online training course
Develop Tier I analysts on the technical facets of the SOC in half the time, at a fraction of the cost, while minimizing security risk.
CyberVista’s SOC Analyst course is a comprehensive role-based program that builds off of our baseline Critical Knowledge program. This course is broken down into six (6) units, covering fundamental cybersecurity concepts, then focuses on more technical and task-oriented subject matter as it relates specifically to Tier I SOC functions.
Participants conduct guided lab exercises and complete tasks on virtual machines provided, with hours of on-demand lessons by an experienced instructor to help reinforce correct practice and application of skills. For individuals interested in certification, the SOC course curriculum aligns to select units of the CompTIA CySA+. CySA+ practice exam assessments are optional.
Our 100% online format makes it easier for your workforce to accommodate training. Courses are available either live online, with weekly live instruction over six consecutive weeks, or video on-demand. Both modalities include six months of access to all learning tools and materials in our proprietary LMS.
Workforce Framework for Cybersecurity
All CyberVista role-based courses are directly mapped to the Workforce Framework for Cybersecurity, or NICE Framework, incorporating the knowledge, skills, abilities, and tasks (KSATs) to relevant cybersecurity job roles.
It is recommended to have experience in IT or computer networking, basic knowledge of security concepts, and hands-on skills with common security controls. However, there are no formal prerequisites.
Individuals new to cybersecurity or who could use a refresher are recommended to complete CyberVista’s Critical Knowledge program. Recommended certifications to pursue following the SOC Analyst course are CompTIA’s CySA+, CASP+ or PenTest+. For individuals ready to advance within the blue team, CyberVista offers an Incident Response course.
Who should take this course?
Individuals in the following roles are excellent candidates for this course:
- Newly hired Tier I SOC analysts
- Entry-level and junior information security analysts who want to expand their career within security operations
- Network or systems admins interested in making the transition into a technical cybersecurity role
Benefits of Training
There are a great number of benefits to the SOC course, but a few highlights include:
- Role-based training to fast-track incoming analysts’ time to operational status
- Task-oriented lessons to ensure long term comprehension and retention
- Live online or on-demand instruction to reduce burnout of Tier II & III analysts
Cost Savings of 75% on SOC Training for Fortune 50 Retail Organization
CyberVista’s SOC Analyst course spans six (6) units ranging from SOC roles and responsibilities, different types of analysis, to Incident Response. Click on the sections below to see the topic areas within each unit.
Unit 1: SOC Organization & Processes
Understand the roles and responsibilities of both the Security Operations Center and SOC analysts within an organization.
- Explain the overall SOC purpose to the organization and which internal processes belong to which functions
- Describe the role of SOC analyst tiers within the other roles and processes within the organization
- Explain how the SOC analyst contributes and applies security policies to the organization
- Select SOC analyst-appropriate tools and/or processes based on the type of task required by the business scenario
Unit 2: Threat & Vulnerability Analysis
Identify and define different vulnerability assessments and analysis, threat research, and establish known-good and known-bad network baselines.
- Given a scenario within the threat landscape, identify common attack techniques and profiles that target common vulnerabilities
- Perform threat research and compare popular online vulnerability and blogs and databases
- Establish a known-good network baseline
- Validate the known-bad to a known-good baseline
Unit 3: Device Log Analysis
Understand the importance and mechanisms of device logs, be able to conduct log analysis, and create scripts to automate analysis.
- Describe the purpose of logs, log generating events, and use of logs in relation to prevent, detect, and respond
- Describe how alerts are triggered by incidents and logs are used to correlate those incidents
- Locate network device logs and compare common data found in logs from firewalls, IDS/IPS, UTMs, and NTA, including their actual data fields
- Contrast data fields found in logs from Linux and Windows systems, including registry and other local databases
- Configure alert triggers and filters in devices and applications to avoid false positives
- Use analysis techniques with log viewers and tools to detect symptoms of phishing, DoS/DDoS, injection, hijacking, malware communication, and authentication attack events
- Use custom plugins and bash/Powershell scripting to automate large-scale analysis of log files
- Create basic Python scripts used to automate tasks and correlate relevant data
Unit 4: Comprehensive Organizational Event Correlation
Understand the purpose and application of SIEMS, conduct analysis of SIEM results, correlate multiple network events, and detect evidence of post-attack strategies.
- Describe the purpose and application of SIEM
- Analyze SIEM results and correlate multiple events in enterprise security incidents across network devices and traffic
- Using tools like Splunk to detect evidence of post-attack strategies such as APT, lateral movement, data exfiltration, and anti-forensics
Unit 5: PCAP Analysis
Capture live traffic and conduct analysis on captured packets for indicators of network attacks.
- Use protocol analyzers to capture live traffic on different network segments
- Filter packet capture by protocol, source, destination, and other fields
- Use analysis techniques with packet analyzers to detect symptoms of phishing, DoS/DDoS, injection, hijacking, malware communication, and authentication attack events
- Export packet captures and other analyzable reporting formats
Unit 6: Incident Response
Understand the Incident Response phases and determine indicators of compromise for given incidents.
- Given a scenario, determine which phase of incident response operation it describes, including reporting and brief templates
- Determine IOC identification, initial point of compromise identification, scoping methods and containment strategies, eradication and remediation actions for a given type of incident
- Identify incident scoping measure strategies and indicators of compromise use in incident response operations
- Given malware or adversary tools, identify methods for eradication of malware or adversary tools, and restoration and remediation activities
This course includes:
- 35 Question Diagnostic Assessment
- 90+ Modular Video Lessons
- Kali Linux and Security Onion Virtual Machines
- 10+ Hours of Guided Labs
- 90+ Knowledge Check Questions
- SOC Analyst SOP Cheatsheet and Video Transcript PDF
- 35 Question Final Assessment
- (Optional) Practice Exam Preparation for CompTIA CySA+
- Engagement and performance analytics
- *For SOC Manager or CIO
- *For SOC Manager or CIO
Request more information on training options for your cybersecurity teams. Private classes are available.
SOC Analyst Course FAQ’s
Does this course train towards a certification?
While certain course units and topics align with the objectives of select certifications, this course is not intended for exam preparation. However, practice exam assessment tools for the CompTIA CySA+ certification are included as an optional resource for participants who wish to certify.
How is training delivered?
This course is delivered both live online over six consecutive weeks with live instruction weekly from a dedicated instructor or video-on-demand. Both modalities include six months of access to all learning tools and materials in our proprietary LMS.
Who are the instructors?
- Rebecca Blair, Manager of Security Operations, CEIA, CEH, CNDA, Security+
- David Cho, Research and Development Manager, CISSP, CEH, CySA+, Security+
- Jonathan Lanning, Senior Security Manager, Adjunct Instructor, GREM, GPEN, GCFA, GCIH, GSEC
Is a certificate of completion available?
Yes! Participants receive a digital badge once they have successfully completed the course. This badge can be displayed on social profiles or email signatures. Click here to learn more about CyberVista’s digital badging.