream services.
Explore why security matters in generative ai, safeguarding sensitive data, preventing breaches and unauthorized access, ensuring integrity, trust, and compliant, transparent practices through red teaming and data privacy.
Identify key threat vectors for GenAI applications, including prompt injection, data leakage, overreliance, data poisoning, supply chain risks, insecure plugins, and jailbreaks across data, usage, app, and platform layers.
Adversaries exploit generative AI to spread misinformation with fake images and news on social media, democratize cybercrime, and craft personalized phishing at scale through impersonation and voice fraud.
Understand how the AI shared responsibility model in Microsoft cloud splits duties across IaaS, PaaS, and SaaS offerings, clarifying customer obligations for training, policy, access, and governance.
Explore how Microsoft defines responsible AI, covering fairness, reliability, privacy, security, inclusiveness, transparency, and accountability to ensure safe, trustworthy AI applications.
Create an OpenAI account using the link in the video resources, then log in to access ChatGPT-4 for demos. You can also use GPT-3.5 and still get satisfactory results.
Register a free Portswigger account and access a pre-built vulnerable large language model for this lab. Explore four owasp top ten vulnerabilities with practical, real-world demos using the Portswigger llm.
Learn to create a free Azure subscription, compare free and pay as you go options, provide required personal details, then log in to portal.azure.com to start building in Azure.
AI security introduces Copilot for security, a generative AI powered tool that boosts defender efficiency with an assistive copilot for end-to-end incident response, threat hunting, intelligence gathering, and posture management.
Explore how prompting drives Copilot for security: from submitting a prompt, to context, planning, plugin influence, execution, and delivering a response, with guidance on good and bad prompts.
Explore copilot for security architecture. Understand the three pillars—organizational security data, threat intelligence, and copilot for security data—and how embedded and standalone experiences, plugins, and app commands drive prompts.
Explore extending Copilot for security with Microsoft and third party plugins, including Defender XDR, Sentinel, Entra, Intune, Purview, and Azure AI search, plus custom connectors via API, GPT, or KQL.
Understand privacy implications of Copilot for security: your data stays yours, isn't used for training, encrypted in transit and at rest, stored in the EU, and not shared with OpenAI.
Understand how authentication and RBAC shape Copilot for security: prompts run on your rights, plugins vary by your Copilot, Entra, and Azure RBAC roles, and license requirements limit capabilities.
Explore the standalone Copilot for security versus embedded Copilot in Defender XDR, Intune, and Purview, and assess which use cases suit each experience.
Understand copilot for security pricing by provisioning security compute units (skew) billed hourly, with three skus per hour recommended for exploration and examples around $4 per sku.
Identify onboarding requirements for Copilot for security, including an Azure subscription and an Entra ID tenant with roles and users, then provision SEUs to enable deployment.
Demonstrate deploying Microsoft Copilot for security by creating a resource group and configuring compute capacities in a chosen region, including cost awareness and deployment completion.
Explore how to set up and configure Microsoft Copilot for security, navigate the dashboard and prompts, use prompt books and plugins, and tailor security settings.
Learn to craft effective prompts for Copilot in security by defining objectives, providing context, and specifying format. Iterate prompts with prompt books to tailor for executives and defender services.
Monitor your SEO consumption with usage monitoring, view SKUs provisioned per hour, and filter by 24 hours, 3 days, 7 days, or a custom time range to see prompt usage.
Learn to generate and analyze Defender XDR sample alerts on a virtual machine, summarize incidents with Copilot, and produce executive, non-technical incident reports.
Explore the suspicious script analysis prompt book, including step-by-step explanation of the log4j2 exploit, indicators for detection queries, threat intelligence, and incident response recommendations.
Explore threat actor profiling with the promptbook in Copilot for security, summarizing Apt41 profiles, Mitre techniques, related articles, and practical mitigations.
Execute a vulnerability impact assessment workflow using defender threat intelligence and threat analytics to surface recent CVEs, assess public exploits, and map threats to actors like Sandstorm.
