Associate SOC Analyst Training and Exam
Associate SOC Analyst offers a comprehensive 3- day training that immerses you into the processes, data flows and capabilities of a SOC along with hands on, real-world tasks of a Tier 1 Analyst:
Throughout the course you’ll work with SIEM, ITSM and a SOC Ticketing System, the key toolset of the SOC Analyst. You’ll practice attacker techniques and vulnerabilities evaluation and identify companies’ critical assets & key IT systems that you are assigned to monitor and protect. You will monitor, analyse and prioritize SIEM alerts and perform triage and effective decision making to confirm and declare if a security incident is taking place. You’ll use the ticketing system to report and present your findings, and manage an incident from preparation to post-incident analysis.
One of the most important takeaways from this course is understanding the ‘Analyst Mindset’: This training will trigger your curiosity, activate your analytical brain and have you work together with your SOC Mates, Clients and Incident Responders. We’ll dive deep into the analytical process and offer you a set of hypotheses with ‘if- then’ scenario’s, what to look for and where to find ‘go- to’ resources to support your investigations. You’ll learn how to deal with the huge number of logs, alerts and events in a SOC, which can be overwhelming if not treated correctly.
The course delivers a simulated SOC environment including a virtualized ITSM, SOC Ticketing system and SIEM, fully set up to work together which will create an immersive experience and re-create your workplace environment as closely as possible.
Price: 1950.00 €
Duration: 21h
Language: English
Number of participants: 20
Objectives
By the end of this course, participants will:
- Understand and practice the mindset of the SOC Analyst, the analytical process and the collaboration skills required to successfully operate in a SOC Team
- Have gained hands on experience with SIEM, ITSM and a SOC Ticketing system, the key toolset of the Associate SOC Analyst
- Have gained hands on experience in threat analysis, reporting, escalation and have managed an incident from preparation to post-incident analysis
- Have practiced attacker techniques and vulnerabilities evaluation. They’ll have a solid understanding of and practical experience with applying the Pyramid of Pain, Cyber Kill Chain and the MITRE ATT&CK framework in investigations
- Be able to identify companies’ critical assets and key IT systems that they are assigned to monitor and protect.
- Have a fundamental understanding of use cases for security monitoring.
- Understand the processes of threat intelligence, threat hunting and incident response, their differences and how they interconnect.
Content
- Processes, data flows and capabilities of a Modern Security Operations Center, the services that it delivers, technologies deployed and how they interconnect
- SOC Analyst role: Tasks and KSA matrix (Knowledge, Skills, Abilities). Key tools and resources, major challenges and pitfalls for a junior Analyst, and how they are addressed in the training process.
- Attacker Techniques and Processes, Cyber Kill Chain, Pyramid of Pain and MITRE ATT&CK framework
- Log Collection, Use Cases, Threat Detection and Monitoring
- Event and threat analysis hands on: Data Collection. Logs and Log Collection. Critical Assets, Key IT Systems and their logs. Event Analysis, correlation and Attacker Techniques. Alerting, Reporting and Dashboarding
- Security Monitoring Use Cases, MaGMA, MaGMA UCF
- Threat Intelligence Process: Situational awareness and attribution. Pyramid of Pain and MITRE ATT&CK framework for Threat Intelligence. Detection continuous improvement and Intelligence feedback.
- Threat Hunting Process. Threat Analysis versus Threat Hunting Threat Intelligence and Incident Response.
- Incident Response model and process. Hands on threat analysis exercises and incident response business case
- Capture the Flag (practical) exam and theory exam
Target audience
- New and junior SOC Analysts
- Enterprise SOC Teams and Managed Service Providers that want to set a baseline for their SOC Analysts, and accelerate their learning curve
Our lead experts
Koen Maris is Partner at PwC Luxembourg, leading the Cyber Security practice with more than 20 years of experience in Information / Cyber security in cross industry environments.
Koen is specialised in Secure Operations Centers, incident response and awareness raising at all levels of an organisation. He has experience with Distributed Ledger Technology, IoT, OT/IT security, threat intelligence and forensics.
Koen has a strong technical background and operational experience in cyber security as well as strong competencies in security architecture, solution design, program management, business development.
Contact us
