<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=325921436538399&amp;ev=PageView&amp;noscript=1">
Skip to the main content.

Create an account on our custom learning platform, Foundry™, to access our free and premium content.

Create Free Account


New call-to-action





The Why Behind the Course

This course emerged from the frustration with bloated Detection Engineering education, brimming with superfluous history and irrelevant content. Our mission is clear: to equip you with the knowledge required for instant contribution to a Detection Engineering team. No need for five courses, twenty books, or a multitude of blogs - we’ve got you covered.

Early Access Available Now!

The early access price will be $225 for a limited time with 48 lab hours, and two DE1 Exam attempts included. The course will go up to $399 upon full release toward end of Q2. The first several modules are available now as of April 5th, with subsequent modules released every month until full release.

Course Description

Acquire the essential skills to become a valuable asset in a detection engineering program. Our aim is not to teach you the basics of Cybersecurity, but rather to delve deeper into those concepts. From mastering regular expressions and analyzing log files to creating powerful detections, we will guide you every step of the way.

Building upon the foundations laid in the first half, you will become an indispensable member of a detection engineering program. Malware Analysis? We've got you covered. Attack Emulation? We've got that too.

Discover why these skills are crucial for a seasoned detection engineer and learn how to seamlessly integrate them into a Detection-as-Code pipeline.

Learning Outcomes

  • Be able to create advanced detection logic utilizing the full detection life cycle, regular expressions, correlations, and several rule formats capable of being placed in production environments.

  • Increased capability and confidence in malware analysis and adversary emulation skills to be used in creation of detection logic.


  • Level Effect’s Cybersecurity Fundamentals courses starting with IT

  • 1+ years of professional experience in technology, preferably Cybersecurity

  • Hobbyists with a solid understanding of Cybersecurity - preferably skills and familiarity with completing extracurricular activities on platforms such as Blue Team Labs and HackTheBox









Course Author

Name: Tallis Jordan of Team Ghost (LinkedIn)

Positions Held: Lead Incident Response, Threat Detection Engineer, Purple Team Engineer, and Senior Threat Hunter

Experience: SOC Prime (Detection Specialty), Nuspire (MSSP), Army (Federal), 2K (Internal Security)

Volunteer Work: Director of Operations @ VetSec




Author Origin Story

Get to know more about Tallis Jordan, the course author and his journey into Detection Engineering, and why he decided a course like this needs to exist in the training landscape.



Discord AMA 

Check out the recording from our live event we hosted where our community had a chance to ask anything and everything about Detection Engineering with the author and our team!


Course Features

Entirely Practical Exam

We offer a unique and comprehensive practical exam unlike any other. Our exam includes practical application, multiple detections from various log sources, and thoroughly reviewed by the course author  - not automated.

Real Malware

We utilize real malware that utilizes techniques you will see in the wild to teach our concepts and not just CTF or canned scenarios. You'll also find custom malware on the exam made by the course authors that you won't find online - this ensures exam integrity.

Tools of the Trade

Dive into a vast array of powerful tools in this comprehensive course, with over 17+ tools at your disposal. From FLOSS and HxD to Hidra, Wireshark, tshark, pySigma, Zeek, PEStudio, INetSim, RegShot, x64dbg, Caldera, and C2 Frameworks, and more

Experienced Authors

Our authors boast a combined experience of over 4.5 years in distinguished roles within the realm of senior detection engineering, and certifications on top. This isn't a theory course to memorize and then forget - it has been exclusively crafted by and for professionals in the field of detection engineering.

Cyber Range

Experience the power of a fully equipped cyber range, right at your fingertips. Accessible through any browser, our private cyber range offers a curated selection of cutting-edge machines, including REMnux, FLARE, Kali, an Analyst Workstation, ELK, and even a small enterprise network. 

Exclusive Access

Gain exclusive access to a private Discord community as well as repository packed with cutting-edge detection logic crafted by both students and instructors. Join forces with a talented and vibrant community to collaborate and enhance your skills long after the course concludes.

Explore the Curriculum

Learning Modules

Develop the skills for cybersecurity threat detection and analysis over 10 modules, learning how to create sophisticated detection strategies for a wide range of cyber threats, both in network traffic and endpoint security. 


Trick your samples with a taste of their own medicine, serving phantom files and fake responses. Well, well, well, how the turntables.


Think like an attacker, analyze your own behavior, and outsmart the techniques they're all so proud of.


Learn how to dissect the behaviors and innards of maliciousness; lay their intent in the open.

Detection Engineer 1 (DE1) Exam

  • Prerequisites: completion of Detection Engineering 100 and associated labs OR 1+ year(s) of experience in a threat role (Threat Hunter, Threat Detection Engineer).

  • You will receive custom pieces of malware, as well as a specified technique to emulate, at the beginning of this exam and work to move through the detection life cycle in the range; from identification, emulation, testing, utilizing a CI/CD pipeline, and submitting documentation for your work. You will be responsible for creating detection logic for all malware samples, attack emulations, and the report in the range. However, this must be a full repertoire of detection logic covering all possible log sources and compatible platforms (i.e. Yara, Sigma, Windows Event Logs, Sysmon, etc).

  • The CI/CD pipeline will be Github. This will encompass a private repository of detection logic made by the students, accessible to ALUMNI ONLY.

  • Your detection logic must be submitted in the correct file formats in a working capacity for review by the course author.

DE1 Badge _ Resized



His technical expertise in Cybersecurity and professionalism has provided me with a role model. His mentorship has helped me achieve my goals of making it into the industry - saving me enormous amounts of time with his guidance.
Travis S.
SOC Analyst
Tallis embodies the pinnacle of mentorship and leadership. He has guided me and pushed me to new heights; his confidence in me ignited a flame of pursuit towards achievement I never knew I possessed.
Brendan B.
Software Engineer
He has exposed me to an arsenal of skills and tools, guiding me through learning exploit development and reverse engineering. He doesn't hesitate to jump in and help when you get stuck either, no matter what it is.
Patrick W.
Threat Hunter
He readily shares his expertise, benefiting not only me, but everyone around him. I'm grateful for the opportunity to learn from him and value his organic guidance in order to advance my career.
Richard C.
Student of Cybersecurity

Course Cost


The course will have multiple purchasing tiers upon release. These tiers will meet the different needs of each student (i.e. course purchase with exam attempt, etc) and will soon be listed on the course page. 

We are also working on getting regional pricing so that it is affordable to the rate of your residence/citizenship. More details on this coming later!


Frequently Asked Questions

Do you what have it takes to detect the threats?