Learn by Directing AI

Cybersecurity: Track Setup

Complete the platform setup first if you haven't already. You should have a terminal, Claude Code, Git, and a GitHub account ready.

1. Create your track folder

mkdir -p ~/dev/cybersecurity
cd ~/dev/cybersecurity

2. Cybersecurity tools: let Claude Code do it

Open Claude Code in your track folder:

claude

Paste this prompt:

I'm setting up a cybersecurity lab environment. Please:

1. Install Python 3.11+ via Miniconda, then create a conda environment called "security"
2. Install core packages in the security environment: requests, pyyaml, python-nmap
3. Install Docker if not already installed (or tell me how, it needs admin access)
4. Install nmap (the network scanner, not the Python package). It may need admin access
5. Pull the Docker image for OWASP ZAP: ghcr.io/zaproxy/zaproxy:stable

After each step, verify it worked and show me the result.

Note on Docker: Docker is essential for cybersecurity. Your lab targets, monitoring systems, and security tools all run in containers. If Claude Code can't install it directly, it will tell you what command to run yourself.

Note on nmap: Network scanning tools typically need administrator access to perform certain scan types. Claude Code will tell you if it needs elevated permissions.

Verify

Once Claude Code finishes:

conda activate security
python --version
nmap --version
docker --version
docker images | grep zaproxy

You should see Python 3.11+, an nmap version (7.90+), a Docker version, and the ZAP image listed.

3. Your first look

Everything is installed. Before you start Project 1, see what Claude Code can do when you point it at a cybersecurity problem.

Stay in your track folder with Claude Code open, and paste this:

Start a simple vulnerable web application in Docker (use the OWASP Juice Shop image: 
bkimminich/juice-shop). Once it's running, use nmap to scan it and identify open ports 
and services. Then summarize what you found: what's running, what's exposed, and what 
a security assessor would look at first.

In a few minutes, Claude will spin up a deliberately vulnerable application, scan it, and produce a basic reconnaissance report. A security assessment workflow from a single prompt.

As you work through the track, you'll learn why a single prompt isn't enough: why that scan might miss vulnerabilities that require authentication, why the default scan flags might not be appropriate for every target, why the findings need to be mapped to a threat model, and why an engagement requires both attacking the weaknesses and building the defenses.

But for now, look at what just happened. That's the starting point.

Ready

Start Project 1.

IntroductionAll Projects