Home / Cybersecurity + AI
// Path 01 — 3-level curriculum

Cybersecurity
+ AI.

SOC analysts, threat hunters, GRC teams, and security engineers. AI is reshaping how attacks are launched, detected, and governed — your domain expertise is the advantage.

// Skill progression
Prompt injectionBEG→ADV
RAG securityINT→ADV
Agent securityINT→ADV
GovernanceINT→ADV
Red teamingINT→ADV
EDUCATIONAL USE ONLY All security techniques on this page are for learning, authorized testing, and defensive purposes only. Always obtain explicit permission before testing any system. Personal views — not those of any employer.
// The curriculum

Three levels.
Learn. Then build.

Each level has specific topics to learn and a concrete artifact to build. The artifact is your portfolio deliverable — not a summary, an actual working output.

Beginner

Foundations & Risk Awareness

Learn how AI systems fail before someone exploits that failure in your environment.

↳ What to learn
  • What LLM applications are and how they process input
  • What prompt injection is and why it is a security risk
  • Hallucination: when AI confidently produces false outputs
  • Data protection: what you should never send to an AI tool
  • Why human oversight is a security control, not just policy
↳ What to build
  • Unsafe prompt catalog — 10+ real examples of prompts that expose sensitive data or can be injection-hijacked
  • Secure chatbot checklist — a one-page checklist for evaluating AI tools before organizational adoption
  • Risk summary memo — one page explaining AI risks to a non-technical stakeholder
Intermediate

Attack Surfaces & Defense Design

OWASP, RAG systems, APIs, identity — the attack surface for AI is larger than most security teams realize.

↳ What to learn
  • OWASP Top 10 for LLM Applications — all 10, one by one
  • RAG security: injection via retrieved documents
  • API and webhook security for AI-connected systems
  • Identity management: service accounts, least privilege
  • System monitoring and observability for AI pipelines
  • Secure deployment patterns and environment hardening
↳ What to build
  • Prompt injection lab — a local test environment with documented attacks and severity ratings
  • RAG data review checklist — what to audit before documents enter a retrieval system
  • Threat model — a full threat model for a real or hypothetical AI deployment
  • Security test plan — structured test cases for evaluating an AI product pre-deployment
Advanced

Governance, Red Teaming & Agentic Security

When AI can take real actions in real systems, the blast radius of a security failure grows dramatically.

↳ What to learn
  • Agentic AI security: agents that browse, write files, and call APIs
  • Multi-agent workflow risks and lateral movement patterns
  • AI penetration testing methodology
  • Supply chain vulnerabilities in AI tooling and models
  • Enterprise governance frameworks for AI deployments
  • Incident response and rollback for AI-related events
  • MCP security and identity misuse prevention
↳ What to build
  • Permission review — audit of tool access for an AI agent with least-privilege redesign
  • Red team report — structured findings from a red team exercise on a live AI deployment
  • Security ops runbook — incident response procedures for AI-related security events
  • Governance package — policy, controls, and audit log design for an org deploying AI
// Prompts to use right now

Copy. Paste.
Use today.

Replace everything in [brackets] with your specifics. These follow the Role-Goal-Context-Format structure.

// Prompt injection audit 
Role: You are a security researcher specializing in LLM vulnerabilities.
Goal: Review this system prompt and identify prompt injection risks.
Context: This will be used in a production AI assistant at [type of org, e.g. financial firm].
Format: Rate each risk [HIGH / MEDIUM / LOW]: [description]. One mitigation per risk. Max 10 risks.

[Paste the system prompt you want to audit here]
// AI system threat model 
Role: You are a cybersecurity threat modeler with expertise in AI systems.
Goal: Create a threat model for this AI system.
Context: System: [describe it]. Users: [who accesses it]. Data access: [what it can reach]. Integrations: [what it connects to].
Format: Use STRIDE categories. 3-5 threats per category. Rate each HIGH / MEDIUM / LOW. Flag top 3 for immediate action.
// Security awareness training examples 
Role: You are an AI security trainer.
Goal: Create 5 realistic prompt injection examples for a security awareness program.
Context: Audience: IT professionals who use AI daily but are not security specialists.
Format: Each example: (1) the attack prompt, (2) what the attacker wants, (3) why it is dangerous, (4) one prevention tip. Max 80 words per example.
// Career outcomes
Track 01
AI Security Engineer
Track 07
AI Red Teamer
Track 05
AI Governance Analyst
Track 08
AI Identity Security Engineer

Information security analysts: $124,910 median wage, 29% projected growth (BLS 2024).

All 8 career tracks →
// Interview questions for this path
  • What is prompt injection and how does it differ from SQL injection?
  • How would you threat model a RAG system with access to internal documents?
  • How do you prevent an AI agent from taking unauthorized actions?
  • What goes in an AI governance framework that is not in standard security policy?
  • How would you run a red team exercise on an LLM-powered product?
// Non-negotiables
  • Every AI deployment needs a threat model before go-live
  • Human oversight is a security control, not just a legal requirement
  • Log everything — you cannot investigate what you did not record
// What's next

Keep going.
Stack your skills.

Security professionals who combine AI security knowledge with automation and agent design skills are the most in-demand in the field right now.

🤖
Path 04
AI Agents

Understand how agents work so you can threat model them, red team them, and build governance policies that hold up in production.

Start →
Path 03
Automation + AI

Automate your security workflows — alert triage, report generation, threat intel enrichment — without compromising the human review gates that matter.

Start →
✏️
Path 05
Prompt Engineering

Write precise, testable prompts for threat analysis, incident reporting, and policy drafting. The security prompts that hold up in audits start with structure.

Start →
See all 8 career tracks + salary data →