This course aims to equip students with all of the fundamental security operations knowledge and practical skills needed in order to achieve and excel in a L1 or L2 SOC Analyst position. By covering topics such as phishing analysis, incident response procedures, threat detection techniques, log analysis, SIEM management, and security tool utilization, students will gain the essential competencies required to effectively monitor, analyze, and respond to security incidents within a SOC environment.
Students will be able to actively engage with the course material through bite-sized video demonstrations, written materials and references, quizzes to assess comprehension, and practical exercises that simulate real-world scenarios.
By the end of the course, participants will be proficient in using various common security tools, analyzing security events and artifacts, handling alert tickets, triaging, and responding effectively to incidents within a SOC. Additionally, the course aims to foster critical thinking skills and encourage both proactive and reactive methodologies, which are pivotal for skilled analysts.
Security Operations Fundamentals, Phishing Analysis, Network Security Monitoring
Network Traffic Analysis, Endpoint Security Monitoring, Endpoint Detection and Response
Log Analysis and Management, Security Information and Event Management (SIEM), Threat Intelligence
Digital Forensics, Incident Response
64-bit Intel i5 or i7,
2.0 GHz or higher.
At least 8 GB (ideally 8-12+ GB) to efficiently run multiple VMs.
80-100 GB of free storage. SSDs are recommended for better performance.
Basic understanding of TCP/IP and OSI models. Knowledge of network concepts such as subnets, internal vs. external IP addresses, network address translation, and routing. Familiarity with common protocols (e.g., SSH, FTP, HTTP, HTTPS).
Basic familiarity with Windows and Linux components. Working with the command-line and knowledge of basic commands and navigation (e.g., cd, ls, cat). Troubleshooting skills.
Understanding of foundational security concepts such as the CIA triad, security controls, encryption, and hashing. Basic security appliances and controls (e.g., firewalls, proxies, VPNs, EDR).
Understand the foundational principles and practices of security operations.
Learn techniques for analyzing and identifying phishing attacks. Develop skills in monitoring network traffic for security threats and anomalies.
Develop skills in monitoring and analyzing security events on individual hosts.
Learn how to effectively use a SIEM for security event correlation, analysis, and incident management.
Learn how to leverage threat intelligence to enhance security operations and incident response.
Develop an understanding of digital forensics processes, common tools, and methodologies.
Understand the procedures, and best practices for incident response in a SOC environment.
This course will be aimed at individuals who are looking to pursue a career in cybersecurity (beginners with basic or little cybersecurity knowledge or experience), specifically focusing on defensive security operations within a Security Operations Center (SOC) environment.
A preview of the course content and structure.
Overview of what you need to know and have before starting the course.
A guide on how to access and use the course support channels.
Guide on setting up the virtualization environment.
Setting up the Windows virtual machine.
Setting up the Ubuntu virtual machine.
Setting up the network for your lab environment.
Introduction to Security Operations Centers and their importance.
Overview of what to expect in a typical workday as a SOC analyst.
Recap of essential information security concepts.
Multiple lectures covering SOC organizational structures, incident management, metrics, and common tools used in security operations.
Overview of phishing attacks and their impact.
Multiple lectures covering email basics, phishing attack types, and analysis methodologies.
Lectures on URL analysis, attachment analysis, and using automated tools like PhishTool.
Lectures on reactive and proactive phishing defense strategies, as well as documentation practices.
Lecture on fundamental network security concepts.
In-depth tutorials on using tcpdump and Wireshark for network traffic analysis.
Introduction to IDS/IPS systems and hands-on practice with Snort.
Endpoint security concepts and importance.
Multiple lectures covering Windows network, process, registry, and event log analysis.
Lectures on Linux network, process, and cron job analysis.
Introduction to LimaCharlie EDR tool and hands-on practice.
Introduction to SIEM concepts, architecture, and deployment models.
Lectures on log types, formats, and analysis techniques.
Comprehensive tutorials on using Splunk for security event management and analysis.
Hands-on exercises including a website defacement investigation and a ransomware challenge.
Introduction to types of threat intelligence and the threat intelligence cycle.
Lectures on the Diamond Model, Cyber Kill Chain, Pyramid of Pain, and MITRE ATT&CK.
Introduction to YARA and hands-on practice writing YARA rules.
Introduction to MISP (Malware Information Sharing Platform) and practical usage.
Introduction to digital forensics, investigation processes, and chain of custody.
Hands-on practice with FTK Imager for disk and memory acquisition.
In-depth analysis of common Windows forensic artifacts.
Introduction to Volatility and hands-on memory analysis techniques.
Introduction to incident response concepts and frameworks.
Lectures on preparing for incidents and identifying potential security breaches.
Strategies for containing and eliminating threats from compromised systems.
Processes for system recovery and conducting post-incident reviews.
Conclusion summarizing the key takeaways from the course.
Raghav is a seasoned and passionate security professional who brings a wealth of experience in areas such as security operations, incident response, threat hunting, vulnerability management, and cloud infrastructure security.
With a professional background in Telecom and Banking Industry, Raghav offers a well-rounded perspective on his security strategy. Andrew also navigates both offensive and defensive operations to provide a holistic approach to keeping people, processes, and technology secure.
He is also active in developing various Capture the Flag challenges, creating security training, and sharing knowledge through content creation.
Begin your path to becoming a skilled SOC Analyst with our comprehensive 50+ hour training program. Gain the knowledge and hands-on experience needed to excel in the cybersecurity field.
Learn the fundamentals required to become a SOC Analyst with over 50 hours of training.