Hey AI-CSL, The community is closing on June 25. Honestly: work and family need more of me right now. I'm spread too thin, and the community is one of the pieces stepping back, unfortunately. This was never my intention for the community and I ask for your forgiveness and patience through the transition. Before you go, here's what stays and what to do: The Wazuh AI SOC Lab is yours, free, public, on GitHub. Find it at https://github.com/joshbotz/wazuh-ai-soc-lab. It's yours to use, fork, or build on - no login, no paywall. If learning AI + security hands-on is what brought you here, this is the part worth keeping. An AI-agent (Mateo) leads you through the whole thing! Pretty cool stuff. Drop any questions in the community by June 20 and they'll get a real answer. Stay loosely in touch on LinkedIn. https://linkedin.com/in/joshbotz - that's the easiest way to reach me. Thanks for being part of this. If the lab helped you, drop a quick note below - I'd love to read it. Keep building! ~ Josh

Today’s Q & A call has been moved up by one hour to 9 AM MST. This is a great opportunity to ask about labs, show your work and request feedback from the group, and talk about career moves. Looking forward to seeing you there.

Quick one. Course 3 is live. Six lessons. Real AWS infrastructure. By the end, you'll have deployed a production-grade SIEM (Wazuh), plugged an AI layer into it (the Wazuh MCP server — 48 tools you talk to in plain English), and used both to investigate threats, hunt for persistent backdoors, and write a custom detection rule that produces audit-ready SOC 2 evidence. This is the lab where AI stops being a chat sidebar and starts being how you do the work. You'll ask your SIEM questions in plain English ("what happened on this server between 2 and 4pm?"), get structured answers back, verify them against the source, and act on them. You'll be paired with a senior SOC analyst persona who narrates the investigation as you go and adjusts depth to your experience level. Real AWS bills. ~$0.11/hr while running. Destroy when you're done. Nothing fake, nothing simulated, nothing you couldn't put on a resume. Courses 1 and 2 just got refreshed too. We rebuilt the on-ramp. Course 1 now puts Claude Code in your hands within the first 30 minutes, with a calibration step that tunes the AI to your real experience level — career switcher to senior practitioner, everyone welcome. Course 2 pairs you with a junior analyst character through every lesson so the AI-augmented workflow becomes muscle memory, not novelty. By the time you reach the SIEM lab, you spend 100% of your time on the actual security work, not on tool onboarding. If you've already done Courses 1 and 2 — head back. The new beats add about 20 minutes across both courses and they reshape everything that comes next. If you're just starting — begin with Course 1, and don't skip the calibration step in Lesson 4. It changes how every Claude response lands.

Most security training is watching someone else do the work. This isn't that. Pull down the new lab and in a couple of hours you'll have: - Stood up a production-shape Wazuh SIEM on AWS — 20 minutes, one script - Run a controlled attack and investigated the chain manually in the dashboard - Plugged an AI layer on top and re-run the same investigation in plain English - Hunted for the three persistence backdoors the CloudVault attacker left in Course 2 - Written a custom detection rule that fires live on your own terminal - Closed out a fresh incident with an evidence package for the SOC 2 audit That's a week of work for most real teams. It's a resume line most SOC analysts I talk to can't claim. It's the "I actually built that" answer nobody else has in interviews. "Start Here" and "AI Quick Wins" were the setup. This is the payoff — a real engagement where you stand up the SIEM, work the case, hunt what's left behind, close it out. If you haven't done the first two yet, run them first; ~30 minutes, and this one lands harder on the other side. You're working the case alongside an AI-powered senior SOC peer (Mateo) — he stays in character, teaches while you work, and gets out of your way when you've got it. Costs about a coffee in AWS compute. First public beta. If something breaks, feels off, or just confuses you — tell me: - #Build Questions here in Skool (fastest) - DM me - GitHub issues: github.com/botz-pillar/ai-csl-wazuh-lab/issues Repo: https://github.com/botz-pillar/ai-csl-wazuh-lab Go build. Tell me what you find. — Josh

I rebuilt the Start Here course from the ground up. Here's what's new. 🤖 Claude Code is the centerpiece. Every course is now built around Claude Code — an AI that reads your files, runs commands, and connects directly to security tools. You'll have it installed and running your first security analysis in under 45 minutes. 🧠 Your AI workspace now knows who you are. We're using an open-source project called ContextOS that gives Claude Code persistent context about your role, tools, and goals. Instead of re-explaining yourself every session, Claude already knows your situation — and it gets smarter as you move through the courses. Fork it here: https://github.com/botz-pillar/contextOS-personal 🏢 Meet CloudVault Financial. Every course now follows one engagement: securing a fictional wealth management firm with real security problems. Unmonitored AWS environment. 47 unreviewed findings. SOC 2 audit in 6 months. You're their new security lead. 🔍 Your first exercise is live. The last lesson has you analyze CloudVault's CloudTrail logs using Claude Code. Real findings buried in normal activity. At least one should make you very uncomfortable. Go run through it and post what you find in #🚀 Wins. 👇 👋 START HERE → in the Classroom