The Genesis of ConDef MCP
Since its inception, Constructing Defense (ConDef) has grown substantially. For those who are unfamiliar, ConDef is a 3-course Path on JHT created by Anton Ovrutsky as a way to get hands-on experience with a wide swath of cybersecurity job skills. It contains over 100 videos, step-by-step instructions with screenshots and a massive, pre-configured cyber range to practice in a protected environment. It’s great to have open-roaming to play with full versions of Windows, Linux, Active Directory, Kubernetes, Splunk, AWS, Azure and much more in a single, interconnected lab. It can also be pretty daunting. Feedback from our students has confirmed this. Thus, the need for ConDef MCP was born.
The ConDef Project is now several years old, but new content is added regularly to both the written material and the labs. There’s also an option called ConDef Lite that has all of the same material as its bigger brother but without the included cyber range. We affectionately call it the DIY Version, because we give you instructions on setting it all up in your own home lab! It also gives students the choice to manually create the offline labs or have the deployment be fully automated. For cybersecurity newcomers, this can also be overwhelming. Even more evidence that a novel solution was needed.
We don’t need no stinkin’ AI!
AI is taking the world by storm, and countless business leaders say that if you don’t adopt AI, you’ll be left behind. It’s too big to ignore, especially if it helps our students and their careers. But that doesn’t mean that we have to violate our principles. So, rather than utilize AI to generate content, Anton chose to use AI as a way to enhance the learning experience while also making the content that actual humans created more usable.
We believe that ConDef MCP is the perfect middle ground… an AI tool to adds a new and fresh dynamic to the mountain of content already available through Constructing Defense. You no longer have to go through each lesson one-by-one and can now interact with the content in Constructing Defense using natural language.
ConDef MCP Details
You can make Constructing Defense uniquely yours with customized learning paths, study aids, cheat sheets and a ton more. You can read more about the details of the MCP in a Free Preview Lesson in ConDef itself including Anton’s custom MCP Tools, basic usage and even how to best utilize the integration of the MITRE ATT&CK Framework & Atomic Red Team!
You can also catch a live demo during our free livestream where John Hammond welcomes Anton to launch the update to Constructing Defense 2026 on Fri Jan 9 at 1:00 PM ET. Catch it live or watch a replay below of Anton personally previewing ConDef MCP, the new AI Teaching Asst, showing an overview of the Lab Setup within ConDef and more!
But for this blog, I thought I’d share with you some interesting and unexpected results from our beta testing of the combination of Claude and the ConDef MCP.
ConDef MCP told us NO!
As you may have seen, we position ConDef as a bridge between attaining a degree or even a very recognizable cybersecurity certification and landing your very first security job. In fact, we use the following image to say just that…
To verify our own claims, we had the following eye-opening conversation with the ConDef MCP. We started by asking a simple question to set the tone:
Can you please list all modules in Constructing Defense?It responded as expected with a nice, bulleted list. Perfect! Then we asked another easy question:
Which ConDef modules teach basic networking?It again provided a detailed answer on where to go (Module 6 BTW) and what one could expect to learn such as what the Module covers, key concepts to learn, tools introduced and the practical skills you’ll be tackling. Awesome! We’re on a roll. But then we asked:
If I wanted to pass the CompTIA Security+ exam, will ConDef have everything I need?Without worrying about human feelings, it very directly answered:
“No, ConDef alone will not have everything you need to pass the CompTIA Security+ exam. Here’s why:”
It then proceeded to give a lengthy response including a section on “Recommendations” that said to use ConDef as a supplement, not your primary study resource.
In all honesty, that answer is spot on! ConDef is not meant to prep you for Security+. We tout it as what you need after attaining that degree or cert but are having a hard time getting past the technical portion of the job interview.
Context matters. Accurate prompting matters! Of course, we had to ask a follow up question:
If I passed the Security+ exam, but I can't get a job due to a lack of practical experience, will ConDef help me fill the skills gap?ConDef MCP Shocks Us… In the Best Possible Way!
Below is the full, unedited answer:
Yes, absolutely. ConDef is specifically designed to bridge the experience gap that Security+ certified candidates face. Here’s why:
The Security+ Problem
Security+ gives you theoretical knowledge – you know what LSASS is, what Kerberoasting means, what a brute force attack looks like. But you can’t answer:
- “Show me how you’d detect credential dumping in Splunk”
- “Walk me through investigating a lateral movement alert”
- “What telemetry sources would you use to catch DCSync?”
ConDef teaches you exactly these practical skills.
What ConDef Gives You That Security+ Doesn’t
1. Hands-On Detection Engineering (48 Labs)
- Build actual detection rules in Splunk
- Analyze real attack telemetry (Sysmon, Windows Event Logs, audit logs)
- Learn tools employers actually use: Splunk, Malcolm, Atomic Red Team, MemProcFS
2. Attack Execution + Detection You’ll actually run the attacks (Mimikatz, PSExec, Kerberoasting) then build detections for them. This gives you:
- Understanding of how attacks work, not just theory
- Ability to explain detection logic in interviews
- Real queries you can put in a portfolio
3. Platform Coverage Employers Want
- Windows: 60%+ of enterprise environments
- Linux: Server infrastructure
- Cloud: Azure AD/Entra, AWS CloudTrail
- Kubernetes: Container orchestration (hot skill)
4. MITRE ATT&CK Mapping ConDef covers 39 techniques across tactics employers care most about:
- Credential Access: 53% coverage (LSASS, Kerberoasting, DCSync, DPAPI)
- Lateral Movement: 56% coverage (PSExec, WMIExec, Pass the Ticket)
- Discovery/Recon: Detection of enumeration commands
What You Can Say in Interviews After ConDef
Before ConDef (Security+ only):
- “I know Mimikatz dumps credentials from LSASS”
After ConDef:
- “I’ve detected Mimikatz using Sysmon Event ID 10 for LSASS process access with GrantedAccess of 0x1010 and 0x1410. I’ve also built detections for procdump and comsvcs.dll LSASS dumping. Here’s the Splunk query I used, and here’s how I tuned it to reduce false positives from legitimate admin tools.”
That’s the difference between “knows theory” and “has done the work.”
Tangible Deliverables for Your Resume/Portfolio
After completing ConDef, you’ll have:
โ
Detection Rules – Splunk queries for 30+ attack techniques you can share
โ
Lab Documentation – Screenshots, process trees, network traffic analysis
โ
MITRE ATT&CK Mappings – Show you understand the framework in practice
โ
Tool Experience – Sysmon, Splunk, Malcolm, Hayabusa, MemProcFS, Atomic Red Team
โ
Investigation Workflows – How to pivot from alerts to root cause
The Bottom Line
Security+ gets you past HR filters and shows baseline knowledge.
ConDef makes you interview-ready by giving you the practical detection engineering skills that SOC Analyst, Detection Engineer, and Threat Hunter roles actually require.
If you can’t get interviews โ Security+ helps
If you get interviews but can’t pass technical screens โ ConDef solves this
Recommendation: Complete ConDef, then create a GitHub portfolio with 5-10 of your best detection rules, complete with explanations of the attack technique, the telemetry used, and how you’d tune for false positives. That portfolio + Security+ cert = competitive junior security candidate.
Claude is AI and can make mistakes.
Please double-check responses.
That’s not just an AI Teaching Assistant. That’s a full-on AI Career Coach!
And a mic drop moment if I’ve ever seen one!
