Certified Security Operations Center Analyst


A Security Operation Center (SOC) is a centralized function within an organization employing people, processes, and technology to continuously monitor and improve an organization’s security posture while preventing, detecting, analysing, and responding to cyber security incidents.

A SOC acts like the hub or central command post, taking in telemetry from across an organization’s IT infrastructure, including its networks, devices, appliances, and information stores, wherever those assets reside. The proliferation of advanced threats places a premium on collecting context from diverse sources. Essentially, the SOC is the correlation point for every event logged within the organization that is being monitored. For each of these events, the SOC must decide how they will be managed and acted upon.

This course will cover the design, deployment and operation of the CSOC. Once this course is completed, you will have the skills to perform your SOC responsibilities effectively. In a classroom setting, instructors will teach you the skills to analyse and detect threats to an organization through demonstrations, labs, and lectures. The course covers the functional areas: Communications, Network Security Monitoring, Threat Intelligence, Incident Response, Forensics, and Self-Assessment.

Course Duration


3 Months

Who should attend?


  1. Anyone who wants to get into SOC or CSOC
  2. Computer Graduates
  3. IT Professionals

Table of Contents

Cyber-Security Fundamentals

  • Day 1
    • Early days of Information Security, CIA Triad
    • Who is a Hacker and Types of Hacker & Hacktivism
    • Patch Tuesday , Exploit Wednesday, Zero day attack
    • Common vulnerability Exposure (CVE), Common Vulnerability Scoring system (CVSS)
    • Components of Digital communication
    • Network Topologies, Types of Networks
    • OSI model & description of Layers
  • Day 2
    • TCP/IP layer and Description of layers, Protocols description
    • TCP vs UDP, TCP handshake
    • TCP and IP header
    • IP addressing, Subnet, Supernet, CIDR representation
    • IPV4 vs IPV6
    • Routing, NAT
    • VLAN
    • VPN
    • WireShark
  • Day 3
    • File System in Windows
    • File permissions in Windows
    • Memory management
    • Password Hashing and SAM file
    • Process and Threads
    • Windows registry
    • Using Powershell commands
    • NTLM and Kerberos
  • Day 4
    • Linux Architecture
    • Linux File System, Directory Structure
    • File Permissions
    • Basic Linux Commands

Network Security & Devices

  • Day 1
    • Reconnaissance
    • Packet Crafting
    • Network mapper
  • Day 2
    • Assessment
    • Testing Common Services / Ports
    • IDS/IPS
    • Proxy
  • Day 3
    • Exploitation
    • Wireless Security
    • Firewall, Bastion Host
    • DMZ
    • AV vs EDR
    • Network Security Audit

Server Fundamentals & Security

  • Day 1
    • Windows OS Security
      • BIOS Security
      • Screen saver password
      • Security policy
      • Event log
      • Windows General Security Practices
    • AD
    • Linux OS Security
      • Boot Security
      • Security Commands
      • Patching Linux Kernel
      • Strong password Policy
      • Users and groups
  • Day 2
    • Apache Security
      • Apache Hardening
    • Webserver IIS Security
      • IIS lockdown
      • Server Logs
    • File Server
    • Email Server
    • Databases – Oracle, MSSQL

Ethical Hacking and Attack Methodologies

    • Types of Testing
    • Pentesting vs Ethical Hacking
  • Attack Methodology – Understanding the Cyber Killchain and the MITRE ATTACK Framework
    • Footprinting and Reconnaissance
    • Scanning Networks
    • Enumeration
    • Vulnerability Analysis
    • Malware Threats
    • Sniffing
    • Social Engineering
    • Denial-of-Service
    • Session Hijacking
    • Initializing IDS, Firewalls, and Honeypots
    • SQL Injection

Security Operations Center Concepts

  • What is SOC
  • Why is it required? (Objectives)
  • SOC Infrastructure

Log management

  • Computer Security Log Management
  • Log Management Infrastructure
  • Log Management Planning
  • Log Management Operational Process

SIEM (Security Information & Event Management)

  • Introduction to SIEM
  • SIEM Architecture
  • Logs and Events
  • Understanding logs, various formats
  • Log Baselining
  • Aggregation and normalization
  • Event Collection and Event Correlation
    • Correlation Rules
    • IBM QRadar
      • Components
      • Installation & Deployment
      • Initial Configuration
      • Console Overview
      • Labs
    • ELK [1 Day]
    • Splunk
      • Architecture
      • Components
      • Cluster
      • Rules, reports, dashboards and alerts.
      • Lab

Incident Response

  • Incident Response Plan
  • Incident Response and Handling Steps
  • Training and Awareness
  • Incident Management
  • Incident Response Team
  • Incident Response Team Members
  • Incident Response Team Members Roles and Responsibilities
  • Developing Skills in Incident Response Personnel
  • Incident Response Team Structure
  • Incident Response Team Dependencies
  • Incident Response Team Services
  • Defining the Relationship between Incident Response, Incident Handling, and Incident Management
  • Incident Response Best Practices
  • Incident Response Policy
  • Incident Response Plan Checklist
Open chat
Chat on WhatsApp
How we can help you?