This course aims to equip students with all of the fundamental security operations knowledge and practical skills needed in order to achieve and excel in a L1 or L2 SOC Analyst position. By covering topics such as phishing analysis, incident response procedures, threat detection techniques, log analysis, SIEM management, and security tool utilization, students will gain the essential competencies required to effectively monitor, analyze, and respond to security incidents within a SOC environment.
Hands-On Learning
Students will be able to actively engage with the course material through bite-sized video demonstrations, written materials and references, quizzes to assess comprehension, and practical exercises that simulate real-world scenarios.
Career Preparation
By the end of the course, participants will be proficient in using various common security tools, analyzing security events and artifacts, handling alert tickets, triaging, and responding effectively to incidents within a SOC. Additionally, the course aims to foster critical thinking skills and encourage both proactive and reactive methodologies, which are pivotal for skilled analysts.
Network Traffic Analysis, Endpoint Security Monitoring, Endpoint Detection and Response
3
Analysis and Management
Log Analysis and Management, Security Information and Event Management (SIEM), Threat Intelligence
4
Incident Handling
Digital Forensics, Incident Response
System Requirements
Processor
64-bit Intel i5 or i7,
2.0 GHz or higher.
RAM
At least 8 GB (ideally 8-12+ GB) to efficiently run multiple VMs.
Disk Space
80-100 GB of free storage. SSDs are recommended for better performance.
Prerequisites
1
Networking Fundamentals
Basic understanding of TCP/IP and OSI models. Knowledge of network concepts such as subnets, internal vs. external IP addresses, network address translation, and routing. Familiarity with common protocols (e.g., SSH, FTP, HTTP, HTTPS).
2
Operating System Fundamentals
Basic familiarity with Windows and Linux components. Working with the command-line and knowledge of basic commands and navigation (e.g., cd, ls, cat). Troubleshooting skills.
3
Basic Information Security Concepts
Understanding of foundational security concepts such as the CIA triad, security controls, encryption, and hashing. Basic security appliances and controls (e.g., firewalls, proxies, VPNs, EDR).
Course Objectives
1
Foundational Knowledge
Understand the foundational principles and practices of security operations.
2
Threat Analysis
Learn techniques for analyzing and identifying phishing attacks. Develop skills in monitoring network traffic for security threats and anomalies.
3
Endpoint Security
Develop skills in monitoring and analyzing security events on individual hosts.
4
SIEM Proficiency
Learn how to effectively use a SIEM for security event correlation, analysis, and incident management.
5
Threat Intelligence
Learn how to leverage threat intelligence to enhance security operations and incident response.
6
Digital Forensics
Develop an understanding of digital forensics processes, common tools, and methodologies.
7
Incident Response
Understand the procedures, and best practices for incident response in a SOC environment.
Who Should Take SOC Course?
Ideal Candidates for SOC Course
This course will be aimed at individuals who are looking to pursue a career in cybersecurity (beginners with basic or little cybersecurity knowledge or experience), specifically focusing on defensive security operations within a Security Operations Center (SOC) environment.
Lectures on URL analysis, attachment analysis, and using automated tools like PhishTool.
4
Phishing Defense and Reporting
Lectures on reactive and proactive phishing defense strategies, as well as documentation practices.
Network Security
Network Security Theory
Lecture on fundamental network security concepts.
Packet Analysis Tools
In-depth tutorials on using tcpdump and Wireshark for network traffic analysis.
Intrusion Detection and Prevention
Introduction to IDS/IPS systems and hands-on practice with Snort.
Endpoint Security
1
Introduction to Endpoint Security
Endpoint security concepts and importance.
2
Windows Analysis
Multiple lectures covering Windows network, process, registry, and event log analysis.
3
Linux Analysis
Lectures on Linux network, process, and cron job analysis.
4
Endpoint Detection and Response
Introduction to LimaCharlie EDR tool and hands-on practice.
Security Information and Event Management (SIEM)
1
SIEM Fundamentals
Introduction to SIEM concepts, architecture, and deployment models.
2
Log Analysis
Lectures on log types, formats, and analysis techniques.
3
Splunk Training
Comprehensive tutorials on using Splunk for security event management and analysis.
4
Practical Challenges
Hands-on exercises including a website defacement investigation and a ransomware challenge.
Threat Intelligence
1
Threat Intelligence Fundamentals
Introduction to types of threat intelligence and the threat intelligence cycle.
2
Threat Modeling Frameworks
Lectures on the Diamond Model, Cyber Kill Chain, Pyramid of Pain, and MITRE ATT&CK.
3
YARA Rules
Introduction to YARA and hands-on practice writing YARA rules.
4
Threat Intelligence Platforms
Introduction to MISP (Malware Information Sharing Platform) and practical usage.
Digital Forensics
1
Forensic Fundamentals
Introduction to digital forensics, investigation processes, and chain of custody.
2
Forensic Tools
Hands-on practice with FTK Imager for disk and memory acquisition.
3
Windows Forensics
In-depth analysis of common Windows forensic artifacts.
4
Memory Forensics
Introduction to Volatility and hands-on memory analysis techniques.
Incident Response
1
IR Fundamentals
Introduction to incident response concepts and frameworks.
2
Preparation and Identification
Lectures on preparing for incidents and identifying potential security breaches.
3
Containment and Eradication
Strategies for containing and eliminating threats from compromised systems.
4
Recovery and Lessons Learned
Processes for system recovery and conducting post-incident reviews.
Course Conclusion
Course Wrap Up
Conclusion summarizing the key takeaways from the course.
About the Instructor: Andrew Prince
Experience
Raghav is a seasoned and passionate security professional who brings a wealth of experience in areas such as security operations, incident response, threat hunting, vulnerability management, and cloud infrastructure security.
Background
With a professional background in Telecom and Banking Industry, Raghav offers a well-rounded perspective on his security strategy. Andrew also navigates both offensive and defensive operations to provide a holistic approach to keeping people, processes, and technology secure.
Community Involvement
He is also active in developing various Capture the Flag challenges, creating security training, and sharing knowledge through content creation.
Begin your path to becoming a skilled SOC Analyst with our comprehensive 50+ hour training program. Gain the knowledge and hands-on experience needed to excel in the cybersecurity field.