Course Overview

This course is the first step to joining the Security Operations Center (SOC). It is designed for first level analysts, current SOC aspirants and aspirants to achieve proficiency in performance of mid-level and mid-level operations. It is a program that helps to acquire technical skills in the direction and in demand through instructions from some of the most experienced trainers in the industry. The program focuses on creating new job opportunities through extensive accurate knowledge with enhanced level capabilities to contribute dynamically to the SOC team. This program also thoroughly covers the basics of SOC operations, before relaying registry management knowledge and linkage, SIEM deployment, advanced accident detection, and incident response.

Course Outlines

• Security Operations and Management
• Understanding Cyber Threats, IoCs and Attack Methodology
• Incidents, Events and Logging
• Incident Detection with Security Information and Event Management (SIEM)
• Enhanced Incident Detection with Threat Intelligence
• Incident Response

Course Objectives

After completing this course you should be able to:

- Gain knowledge of SOC processes, procedures, technologies and workflows.

- Gain basic understanding and in-depth knowledge of security threats attacks, vulnerabilities, attacker's behaviors, cyber kill chain, etc.

- Able to recognize attacker tools, tactics, and procedures to identify indicators of compromise (IOCs) that can be utilized during active and future investigations.

- Able to monitor and analyze logs and alerts from a variety of different technologies across multiple platforms (IDS/IPS, end-point protection, servers and workstations).

- Gain knowledge of centralized log management (CLM) process.

- Able to perform security events and log collection, monitoring, and analysis.

- Gain experience and extensive knowledge of security information and event management.

- Gain knowledge on administering SIEM solutions (Splunk/AlienVault/OSSIM/ELK).

- Understand the architecture, implementation and fine tuning of SIEM solutions (Splunk/AlienVault/OSSIM/ELK). 

- Gain hands-on experience on SIEM use case development process.

- Able to develop threat cases (correlation rules), create reports,etc.

- Learn use cases that are widely used across the SIEM deployment.

- Plan, organiza, and perform threat monitoring and analysis in the etnerprise.

- Able to monitor emerging threat patterns and perform security threat analysis.

- Gain hands-on experience in alert triaging process.

- Able to use a service desk ticketing system.

- Able to prepare briefings and reports of analysis methodology and results.

- Gain knowledge of integrating threat intelligence into SIEM for enhanced incident detection and response.

- Able to make use of varied, disparate, constantly changing threat information.

- Gain knowledge of incident response process.

- Gain understanding of SOC and IRT collaboration for better incident response.

Course Prerequisites

• Network Administration or Security Domain experience

Course Schedule

Course Delivery Format

1. In-Person Training:

Benefits:

Personal Interaction: Participants can interact with the instructor and fellow learners, fostering a sense of community.

Immediate Feedback: Instructors can provide real-time feedback, addressing questions and concerns on the spot.

Hands-on Activities: Practical exercises and group activities can be conducted more effectively in person.

1. Online Training:

Benefits:

Flexibility: Learners can access the course content at their own pace and time, accommodating diverse schedules.

Cost-Effective: Eliminates the need for travel and accommodation expenses, making it more economical.

Scalability: Can accommodate a large number of participants simultaneously, making it suitable for widespread audiences.

1. Blended Learning (Combination of In-Person and Online):

Benefits:

Flexibility: Combines the advantages of both in-person and online formats, offering a balance between structure and autonomy.

Cost-Efficiency: Reduces the need for extensive in-person sessions, saving on travel and venue costs.

Adaptability: Can cater to diverse learning styles by incorporating various modes of instruction.

1. Virtual Classrooms:

Benefits:

Real-Time Interaction: Allows for live Q&A sessions, discussions, and engagement with participants.

Accessibility: Participants from different locations can join without the need for physical presence.

Recording Options: Recordings can be made available for participants who may have missed the live session.

1. Self-Paced Learning (eLearning Modules, Videos):

Benefits:

Individualized Learning: Participants can progress at their speed, revisiting content as needed.

Consistency: Ensures uniform delivery of content to all participants.

24/7 Accessibility: Learners can access materials whenever and wherever is convenient for them.

1. Customized Courses:

Relevant Content: Tailored to specific organizational goals.

Industry Focus: Incorporates real industry challenges.

Adapted Learning: Matches varied skill levels of participants.

Focused Skills: Targets key competencies for job success.

Cultural Sensitivity: Respects diverse backgrounds within the organization.

Engaging Content: Uses relatable examples and scenarios.

Flexible Delivery: Adaptable to different learning formats.

Measurable Success: Sets clear objectives for easy evaluation.

Continuous Improvement: Uses feedback for ongoing enhancements.

Cost-Effective: Efficiently directs resources for maximum impact.