Isherwood Security

Learn Detection Engineering!

Detection Engineering can be an intimidating field to dive into. With this training program, you can built the skills and portfolio to help land that new job!

Meet the Instructor

Anthony Isherwood

I bring over 9 years of hands-on cybersecurity experience, progressing from frontline SOC analyst to senior management roles. I've built and led high-performing detection engineering and security automation teams, implemented cutting-edge SOAR platforms, developed AI-enhanced security processes, and grown teams by over 500%. With deep expertise in threat detection, malware analysis, and security automation—backed by elite certifications including OSCP, GREM, and GMLE, I've transformed security operations at scale and now share these battle-tested skills and strategies with cybersecurity professionals looking to advance their careers.

Hands on Experience

No matter what skillset you bring to the table, I back up theory with easy to follow, practical lab exercises.

Experienced Instructor

I have years of cybersecurity experience, advancing from SOC analyst to senior management roles at major enterprises and hold several highly sought after certs like the OSCP, GREM, and GMLE.

High ROI Potential

 I wholly advise the "learn more, earn more" concept, and Detection Engineering is a great cybersecurity niche to elevate your career and compensation.

Our students love the course 

Anthony Isherwood is next level when it comes to explaining complex detection engineering concepts. He clearly knows what he’s doing and how to teach it. If you want to build a strong foundation in this area, his guidance is gold.
Roger Bergling, blog.invid.eu
Anthony did so many things to make this course a 5-star experience for me. First, I felt like I was on the job and he was tutoring me, which is an excellent way for me to learn...He shows and explains so many little details that someone with his expertise probably takes for granted and doesn't even think about any more but is crucial for a noob like me to hear. The course is also designed in a satisfying, logical progression. 
KIP BOyle, cr-map.com
Just completed Anthony Isherwood's Detection Engineering course. It's truly been one of the most fun and rewarding online courses I've taken! Action-packed and filled to the brim with hands-on material. Check it out if you want to learn more about building detections.
Michael Busbee, Linkedin

Tried and Tested

Thousands of students have already transformed their careers with this course. They're breaking into detection engineering, climbing the corporate ladder, and landing new jobs.

Learn Detection Engineering Theory

Build your cybersecurity expertise from the ground up. You'll dive deep into Security Operations and Detection Engineering fundamentals—covering everything from security roles and SIEM to MITRE tactics and proven detection workflows that actually work.

Lab Setup

Next, you'll construct your own security playground using professional tools like Elastic, Zeek, and Parrot Linux. Build multiple VMs and experience cybersecurity from both angles: launch attacks and defend against them.

SIEM Configuration

Next comes SIEM mastery. You'll get an inside look at how these powerful platforms work, then configure logging for your entire home lab. Watch as every command and connection flows into your SIEM in real-time. This is where cybersecurity gets exciting!

Attack Scenarios

Here's where theory meets reality: three attack scenarios of increasing complexity. Execute each attack, dissect the resulting logs, and build the detections that security teams need to stop these threats. You'll see the complete attack-to-detection lifecycle.

Atomic Red Team

Time for detection validation! Master Atomic Red Team to create automated unit tests that prove your detections fire when they should. Build confidence in your security rules with repeatable, reliable testing.

Detection Format Standards

Next up: detection standardization that pays off big. Design a format standard with consistent fields and metadata that will make automatic SIEM syncing a breeze when we tackle it later in the course.

SIEM API

Now you'll speak your SIEM's native language: APIs. Learn to retrieve detections, deploy new alerts, and modify existing rules directly through code. This is the foundation that makes detection automation possible.

GitHub - Detection as Code

The grand finale: your fully automated detection pipeline! Merge all your previous work into a seamless workflow that validates every detection and pushes directly to your SIEM. You've just built enterprise-level automation from scratch.

Metrics

The final piece: detection program visibility! Track meaningful metrics and generate dynamic MITRE Navigator heatmaps that highlight your coverage gaps and wins. Your automated pipeline now delivers both protection and proof of effectiveness.

Courses

Frequently asked questions

What can you offer that I cannot get at other online schools?

This content is coming from someone who has actively built a variety of security functions at major companies. 

Is this an Entry Level course?

While some of the topics in the course are more intermediate or advanced, the course starts at the beginning with foundational concepts and works your way up in difficulty. 

Do you offer any discounts?

The current price for this course is an already reduced price that celebrates the launch of this online school.

Do I need to have SOC experience?

No! You can take this course as long as you have a familiarity with virtualization and cybersecurity concepts. Any SOC knowledge will be a great foundation to build on but definitely not required.
Created with