Who should attend
This training is designed for individuals seeking a role as an associate-level cybersecurity analyst and IT professionals desiring knowledge in Cybersecurity operations or those in pursuit of the Cisco Certified CyberOps Associate certification including:
- Students pursuing a technical degree
- Current IT professionals
- Recent college graduates with a technical degree
Prerequisites
Before taking this training, you should have the following knowledge and skills:
- Familiarity with Ethernet and TCP/IP networking
- Working knowledge of the Windows and Linux operating systems
- Familiarity with basics of networking security concepts
The following Cisco course can help you gain the knowledge you need to prepare for this course:
Course Objectives
After taking this training, you should be able to:
- Explain how a SOC operates and describe the different types of services that are performed from a Tier 1 SOC analyst’s perspective
- Explain the use of SOC metrics to measure the effectiveness of the SOC
- Explain the use of a workflow management system and automation to improve the effectiveness of the SOC
- Describe the Windows operating system features and functionality
- Provide an overview of the Linux operating system
- Understand common endpoint security technologies
- Explain the network security monitoring (NSM) tools that are available to the network security analyst
- Describe security flaws in the TCP/IP protocol and how they can be used to attack networks and hosts
- Explain the data that is available to the network security analyst
- Describe the basic concepts and uses of cryptography
- Understand the foundational cloud security practices, including deployment and service models, shared responsibilities, compliance frameworks, and identity and access management, to effectively secure cloud environments against cyberthreats
- Understand and implement advanced network security, data protection, secure application deployment, continuous monitoring, and effective disaster recovery strategies to secure cloud deployments
- Understand the kill chain and the diamond models for incident investigations, and the use of exploit kits by threat actors
- Identify the common attack vectors
- Identify malicious activities
- Identify patterns of suspicious behaviors
- Identify resources for hunting cyber threats
- Explain the need for event data normalization and event correlation
- Conduct security incident investigations
- Explain the use of a typical playbook in the SOC
- Describe a typical incident response plan and the functions of a typical computer security incident response team (CSIRT)
Detailed Course Outline
- Defining the Security Operations Center
- Understanding SOC Metrics
- Understanding SOC Workflow and Automation
- Understanding Windows Operating System Basics
- Understanding Linux Operating System Basics
- Understanding Endpoint Security Technologies
- Understanding Network Infrastructure and Network Security Monitoring Tools
- Understanding Common TCP/IP Attacks
- Exploring Data Type Categories
- Understanding Basic Cryptography Concepts
- Cloud Security Fundamentals
- Securing Cloud Deployments
- Understanding Incident Analysis in a Threat-Centric SOC
- Identifying Common Attack Vectors
- Identifying Malicious Activity
- Identifying Patterns of Suspicious Behavior
- Identifying Resources for Hunting Cyber Threats
- Understanding Event Correlation and Normalization
- Conducting Security Incident Investigations
- Using a Playbook Model to Organize Security Monitoring
- Describing Incident Respons
e