Three-day applied cyber workshop
A workshop design that moves a cohort from manual threat analysis to a working, AI-augmented security platform they build themselves in a day.
Presented as structure and outcome only. No client, partner, sponsor, or participant detail appears here, by design.
The arc
Day one is analog: small groups work fragmented logs from a fictional ICS intrusion, map observed behavior to a standard attack framework, then design concrete detections and defense-in-depth controls. AI enters only at the end, as a validation layer over human work.
Day two is hands-on engineering: progressive guided labs in Python notebooks on individualized cloud instances, with an AI assistant present to unblock technical obstacles.
Day three inverts the room: teams each build one service of a working security-operations platform against a shared message contract — protocol agreed first, code second — culminating in a live integrated demo and a take-home methodology pack authored by the participants themselves.
Why it works
Scenario-driven: every exercise is a realistic problem, solved by hand first and audited with AI second. The final day asks the only question that matters now — how would you build this with AI, and how would you audit that build? The cohort leaves with working software and a transferable method.
What Sanctum delivered
The full curriculum, the lab environment and notebooks, the capstone protocol and scenario, and live delivery. Presented here as structure and method only.