Your first week was supposed to be easy.
Your first week on the team. Ed promised you'd have time to settle in - that lasted about an hour. A routine phishing report just escalated into something bigger. Follow the full incident arc from first alert to containment — no theory dumps, no VM setup.

Over 2-3 hours, go from watching the team work to working alongside them through a single incident that keeps escalating.
Monday, 8:47 AM. Welcome to the team. Meet the crew, tour the SOC, and learn the tools. Ed says you picked a quiet week. He's wrong.
Tuesday, 10:15 AM. A Finance analyst reports a suspicious invoice. Tess calls it a 'teaching moment.' Then Eli checks his feeds.
Tuesday, 3:30 PM. One email. Six recipients. One of them clicked. Now you need to figure out what happened next.
Wednesday, 9:00 AM. They're already inside. Stolen credentials are being used across the network. Find out where and how far they went.
Thursday, 7:30 AM. Time to end this. Isolate the threat, find the persistence, and close out your first real incident.
Get looped in on what happened, from the people who caught it.
Analyze real evidence — emails, logs, endpoints, threat intel — and make the calls a real analyst would.
See how your read on the incident compares, and what happens next.
No setup, no VMs, nothing to install. 5 episodes, 25–50 minutes each.