@SecurityWriter I have the same experience. As an example, I gave them some CTI courses and they are blown away when I show the use of the routing analysis from TTL to BGP peering to explain how an adversary infrastructure operates. It seems they had more sessions about policy, risk assessment and legal than actually the basis of operating system and networking.