Demonstrates CTI prompts with Copilot to summarize recent threats, build actor profiles, and map tactics to MITRE techniques for energy and chemical sector detections.
Explore vulnerability management prompts with Copilot to fetch recent CVEs and threat analytics, then intersect Defender Threat Intelligence with your environment.
Identify adversary behavior and indicators of compromise through threat intelligence and threat hunting. Manage logs, develop SIM use cases and rules, and lead incident response, remediation, and root-cause investigation.
Understand the three-tier soc model, where automation handles commodity malware, tier one covers easier tasks, tier two addresses advanced threats, and tier three conducts proactive threat hunting and forensics.
Explore the NIST-inspired incident response process—preparation, detection and analysis, containment and recovery, and post-incident lessons learned—to prevent recurrence and reduce impact.
Learn how EDR, XDR, SIEM, and SOAR transform security tooling through behavior monitoring, centralized log management with Sentinel, and automated incident response using Logic Apps in the Microsoft ecosystem.
Explores ten high-value data sources for a siem in a soc, including firewall logs, ids/ips, edr, authentication logs, directory logs, proxy logs, and cloud and database logs.
Develop ten practical SIEM use cases from diverse data sources, including firewalls, Azure logs, and Defender XDR, highlighting firewall anomalies, non-standard ports, brute-force, rare logins, and web app attack patterns.
Identify ten data sources that maximize Microsoft Sentinel value within a Microsoft ecosystem, including Azure AD logs, M365 audit logs, Defender for Endpoint, and firewall logs.
Explore ten Sentinel analytic rules for Azure Firewall, Azure WAF, Azure Activity, Defender XDR for Endpoint, and Defender for Cloud, with KQL queries and tactics including exfiltration and SQL injection.
Leverage chatgpt to generate yara rules for malware identification and classification in digital forensics. Discover rule components—strings, patterns, and conditions—and how alerts in a sim can trigger.
Decode a base64 string to reveal a PowerShell reverse shell, analyze its steps, and propose mitigations like firewalls, IDS/EDR, and audits.
Develop ransomware incident response playbooks for a SOC using Microsoft Sentinel, Defender for Endpoint and Defender for Identity, and Azure workloads; emphasize preparation, containment, eradication, recovery, backups, and post-incident review.
Clarify the distinctions between intelligence, threat intelligence, and cyber threat intelligence, highlighting how adversaries leverage tactics, techniques, and procedures in cyber security.
Cyber threat intelligence channels knowledge about adversaries’ motivations, intentions, and methods to protect critical assets. It emphasizes tactics, techniques, and procedures to understand threat actor behavior for threat-informed defense.
Clarify threat actors, vulnerabilities, and risks, showing how threats exploit vulnerabilities to cause downtime, confidentiality breaches, or data integrity violations, with risk defined as impact times likelihood.
Threat-informed defense uses cyber intelligence to align missions with threat actors' motivations and TTPs, guiding detection and protection. It reframes how security operations focus on industry threats to strengthen defenses.
Explore tactics, techniques, and procedures (Ttps) in cyber threat intelligence, from high level actor objectives to detailed techniques and sub techniques, with reference to the Mitre Attack Framework.
Distinguish IOCs and IOAs as evidence of compromise versus attacker intent and behavior. Learn how IOCs are ingested into SIM, EDR, and XDR, while IOAs support threat-informed defense.
The pyramid of pain ranks how hard it is for attackers to change indicators from hashes and IPs to techniques, tactics, and procedures. Detect TPS to deter adversaries.
Explore three CTI sources: enterprise tools (paid), OSINT with free offerings and tools like VirusTotal and Shodan, and social media with IOCs and TTPs.
Leverage CTI to understand threat actors' motives, targets, and attack behaviors, enabling proactive defense, threat-informed incident response, risk management, and threat intel reporting with IOCs and TTPs.
Define indicators of compromise, collect and validate IOCs from threat feeds, and integrate them with security tools for incident response and threat hunting; connect IOCs to TTPs for contextual prioritization.
