Open the course with the line every student must internalize before they touch a tool: tools are not toys, permission matters, and 'I was just testing it' is not a legal defense.

Install the mental scaffolding the rest of the course rests on: CIA, AAA, least privilege, defense in depth, and the difference between threat, vulnerability, and risk.

Build the lab. Students leave this unit with a working virtual cyber range — Kali + a Windows target + a Linux target — and the muscle memory to snapshot, break, and roll back.

From 'wifi just works' to seeing the actual packets. Students leave this unit able to read a network diagram, run ping/traceroute/nslookup, and walk a Wireshark capture line by line.

Name the threat. Trace the attack. Students leave able to identify malware families, dissect a phishing email, recognize social engineering plays, and profile a threat actor.

Hashing, symmetric, asymmetric, signatures, certificates, and TLS — taught at the level a defender actually needs. No math degree required.

Hardening 101. Students harden a real Windows VM and a real Linux VM, audit accounts, configure a host firewall, and walk away with a defender's mindset.

The ethical hacking methodology, end-to-end, on a closed lab range. Students do their first reconnaissance, scan, enumeration, vulnerability identification, and write-up — all under written authorization.

How the modern attack surface actually looks: HTTP/HTTPS internals, cloud shared responsibility, IoT realities, mobile risk, and an honest first look at AI security.

The closer. Students assemble a portfolio, pick a capstone path, and prepare for the EC-Council Ethical Hacking Essentials credential. Plus a comprehensive review across all 9 prior units.

Reset the lab. Re-establish the rules. Diagnose where the class is in fact and where the class thinks it is. Ship out of Day 1 with a working, segmented, validated cyber range.

VLANs, segmentation, NAT, firewall rule design, IDS/IPS concepts, VPN, and zero trust at the level a defender actually uses. Students design and defend a segmented network.

From command-line literacy to administrator-grade fluency. Bash, PowerShell, services, scheduled tasks, logs, and the privilege boundary.

Build a complete OSINT picture of a fictional company without ever sending them a packet. Then validate your sources, document your methodology, and respect the line.

From recon to a defensible list of weaknesses with severity, evidence, and proof. Nmap, Nessus/OpenVAS, banner grabbing, service enumeration, and the discipline of validating every finding.

Where the ethics meet the keyboard. Authorized exploitation in the lab range only: Metasploit basics, password attacks against teacher-issued hash sets, post-exploitation concepts, and the discipline of stopping at proof-of-concept.

OWASP Top 10 deep dive with Burp Suite Community and OWASP Juice Shop. Students recognize, demonstrate, and remediate the top web vulnerabilities under signed RoE.

Live in the SOC chair. Triage alerts in a SIEM, write the ticket, hand it off, and learn the rhythm of a 24/7 operation.

When the alert is real. The IR lifecycle, evidence handling, memory and disk forensics fundamentals, and chain of custody.

Static analysis basics, dynamic analysis in a sandbox, and a deep dive on social engineering at the level needed to design awareness programs that actually work.

Beyond the data center perimeter: cloud shared responsibility done concretely (AWS / Azure / GCP), Wi-Fi attack categories, mobile threat models, and the IoT/OT realities that bite in 2025.

The skill that decides who runs the program. Risk math, frameworks (NIST CSF, ISO 27001, CIS), and the regulations students will actually meet at work (HIPAA, PCI DSS, SOC 2, FERPA, GDPR/CCPA).

The work product clients pay for. Executive summaries, technical findings, evidence, remediation, debriefs, and the soft skills that determine whether you're rehired.

Resume, LinkedIn, GitHub, certs, mock interviews, internship pipeline. The unit that turns a high-school cyber program into a hireable young professional.

The deliverable that ends the program. Pick one of four capstones (Red/Blue, SOC Investigation, Secure Enterprise Build, Pro Portfolio), present to a panel, and walk out hireable.

Open the AI course with the line every student must internalize before they ever paste a prompt: AI is a power tool, not an oracle. Cover what AI is, what it isn't, the school's AI policy, and the difference between AI assistance and AI plagiarism.

Crack open the box. Tokens, embeddings, attention, training vs. inference, context windows, and why the model hallucinates — explained at a level a 10th grader can teach back.

The single highest-leverage skill in AI work. Students learn the C.R.I.S.P. prompt frame, system vs. user roles, zero-shot vs. few-shot, format control, and the iteration loop that separates 'AI is mid' from 'AI is incredible.'

Past the fundamentals, into the techniques pros use daily: chain-of-thought, ReAct, role-play, self-critique loops, prompt chaining, and the personal prompt library habit that compounds over time.

Hands-on tour of the frontier: GPT, Claude, Gemini, and the open-weight challengers. Students compare strengths, context windows, pricing, safety behavior, and learn to pick the right model for the job instead of defaulting to whatever app they opened first.

Stop being a user. Become an operator. Install Ollama or LM Studio, download Llama / Mistral / Qwen / Phi, and run a real LLM on a laptop with the wifi turned off. The unit that changes how students think about AI.

From chatbot to product. RAG (retrieval-augmented generation) so the model has actual sources, function calling and MCP so the model can use tools, and agents that loop. Plus the honest conversation about when agents go off the rails.

AI that sees, hears, draws, sings, and lies. Image generation, voice cloning, video synthesis, deepfakes, and the cryptographic fight back: C2PA, watermarking, and provenance. The unit parents most want students to take.

The risks unit. Hallucination as a systemic feature, bias as a measurable property, privacy in the prompt era, and the security side: prompt injection, jailbreaks, data exfiltration, and model supply chain. Honest, calibrated, no doom and no hype.

Put it all together. Each student ships a working AI tool that solves a real problem in their life: a local-LLM study buddy, a prompt-library product, a RAG over their notes, or an image-gen workflow. Disclose, verify, contribute — graded for real.