Skip to content

Lesson templates

Every lesson in this course follows one of two templates: theory (video-led) or lab (hands-on terminal). Quizzes are appended to the last lesson in a module. Templates are intentionally rigid so the course feels consistent across 40+ lessons.

Theory lesson template

Filename: LX.Y-slug.md (e.g., L0.2-ai-security-landscape.md)

# L{X.Y} — {Title}

**Type:** Theory · **Duration:** ~{N} min · **Status:** Mandatory | Optional
**Module:** {Module N — Module name}
**Framework tags:** OWASP: {LLMxx, …} · ATLAS: {AML.Txxxx, …} · NIST AI RMF: {Function-Category-Subcategory, …} · EU AI Act: {Article / Risk tier if relevant}

## Learning objectives
By the end of this lesson, the learner can:
1.2.3.
## Concept primer *(skip if you already know this)*
{Short, plain-English explainer of the ML/LLM concepts the lesson assumes. Always present when the lesson touches model internals, training, embeddings, fine-tuning, RAG, or eval.}

## Core content
{Body of the lesson, organized by the learning objectives. Pitch: a senior engineer reading. Concrete > abstract. Use code blocks, diagrams (described in slide outline), real examples.}

## Real-world example
{One concrete incident or system that illustrates the concept. Cite source.}

## Key terms
- **Term** — definition.

## References
- Primary source (paper / official docs).
- Secondary (blog post / news article).
- Further reading.

## Quiz items *(2–5 questions, contribute to module quiz)*
1. **Q:****A:****Why:**
## Video script
> {Word-for-word narration. Speaker cues in [brackets]. Slide cues marked `[SLIDE N]`.}

## Slide outline
1. **Title slide** — {course logo, lesson title, duration, framework tags}
2. **Learning objectives** — bullets from above
3.N. **Summary & next lesson** — 3-bullet recap, preview of next

## Production notes
{Anything the recorder needs: B-roll suggestions, demo screen recordings to capture, voiceover tone, est. recording time.}

Lab lesson template

Filename: LX.Y-slug.md (e.g., L0.3-environment-setup-lab.md)

# L{X.Y} — {Title} *(Lab)*

**Type:** Lab · **Duration:** ~{N} min · **Status:** Mandatory | Optional
**Module:** {Module N — Module name}
**Framework tags:** OWASP: {…} · ATLAS: {…} · NIST AI RMF: {…}

## Goal of the lab
{1–3 sentence plain-English statement of what the learner will accomplish. Mirrors PDSO's "Goal of the Lab" panel.}

## Why this matters
{Optional, 1–2 sentences. Connects the lab to a real attack/defense scenario.}

## Prerequisites
- Skills assumed: …
- Lessons completed: L{x.y}, L{x.y}
- API keys / accounts: …

## What you'll build / break
{Bulleted artifact list: a script, a model, a finding, a config. Names them so the debrief can reference them.}

## Steps
### Step 1 — {short imperative title}
{Narration of what we're doing and why — 2–4 sentences.}

```bash
# command(s)

Expected output: 

{paste verbatim expected output, or describe what success looks like}

If you see … {common error and fix}.

Step 2 — …

Step N — …

What just happened (debrief)

{2–4 paragraphs walking through what the learner just did, why it worked, and how it maps to the threat model. This is where most learning happens — do not skip.}

Extension challenges (optional)

  • Easy:
  • Medium:
  • Hard:

References

Provisioning spec (for lab platform admin, NOT shown to learner)

Container base image: {e.g., python:3.11-slim or pdso/ai-sec-labs:latest} Pre-installed packages: 

{requirements.txt-style list}
Environment variables required: - OPENAI_API_KEY — provisioned per-learner from platform secret store - … Pre-loaded files: - /workspace/lab/… — content Network access required: - egress: api.openai.com, api.anthropic.com, huggingface.co - ingress: none Estimated container size: {MB} Idle timeout: {minutes} Notes for platform admin: {anything tricky} ```

Module-level files

Each module folder also contains: - 00-module-README.md — module title, learning outcomes, lesson list, framework coverage, time estimate - 99-module-quiz.md — assembled from per-lesson quiz items, 10–15 questions per module, with answer key + explanations - 99-module-summary.md — short closing video script (2–3 min): what was covered, what's next, why it matters in the larger course arc

Style conventions

  • Video length cap (≤ 5 min per video lesson). Target 600–900 words of narration per lesson (≈4–6 min at 140–160 wpm). Hard cap 1,000. Topics that exceed this must be split into multiple short lessons (e.g., L2.1.1, L2.1.2). Lab lessons are not subject to this cap. Applies M2 onward — M0 and M1 were built before this rule and remain as-is.
  • Tone: senior engineer to senior engineer. No fluff, no "in today's fast-paced world." Concrete examples beat principles.
  • Code: Python 3.11+, Bash, sometimes TypeScript. Show real commands, real output. No pseudocode unless explicitly marked.
  • Citations: every factual claim (incident, statistic, paper finding) has a footnote-style reference. We're training engineers who'll defend their decisions to auditors.
  • Offensive content: every attack lesson opens with a one-paragraph Ethics & scope block: lab-only, your own systems, applicable laws.
  • Naming: filenames kebab-case, code identifiers snake_case (Python) or camelCase (TS), module folders NN-slug.