Blackbox Intelligence Group
Sign in
← All modules

Cybersecurity II · Module 15

Cybersecurity II, Unit 15: Capstone Project

The deliverable that ends the program. Pick one of four capstones (Red/Blue, SOC Investigation, Secure Enterprise Build, Pro Portfolio), present to a panel, and walk out hireable.

Length
600 min
Level
advanced
Track
Cyber II
Cadence
Semester 2

Career paths

SOC Analyst
Unlock this module →Request a review copyTry the free pack

Download 1-page brochure (PDF)·Share with admins, parents, or your CTE director.

What's in the lesson pack

Everything you need to teach this period.

Built by an OSCP-certified instructor who teaches this material every week. Print-ready, classroom-tested, copy-paste-able.

Teacher Guide

Locked

Lesson at a glance, learning objectives, vocabulary, pacing, mini-lessons, and discussion notes.

In-browser presenter

Locked

Full themed slide deck you can run live from your laptop. Speaker notes built in. Works offline once loaded.

PowerPoint (.pptx) export

Locked

Editable slide deck for districts that mandate PowerPoint or want to customize for their LMS.

Module overview

The full lesson plan, public.

Read everything before you commit. The plan, objectives, vocabulary, standards alignment, and pacing are open. Only the print-ready deliverables are gated.

Unit 15: Cybersecurity II Capstone Project

Lesson at a glance

| Item | Detail | | --------------------- | --------------------------------------------------------------------------------------- | | Suggested length | 10 × 60 minutes (final two weeks) | | Recommended placement | Weeks 21–22 | | Prerequisite | Units 1–14 | | Materials | Capstone option packets, panel rubric, presentation slides template, signed RoE on file |

Safety: Capstone work is performed within the lab range under signed RoE. No external systems. No personal data. Teacher conferences mandatory at midpoint.

Standards & credential alignment

  • VA CTE Cybersecurity Capstone standards.
  • NICE Workforce Framework - work-role-aligned demonstrations.
  • OffSec PEN-100 / SOC-100 breadth demonstration.

Learning objectives

By the end of the capstone, students can:

  1. Plan, scope, execute, and document a substantial cybersecurity project.
  2. Present findings to a panel of professionals (mock or real).
  3. Defend technical choices and respond to pushback.
  4. Tie capstone work to an explicit career direction.

Capstone options (pick one)

Option A - Red Team / Blue Team Simulation

Two teams. One attacks the lab range under written RoE. One defends with the SIEM and IR playbook. Teacher referees.

Deliverables:

  • Attacker pen test report (Unit 13 standard).
  • Defender incident report + timeline (Unit 9 standard).
  • Joint after-action report: what worked, what got missed, what the playbook should change.

Option B - SOC Investigation

Teacher provides a curated incident dataset (logs, packet captures, memory image, disk artifacts). Solo or pair.

Deliverables:

  • Triage notes.
  • ATT&CK-mapped timeline.
  • IOC list.
  • 8–12 page incident report.
  • 7-minute panel presentation.

Option C - Secure Enterprise Build

Design and build a small enterprise from scratch in the lab:

  • Active Directory or Azure AD lab.
  • Three workstations, one server, one firewall.
  • Hardened to a documented baseline (CIS or in-house).
  • Monitoring (Wazuh or Security Onion).
  • A tested IR runbook for one incident type.
  • A written 5-page architecture rationale + threat model.

Deliverables:

  • Architecture diagram.
  • Hardening checklist with evidence.
  • Threat model.
  • Demo + 7-minute walk-through.

Option D - Professional Portfolio

A polished public portfolio that wins the first job:

  • 5+ written, sanitized lab write-ups.
  • 1 long-form post (technical deep-dive).
  • A working personal site (GitHub Pages OK).
  • A 60-second introduction video.
  • A complete LinkedIn profile + resume.
  • A 24-month plan (refined from Unit 14).

Deliverables:

  • Live URL of portfolio.
  • Resume + LinkedIn snapshot.
  • 7-minute presentation that walks the panel through the portfolio.

Pacing - full unit (10 days)

| Day | Focus | | --- | -------------------------------------------------------- | | 1 | Capstone selection + scoping document | | 2 | Plan + RoE / authorization sign-off | | 3–4 | Deep work block 1 | | 5 | Mid-point conference with teacher (mandatory) | | 6–7 | Deep work block 2 | | 8 | Draft deliverable + dress-rehearsal presentation to peer | | 9 | Final revisions + presentation polish | | 10 | Panel presentations + portfolio submission |

Day 1 - Scoping document (mandatory before continuing)

Each student submits:

# Capstone Scoping Document
## Option (A/B/C/D):
## Why I picked this option:
## Specific deliverables (list):
## Tools / environment:
## Authorization / RoE statement:
## Definition of done (specific, measurable):
## Risks / dependencies:
## Daily plan (Days 3–9):
## Presentation outline:

Teacher signs off in writing before Day 2 work proceeds.

Day 5 - Mid-point conference (mandatory)

15-minute 1:1 with teacher. Show real progress. Adjust scope if needed. Identify the single thing that will make the project succeed in the second week.

Day 10 - Panel presentations

Format:

  • 7-minute presentation.
  • 3-minute panel Q&A.
  • 5-minute panel deliberation (private).

Panel rubric (each scored 1–5):

  1. Technical execution.
  2. Documentation quality.
  3. Communication.
  4. Defense under questioning.
  5. Professional polish.

Suggested panel: teacher + 1–2 invited professionals + 1 second-year peer or alum.

Submission checklist

  • [ ] Signed scoping document
  • [ ] Final deliverable PDF(s) and any code in a reviewable archive
  • [ ] Presentation slides (PDF)
  • [ ] Recording of panel presentation
  • [ ] Reflection (1 page): what changed about how you see this work, and what you'll do next
  • [ ] Updated portfolio with capstone artifact

Capstone defense - common questions

  1. "Walk me through the moment you were most stuck. What did you do?"
  2. "If you had two more weeks, what would you do that you didn't?"
  3. "Where did your work break? What's the limitation a real engagement would hit?"
  4. "What's the single most important takeaway for someone deciding whether to hire you?"

Common misconceptions

  • "I'll figure it out as I go." - The scoping document is the difference between a strong capstone and a missed one.
  • "It has to be original." - Reproducing a known scenario well, and presenting it well, is exactly what entry-level roles ask for.
  • "The presentation is at the end." - The presentation shapes the work. Plan it from Day 1.

Career connection

Capstone deliverables become portfolio pieces. Panel members hire - and recommend. Many graduates of programs like this report their first interview was won on the capstone, not the resume.

Final reflection prompt (for students)

Two years ago you didn't know what cybersecurity was. Today you can scope an engagement, run it, document it, and defend it under questioning. Write 1 page on what changed about how you see technology, work, and yourself. Keep this. Read it again on the day you start your first cyber job.

Final reflection prompt (for teachers)

  1. Which capstone option produced the strongest outcomes? Why?
  2. Which student grew the most? What was the first turning point?
  3. What didn't work in the capstone structure that you'll change next year?
  4. Which of your students should you keep mentoring after graduation?

Ready to use this in class?

Unlock the full Cybersecurity II edition.

All teacher guides, worksheets, scenarios, quizzes, answer keys, and the in-browser presenter for every module in the track. Site-license pricing for schools and districts. Free review copies for verified educators.

View pricingRequest review copySee full curriculum