This repository contains solutions to public threat response scenarios originally presented by Red Canary. These were completed independently as part of a broader effort to sharpen threat modeling, incident triage, and communication under pressure. Each response was crafted with clarity, precision, and executive-level framing in mind โ simulating real-world constraints and stakeholder dynamics.
Each scenario demanded a mix of technical depth and customer-facing clarity. I approached these like real incidents, prioritizing:
-
Customer-first response before diving into remediation
-
Clear, executive summaries followed by tactical details
-
Restraint โ no unnecessary complexity or showboating
-
These exercises werenโt hypothetical to me โ they were live reps under realistic pressure.
-
Threat triage and incident prioritization
-
Detection engineering mindset
-
Security tooling strategy (EDR, SIEM, SOAR, cloud native tools)
-
Executive communication and cross-functional thinking
-
Alignment with MITRE ATT&CK and real-world TTPs
These scenarios were publicly available and designed to showcase candidate thinking. This repo reflects original work based on open prompts, shared for transparency and to model effective security reasoning.
Start with any scenario. Each one includes:
-
A high-level response (customer/stakeholder framing)
-
Technical breakdown and remediation plan
-
Reflections where applicable