Understanding before acting
Duration: 2–3 days
Before this course tells you what to do, it needs to tell you what's happening. This module covers the landscape — how AI has changed the threat environment for everyday users, not at the level of nation-state actors and advanced persistent threats, but at the level of the phishing email that arrives in your inbox and the deepfake video call that seems to be from your CFO. You'll learn why the detection rules you may have relied on no longer work, where the real risk is concentrated, and what habits actually matter. The goal is not to make you paranoid. It's to make you accurate.
Lessons
-
This Course Doesn't Make You Secure — What security awareness is — and what it isn't. The meta-lesson: why partial knowledge can be more dangerous than no knowledge, and what this course actually delivers.
-
AI-Generated Phishing and Social Engineering — Why the old detection rules don't work anymore. How AI has eliminated the tells that used to catch phishing, and what verification habits do work.
-
Deepfakes and Synthetic Media — Context before content — the only verification habit that scales. What synthetic media is, what's currently possible, and how to think about it.
-
Speed, Scale, and the Machine Threat — Why "I'm not important enough to be targeted" is the wrong frame. How AI has changed the economics of attacks, and why consistent baseline habits matter more than you might think.
Module 1 Exercises
After completing the lessons, work through the Module 1 Exercises — calibrating your threat picture and building a personal threat model relevant to your specific situation.
What This Module Doesn't Cover
- Nation-state threat actors and advanced persistent threats
- Technical forensic analysis of synthetic media
- The full history of social engineering
- How to build deepfake detection into an organization's systems
- Comprehensive security architecture or compliance frameworks
If any of these are relevant to your role, the resources in Module 4 point to where to go next.