IT-Security Expert


SOC | IT-Security Expert certification

About the course

The SOC Analyst training is a comprehensive 5 – day course that immerses you into the processes, data flows, models and capabilities of a  Security Operations Center (SOC). You will understand how a SOC operates
and familiarize yourself with the tools and technologies SOC Analysts use in their daily work. You will learn to master log collection, log analysis and threat detection, and you will gain hands-on experience in threat analysis, incident response and reporting.

The course takes a 50-50 theory vs practice approach. It evaluates best practices and common frameworks like MITRE ATT&CK, MagMa Use Case Framework, and tools and techniques to put them into practice. The course highlights where and how data is collected, provides an overview of technologies deployed and how they interconnect (SIEM, Intrusion Detection Systems, Endpoint Detection & Response, Security Orchestration, Threat Intelligence Platforms, Network Traffic Analysis tools, vulnerability scanners…). The training delivers a simulated SOC environment including a Security Information and Event Management System (SIEM)with a large dataset for the exercises and ends with a capture the Flag Event, a one – day experience in a virtual SOC.


SECO-IT-Security Practitioner (S-ITSP) or equivalent is required. If you are unsure about your level, test yourself with the SECO-IT Security Practitioner sample exam.

Basic understanding of TCP/IP, operating system fundamentals and common security concepts. Students are expected to have a basic understandingof application layer protocols such as http, smtp, ssh and ftp.
Understanding of Linux command-lineis a big plus/ desirable. This training attracts students with different backgrounds and expertise that may often even differ per each domain covered. This has been considered
with the setup of the training (1 day per week with homework, exercises and reference materials for you to explore in between the course modules) and on premise by your trainer with the distribution of exercises amongst students.

About the certificate

Core SOC Analyst competencies you will validate with your SECO-ITSE (S-ITSE) certificate

The IT-Security Expert certification exam covers a set of industry-established competencies that are essential for aspiring SOC Analysts.

By passing the ITSE certification exam and earning a SECO-IT-Security Expert (S-ITSP) certificate, you showcase your ability to:

  • Demonstrate an in-depth understanding of SIEM, Splunk, IDPS, security analytics, SOAR, EDR, NTA, TIP and vulnerability scanners;
  • Provide direction and consultation on log collection and log monitoring (define data gathering strategies, develop an effective pattern management strategy, set up and configure log monitoring/analysis, analyse log collections and evaluate the findings);
  • Identify and detect network and infrastructure security threats (recognise network and infrastructure security threats and analyse the environment to identify all security threats);
  • Analyse basic network and infrastructure security threats;
  • Report on the severity of threats and provide advice for remediation using adequate reporting techniques;
  • Adequately respond to basic network and infrastructure security threats.

What are the benefits of an S-ITSE certificate?

An S-ITSE certificate demonstrates that you have acquired the knowledge and skills necessary to assume responsibility for threat detection, analysis and response, and that you are able to use your skills to improve your organisation’s overall security posture. In the possession of this qualification, you will be able to benefit from abundant career opportunities in government and public-sector Security Operations Centres. The certificate also has benefits for you if you are considering further advancing your career and working your way to SOC Manager.

Who should certify?

This course is intended for IT- and Security professionals either early in their SOC- career or new to working in a SOC, that want to become a Tier 1/Tier 2 SOC Analysts and work in a dedicated team of cybersecurity
experts to detect, contain and remediate IT threats.

This includes IT experts, system engineers, security analysts, incident investigators, security engineers and architects.

The training also benefits security managers* keen to learn how to successfully build and manage efficient SOC Operations based on a more solid and practical understanding of its working.

As a general guideline we advise a maximum of 2 years’ experience in a SOC environment. When in doubt, have a look at the course modules and / or connect with us for advice.

How to prepare for the certification exam?

You can prepare for your certification exam by taking a course or by self-study.

We also offer classroom training through our accredited education partners. To find a course in your country, visit the Get Trained page.

How to book a certification exam?

You can take your certification exam at an accredited exam centre or online.

For more information on the exam, please refer to the SECO Examination Guide.

S-ITSE certificate and digital badge

Upon successful completion of a SECO SOC | IT-Security Expert certification exam, you will receive the S-ITSE certification title and a digital badge. Your credentials will grant you a one-year SECO membership. After your certification expires, you will have the option to re-certify by paying a small fee.

As a prerequisite to renewing your certification, you have to meet Continuing Professional Education (CPE) requirements. CPE requirements can be met by attending workshops, conferences and webinars, publishing articles, providing training, and performing other similar activities that help you maintain your professional competencies.

For more information on the certification process and Continued Professional Education (CPE) requirements, please refer to the SECO Certifications Guide.