Security Operations (SOC) 101 – TCM Security

Course Overview

This course aims to equip students with all of the fundamental security operations knowledge and practical skills needed in order to achieve and excel in a T1 or T2 SOC Analyst position. By covering topics such as phishing analysis, incident response procedures, threat detection techniques, log analysis, SIEM management, and security tool utilization, students will gain the essential competencies required to effectively monitor, analyze, and respond to security incidents within a SOC environment.

Students will be able to actively engage with the course material through bite-sized video demonstrations, written materials and references, quizzes to assess comprehension, and practical exercises that simulate real-world scenarios.

By the end of the course, participants will be proficient in using various common security tools, analyzing security events and artifacts, handling alert tickets, triaging, and responding effectively to incidents within a SOC. Additionally, the course aims to foster critical thinking skills and encourage both proactive and reactive methodologies, which are pivotal for skilled analysts.

Key Topics Covered:

• Security Operations Fundamentals
• Phishing Analysis
• Network Security Monitoring
• Network Traffic Analysis
• Endpoint Security Monitoring
• Endpoint Detection and Response
• Log Analysis and Management
• Security Information and Event Management (SIEM)
• Threat Intelligence
• Digital Forensics
• Incident Response
  

System Requirements

To get the most out of this course and follow along with the labs, there will be times where two virtual machines (VMs) need to be run simultaneously. If resources are limited, you can run one VM at a time and follow along with the course. Below are the recommended (ideal) specifications. Feel free to adjust based on your own system’s limitations, but these specs will ensure a smoother experience with the course labs.

Processor: 64-bit Intel i5 or i7, 2.0 GHz or higher.

RAM: At least 8 GB (ideally 8-12+ GB) to efficiently run multiple VMs.

Disk Space: 80-100 GB of free storage. SSDs are recommended for better performance.

Prerequisites

Networking Fundamentals:

• Basic understanding of TCP/IP and OSI models.
• Knowledge of network concepts such as subnets, internal vs. external IP addresses, network address translation, and routing.
• Familiarity with common protocols (e.g., SSH, FTP, HTTP, HTTPS).

The foundations and network sections of the course will provide a refresher on these concepts and more, but it would be ideal to have these foundations coming into the course.

Operating System Fundamentals:

• Basic familiarity with Windows and Linux components.
• Working with the command-line and knowledge of basic commands and navigation (e.g., cd, ls, cat).
• Troubleshooting skills

Basic Information Security Concepts:

• Understanding of foundational security concepts such as the CIA triad, security controls, encryption, and hashing.
• Basic security appliances and controls (e.g., firewalls, proxies, VPNs, EDR)

The foundations section of the course will provide a comprehensive information security refresher.

SOC 101 Course Objectives

• Understand the foundational principles and practices of security operations.
• Learn techniques for analyzing and identifying phishing attacks.
• Develop skills in monitoring network traffic for security threats and anomalies.
• Develop skills in monitoring and analyzing security events on individual hosts.
• Learn how to effectively use a SIEM for security event correlation, analysis, and incident management.
• Learn how to leverage threat intelligence to enhance security operations and incident response.
• Develop an understanding of digital forensics processes, common tools, and methodologies.
• Understand the procedures, and best practices for incident response in a SOC environment.

Who Should Take SOC 101?

This course will be aimed at individuals who are looking to pursue a career in cybersecurity (beginners with basic or little cybersecurity knowledge or experience), specifically focusing on defensive security operations within a Security Operations Center (SOC) environment.

This course aims to be extremely marketable, offering an all-encompassing curriculum and digestible content to help students secure and thrive in their first security role or advance to a T2 analyst position. The practical exercises included within the course provide students with tangible skills and experience to discuss during interviews, even if they have no direct experience in a professional SOC role.