Your first week on the team. Ed promised you'd have time to settle in - that lasted about an hour. A routine phishing report just escalated into something bigger. Work alongside a real SOC team, investigate real evidence, and think like an analyst — not a test-taker.

Over 2-3 hours, go from watching the team work to working alongside them — learning SOC fundamentals through a single incident from first alert to containment.
Monday, 8:47 AM. Welcome to the team. Meet the crew, tour the SOC, and learn the tools. Ed says you picked a quiet week. He's wrong.
Tuesday, 10:15 AM. A Finance analyst reports a suspicious invoice. Tess calls it a 'teaching moment.' Then Eli checks his feeds.
Tuesday, 3:30 PM. One email. Six recipients. One of them clicked. Now you need to figure out what happened next.
Wednesday, 9:00 AM. They're already inside. Stolen credentials are being used across the network. Find out where and how far they went.
Thursday, 7:30 AM. Time to end this. Isolate the threat, find the persistence, and close out your first real incident.

@epiclead
15-year security veteran who started at help desk and worked his way up. Leads by example, not ego. When Ed says 'we've got this,' everyone believes it.

@techstack
10-year SOC veteran and technical mastermind. She architects the detection logic and knows every tool in the stack inside out.

@spfhardfail
Former email admin turned security analyst. She can spot a spoofed header from a mile away.

@campaigntrail
Always has the latest threat feeds at his fingertips. His contextual intel often breaks cases wide open.
Get looped in on what happened, from the people who caught it.
Analyze real evidence — emails, logs, endpoints, threat intel — and make the calls a real analyst would.
See how your read on the incident compares, and what happens next.
No setup, no VMs, nothing to install. 5 episodes, 25–50 minutes each.