Community
Classroom
Calendar
Members
Map
Leaderboards
About
4d β€’ πŸ”” Updates
πŸ›‘οΈ Course 3 is LIVE β€” Wazuh + AI Threat Hunt
Quick one.
Course 3 is live. Six lessons. Real AWS infrastructure. By the end, you'll have deployed a production-grade SIEM (Wazuh), plugged an AI layer into it (the Wazuh MCP server β€” 48 tools you talk to in plain English), and used both to investigate threats, hunt for persistent backdoors, and write a custom detection rule that produces audit-ready SOC 2 evidence.
This is the lab where AI stops being a chat sidebar and starts being how you do the work. You'll ask your SIEM questions in plain English ("what happened on this server between 2 and 4pm?"), get structured answers back, verify them against the source, and act on them. You'll be paired with a senior SOC analyst persona who narrates the investigation as you go and adjusts depth to your experience level.
Real AWS bills. ~$0.11/hr while running. Destroy when you're done. Nothing fake, nothing simulated, nothing you couldn't put on a resume.
Courses 1 and 2 just got refreshed too.
We rebuilt the on-ramp. Course 1 now puts Claude Code in your hands within the first 30 minutes, with a calibration step that tunes the AI to your real experience level β€” career switcher to senior practitioner, everyone welcome. Course 2 pairs you with a junior analyst character through every lesson so the AI-augmented workflow becomes muscle memory, not novelty. By the time you reach the SIEM lab, you spend 100% of your time on the actual security work, not on tool onboarding.
If you've already done Courses 1 and 2 β€” head back. The new beats add about 20 minutes across both courses and they reshape everything that comes next.
If you're just starting β€” begin with Course 1, and don't skip the calibration step in Lesson 4. It changes how every Claude response lands.
Three things to do right now:
1. Open Course 3 β†’ Lesson 1. The cost-awareness setup happens before anything else.
2. Set your AWS Budget alert. Non-negotiable. Two minutes.
3. Block 2-3 hours for the deploy + first phase. Once you start, the rhythm matters.
If you run into any trouble, use the lab documentation, ask Mateo, or post in #πŸ—οΈΒ Build Questions. When you finish your first investigation, post in #πŸš€ Wins. I want to see what you build.
This is the lab you can talk about in interviews. Let's build.
β€” Josh
P.S. By the time you finish Course 3 you'll have an audit-ready evidence package, a custom detection rule, and a documented investigation. If you've wanted a portfolio piece that says "I deployed a SIEM, hunted threats with AI, and produced SOC 2 evidence" β€” this is that.
2
0 comments
Josh Botz
3
πŸ›‘οΈ Course 3 is LIVE β€” Wazuh + AI Threat Hunt
AI Cloud Security Lab
skool.com/cloud-security-lab
Learn cloud security using AI by building real cloud labs, security programs, and portfolio artifactsβ€”not just studying for certifications.
Cloud Security Lab
YouTube Channel
Leaderboard (30-day)
1
Gary Collins
+13
Powered by