What will you learn?
- Understand how a SOC operates, what services are provided, the technologies and tools deployed and how they interconnect;
- Master log collection, log analysis and threat detection;
- Hands-on experience in threat analysis, incident response and reporting;
- 5 days of training
- 24 hours of self study
- Exam voucher included
About this Course
The SOC Analyst training is a comprehensive 5- day course that immerses you into the processes, data flows, models and capabilities of a Security Operations Center.
The course provides a practical, relevant, and job-ready certification curriculum aligned closely with specific, real-world tasks needed as a SOC- Analyst. It delivers a simulated SOC environment including a SIEM with a large dataset for the exercises, and ends with a capture the Flag Event, a one day experience in a virtual SOC.
The training (5 days) is delivered over a period of 5 weeks and includes homework assignments. To obtain your certification, you must pass both the hands on exam (Day 5, Capture the Flag) and the theory exam (remote online via a certified proctor)
Who should attend?
The SOC Analyst course was developed by a group of SOC- Managers to facilitate the onboarding of new team members. The training benefits IT- and Security professionals that are either new or early in their SOC- career. After completing this course and passing the exam, they’ll be able to function adequately as a Security Analyst in a SOC or a similar security team.
The training also benefits security managers keen to learn how to build and manage efficient SOC Operations based on a more practical understanding of its working; and organizations that are building their SOC operations (or insourcing a SIEM solution for instance) and want to get their current team up to speed and certified.
While we would describe this as an entry- level training for SOC Analysts, there’s really no such thing as an entry-level job in cybersecurity: We do expect participants to have hands on experience in networking or some similar IT discipline.
Course Materials & Laptop Requirements
You’ll receive the official course material from SECO-Institute through our student portal. For this course you’ll need a suitable laptop to participate in the exercises:
- CPU: 64-bit Intel i5 / i7 2.0+ GHz processor
- BIOS: Enabled “Intel-VT”
- RAM: 16 GB RAM (8 GB min)
- Hard Drive: 150 GB free space
- Windows 10 operating system
- Virtualbox or VMware (a .vmdk file must be started)
- Firefox or Chrome browser
- 5 days of training from instructors
- Official SECO–Institute course materials
- Pre- course preparation kit: Access to SOC training summary overview, cheat sheets, reference to a free SIEM Fundamentals Training, VM’s and exercises, everything to prepare you for your training
- Practice exam
- Hands on exam: Capture the Flag exercise on day 5
- Theory exam: SOC Analyst | IT-Security Expert exam (via remote proctor)
- “S-ITSE” digital Acclaim badge when you pass the exam
Module 1 – Organisation and Implementation Strategies
- Organisation of IT Security & Staff & processes
- Getting acquainted with the applicable IT Security authorisations, mandates, & policies
- Getting acquainted with SOC models and services
- Getting acquainted with SOC capabilities
Module 2 – Log Collection and Monitoring
- Define data gathering strategies
- Developing an effective pattern management strategy
- Setting up and configuring log collections
- Setting up and configuring log monitoring/analysis
- Getting acquainted with log examples (Hands-On)
- Analyse log collections (Hands-On)
Module 3 – Identifying and Detecting Basic Network and Infrastructure Security Threats
- Types of network and infrastructure security threats
- How to detect this network or infrastructure security threats (use cases)
- Difference between a vulnerability, a threat and an incident
Module 4 – Understanding, Analysing and Monitoring Cyber Threats
- Evaluation on findings, from homework (Hands-On)
- Walkthrough of all the possible findings including theoretical explanations (Hands-on)
Module 5 – Preparing for, Responding to, and Reporting on Basic Network and Infrastructure Security Threats
- How to prepare for an incident, what do you need to have
- How to react on an incident, what to do and what not to do (Hands-on)
- How to manage the incident
Module 6 – Capture the Flag Event – Just Another Day in the Office
- A one day experience in a virtual SOC, with the following components:
- Threat intel situations: You will get information of possible threat where you must make an impact analysis for the organisation.
- Incidents: you need to react on different incidents during the day including making decisions about urgency.
- Analyses: Is it an incident? What is the impact? What is the scope?
- Reporting: You need to make a short report about one incident and present it
About the exam
To obtain your certification, you must pass both the hands on exam and the theory exam:
- Hands on exam
- Language: English
- Delivered: Day 5 of Training – Capture the Flag. Instructor available for questions
- Time: 5 hours
- Theory exam
- Language: English
- Delivered: Online via a certified proctor
- Questions: 40 multiple choice
- Time: 60 minutes:
This training was developed by 2 SOC Managers, a senior Analyst and the creator of the SOC Maturity Model. It is based on the requirements that they have set for their own teams, so you can feel comfortable that the training offers practical, relevant, and job-ready
content with specific, real-world tasks that you would need as a SOC- Analyst. Each of our accredited instructors has a minimum of 5 years of experience working in security operations centers in a senior role. They are strong communicators, passionate about the domain and eager to share their knowledge and skills with the ‘next generation’.