Cybersecurity Operations Fundamentals

If you are an associate-level cybersecurity analyst working in security operation centers, this module delves into the primary functions of a security operations center (SOC) and the critical role it plays in protecting organizational assets from cyber-attacks. Gain an understanding of SOC team member’s daily activities, identify bad actors and their motives, and review the technical and procedural challenges in a SOC.

As an associate-level cybersecurity analyst, you will explore the three most used endpoint operating systems: Windows, Linux, and Mac. Understand the basic principles, vulnerabilities, and architecture of Windows operating systems. This module equips you with knowledge of Windows processes, threads, handles, services, NTFS, domains, and user accounts, as well as Windows command line interface and PowerShell usage.

Get an introduction to network infrastructure and network security monitoring tools. Learn about ACL operation, network address translation (NAT), NSM tools, network-based malware protection, load balancing, web application firewalls, AAA, and access control models. This module provides insights into commercial, open-source, and homegrown NSM tools used within a SOC.

This module focuses on exploring data type categories in the context of network security analytics. Understand the deployment and use of SIEMs, functions of SOAR platforms, packet capture data storage and usage, session, transaction, alert, and other types of NSM data, Information Security CIA triad, and the importance of compliance regulations and intellectual property protection.

Gain insights into incident analysis in a Threat-Centric SOC. Understand the classic kill chain model, diamond model, MITRE ATTACK framework, and the use of Security Onion tools for incident investigations. This module covers the application of the kill chain model to detect and prevent ransomware, as well as the use of exploit kits by threat actors.

Understand how a threat-centric SOC must prepare for analyzing new and emerging threats by implementing robust security investigation procedures. Explore cyber-threat hunting concepts, CVSS scoring components, hot threat dashboard usage, publicly available threat awareness resources, external threat intelligence sources, and threat analytics systems.

This module provides insights into threat response and incident handling services within a SOC. Understand the incident response life cycle, elements within an incident response policy, incident classification, US-CERT incident categories, compliance regulations, CSIRT incident handling services, and the framework that defines a CSIRT.