Implementing Cisco Cybersecurity Operations

SECOPS

This is the second course in Cisco's CCNA Cyber Ops Curriculum and is designed to provide students with an understanding of how a Security Operations Center (SOC) functions and the knowledge required in this environment.

More details

More info

CCNA will be changing in 2020. Please ensure you complete your CCNA certification before 23rd February 2020. It will automatically switch over onto the new certification.

This course focuses on the introductory-level skills needed for a SOC Analyst at the associate level. Specifically, understanding basic threat analysis, event correlation, identifying malicious activity and how to use a playbook for incident response.

This course is aimed at:

  • Individuals interested in a career in cybersecurity,or looking to understand more about cybersecurity operations, or working towards their CCNA Cyber OPs certification.

You will need:

  • Skills and knowledge equivalent to those learned in Interconnecting Cisco Networking Devices Part 1 (ICND1)
  • Skills and knowledge equivalent to those learned in Security Fundamentals (SECFND)
  • Working knowledge of the Windows operating system
  • Working knowledge of Cisco IOS networking and concepts

You will learn to:

  • Define a SOC and the various job roles in a SOC
  • Understand SOC infrastructure tools and systems
  • Learn basic incident analysis for a threat centric SOC
  • Explore resources available to assist with an investigation
  • Explain basic event correlation and normalization
  • Describe common attack vectors
  • Learn how to identifying malicious activity
  • Understand the concept of a playbook
  • Describe and explain an incident respond handbook
  • Define types of SOC Metrics
  • Understand SOC Workflow Management system and automation

Course Content:

SOC Overview

  • Defining the Security Operations Center
  • Understanding NSM Tools and Data
  • Understanding Incident Analysis in a Threat-Centric SOC
  • Identifying Resources for Hunting Cyber Threats

Security Incident Investigations

  • Understanding Event Correlation and Normalization
  • Identifying Common Attack Vectors
  • Identifying Malicious Activity
  • Identifying Patterns of Susupicious Behavior
  • Conducting Security Incident Investigations

SOC Operations

  • Describing the SOC Playbook
  • Understanding the SOC Metrics
  • Understanding the SOC WMS and Automation
  • Describing the Incident Response Plan
  • Appendix A - Describing the Computer Security Incident Response Team
  • Appendix B - Understanding the use of VERIS

Labs

  • Guided Lab 1: Explore Network Security Monitoring Tools
  • Discovery 1: Investigate Hacker Methodology
  • Discovery 2: Hunt Malicious Traffic
  • Discovery 3: Correlate Event Logs, PCAPs, and Alerts of an Attack
  • Discovery 4: Investigate Browser-Based Attacks
  • Discovery 5: Analyze Suspicious DNS Activity
  • Discovery 6: Investigate Suspicious Activity Using Security Onion
  • Discovery 7: Investigate Advanced Persistent Threats
  • Discovery 8: Explore SOC Playbooks

£ 2,595.00 ex.vat

Data sheet

Course Duration 5 Days
Location Various