Explore threat hunting with hypothesis-driven and IOC-based approaches, then learn to generate KQL queries for Microsoft Sentinel using data sources like Azure Firewall and Azure Activity with IOC placeholders.
Define a vulnerability as any weakness in information systems or controls that a threat can exploit—software, people, hardware, or physical security—while noting CVEs cover only part of vulnerabilities.
Explore the common vulnerabilities and exposures (CVE) framework, including CVE IDs, description, data sources, and vendor announcements, using a Google Chrome vulnerability to illustrate CVSS scores and impact.
Explore the common vulnerability scoring system (CVSS) to rank vulnerabilities, compare CVSS scores across CVSS version 2 and version 3, and prioritize remediation with asset criticality in mind.
Explore how log4shell in log4j2 enables remote code execution by abusing log message lookups over LDAP, allowing an attacker to fetch and run malicious Java code.
Leverage chatgpt to analyze malware, reverse engineer log4shell exploits, identify CVE details, explain code line by line, and discuss security implications, mitigations, and threat actors.
Discover heartbleed, a 2014 vulnerability in openssl's heartbeat that allows remote attackers to read memory and expose private keys and master keys.
Analyze the Heartbleed vulnerability through a Python proof-of-concept exploit, detailing memory disclosure in the OpenSSL TLS heartbeat extension, and outline simple mitigations and patches.
Explore the EternalBlue zero-day SMB vulnerability, traced from the NSA origins to the Shadow Brokers, its patch by Microsoft, and its role in WannaCry and NotPetya.
Analyze the eternalblue ms17-010 SMB exploit to understand privilege escalation, lateral movement, wormable spread, and mitigations like patching, segmentation, hardening, and Lazarus group activity.
This course contains the use of artificial intelligence.
AI Security by Christopher Nett is a meticulously structured Udemy course aimed at IT professionals seeking to master AI Security.
This course systematically walks you through the initial basics to advanced concepts with applied case studies. You will gain a deep understanding of the principles and practices necessary for AI Security.
Key benefits for you:
Basics - Azure: Learn the fundamental concepts of Microsoft Azure, including its core services, security, and governance best practices.
Basics - Microsoft Security: Explore Microsoft’s security ecosystem, including tools and frameworks designed to protect cloud and on-premises environments.
Generative AI: Understand the principles of generative AI, its applications, and its impact on cybersecurity and enterprise risk management.
Cybersecurity for GenAI: Examine the unique security challenges posed by generative AI and strategies for mitigating risks in AI-driven environments.
Microsoft Security Copilot: Discover how Microsoft Security Copilot leverages AI to enhance security operations, threat detection, and incident response.
ChatGPT for SOC: Learn how ChatGPT can assist Security Operations Centers (SOC) with automated threat detection, investigation, and response.
ChatGPT for CTI: Explore how ChatGPT can enhance Cyber Threat Intelligence (CTI) workflows by analyzing and summarizing emerging threats.
ChatGPT for Vulnerability Management: Understand how ChatGPT can support vulnerability management efforts, from risk assessment to remediation guidance.
ChatGPT for Application Security: Learn how ChatGPT can assist in securing applications by identifying vulnerabilities and improving security best practices.
OWASP Top 10 for LLMs: Analyze security risks specific to large language models (LLMs), including data poisoning, adversarial attacks, and prompt injection.
Other Risks for GenAI: Examine additional risks associated with generative AI, such as misinformation, ethical concerns, and regulatory challenges.
Threat Modeling for GenAI: Learn how to apply threat modeling techniques to generative AI systems to identify and mitigate potential security threats.
MITRE ATT&CK and MITRE ATLAS: Explore how the MITRE ATT&CK and ATLAS frameworks help map adversarial AI threats and develop defensive strategies.
Securing AI with Defender for Cloud: Understand how Microsoft Defender for Cloud enhances AI security by monitoring, detecting, and mitigating AI-related threats.
This course contains promotional materials.