Leader in the cybersecurity training sector.

Contact

Security Operations Center certification course

Reference : SECSOC

Duration: 8 days (56 hours)

Certification: SOC (Security Operations Center) Analyst certification

Cost : On request

Category: 
Cybersecurity

Our in-company training courses are customised, flexible and tailored to the specific needs of your team.

I WOULD LIKE A QUOTE
Download the brochure

Prerequisite knowledge

The SOC Analyst course requires knowledge of networks and a good understanding of the basics of cybersecurity. It is recommended that you have followed the introductory course in cybersecurity or have equivalent knowledge before enrolling on this course.

Trainee profile

This course is aimed at systems and network technicians and administrators, IT managers, security consultants, engineers and technical managers. It is also of interest to network architects and project managers wishing to develop or deepen their skills in the field of operational security and SOC centres.

Objectives

  • Understanding the role and tasks of a SOC analyst.
  • Master the fundamentals of defensive cyber security.
  • Use SOC tools and technologies.
  • Analyse and correlate security events.
  • Managing security incidents.
  • Writing technical reports.
  • Working in coordination with other cyber security teams.
  • Monitor cyber threats and attack techniques.

Certification prepared

  • No

Teaching methods

  • Provision of one workstation per trainee
  • Digital teaching documentation provided during the course
  • The course is made up of theoretical contributions, practical exercises, reflections and feedback.
  • Attendance at this training course gives rise to the signature of an attendance sheet.

Trainer

  • Expert consultant and trainer in Cybersecurity and SOC

Assessment methods

  • Practical exercises and workshops at every stage of the course.
  • A case study linking the different skill blocks.
  • Quiz at the end of each day's training.
  • Self-assessment of knowledge acquired by the trainee via a questionnaire.

Course content

Day 1: Introduction to the SOC and its missions

Day 1 - Morning: Introduction to the SOC and its missions

  • Definition and objectives of a Security Operations Centre (SOC).
  • Types of SOC: in-house, shared, outsourced, hybrid.
  • Main tasks: prevention, detection, reaction, anticipation.
  • Key roles: N1/N2/N3 analysts, SOC manager, threat hunter, SIEM engineer.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.

 

Day 1 - Afternoon: Introduction to the SOC and its missions

  • SOC service catalogue: 24/7 monitoring, incident management, threat intelligence, reporting.
  • Structure and operation: governance, human resources, ITIL/ISO 27035 processes.
  • Resources required: human, logistical, applications.
  • Case study: comparison between internal SOC and MSSP.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt

Day 2 - Morning: Perimeter defences and detection systems

  • Firewalls: types (static, dynamic, NGFW).
  • Proxy: SSL inspection, URL filtering, access policy.
  • Centralised management of security policies.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.

 

Day 2 - Afternoon: Perimeter defences and detection systems

  • IDS/IPS: differences, detection by signature vs. behaviour.
  • Examples of alerts and concrete cases of blocked attacks.
  • Practical workshop: basic firewall / IDS configuration and alert interpretation.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.

Day 3 - Morning: Vulnerability management

  • Presentation of scanners (Nessus, Qualys, OpenVAS).
  • Vulnerability management cycle: identification, assessment, remediation, validation.
  • Correlation with CVSS and business criticality.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.

 

Day 3 - Afternoon: Vulnerability management

  • Study of a scan report: prioritising vulnerabilities.
  • Communication methods with IT teams for remediation.
  • Practical workshop: interpreting and prioritising a simulated scan.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.

Day 4 - Morning: SIEM and security monitoring

  • SIEM architecture (Splunk, QRadar, ELK).
  • Collecting and standardising logs (Windows, Linux, network equipment, applications).
  • Correlation rules and alert scenarios.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.

 

Day 4 - Afternoon: SIEM and security monitoring

  • Log investigation: search for IoCs and suspicious events.
  • Creation of supervision dashboards.
  • Practical workshop: incident simulation and alert search in the SIEM.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt

Day 5 - Morning: Setting up and legal aspects

  • Legal framework: RGPD, CNIL, ISO 27001, ISO 27035, evidential value of logs.
  • Confidentiality, storage and traceability obligations.
  • Rules of digital evidence in the event of litigation.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate the knowledge acquired.
      acquired.

 

Day 5 - Afternoon: Implementation and legal aspects

  • Steps involved in setting up a SOC :
  • Design: identification of business needs, definition of objectives, choice of tools and appropriate architecture.
  • Build: deployment of the infrastructure, integration of SIEM and IDS/IPS, implementation of operating procedures.
  • Run: operational use, alert monitoring, optimisation of detection rules, gradual ramp-up.
  • Case study: assessment of a newly deployed SOC.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.

Day 6 - Morning: Steering, indicators and continuity

  • Definition and monitoring of KPI/KRI.
  • Dashboards for CISOs and COMEX.
  • Continuous improvement process and management of non-conformities.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.

 

Day 6 - Afternoon: Steering, indicators and continuity

  • PCA/PRA applied to the SOC.
  • Managing relations with internal customers and external service providers.
  • SOC outsourcing: advantages, limitations, contractual clauses.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.

Day 7 - Case study

  • Presentation of an operational SOC and its technical architecture.
  • Incident escalation workflow : N1 → N2 → N3 → CERT.
  • Typology of common incidents: phishing, malware, DDoS, data leakage.
  • Practical exercises:
    • Investigation of simulated incidents,
    • Analysis of SIEM/EDR alerts,
    • Remediation decision and internal communication.
      • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt

Day 8 - Simulation and end of training

  • Full incident simulation: APT, ransomware, active directory compromise.
  • Teamwork: SOC roles, investigation, coordination.
  • Drafting of a technical report and an executive report.
  • Oral presentation to a mock management committee.
  • Intelligence session: overview of current threats and future trends.
  • Closing and final assessment.
  • Attendance certificates are handed out and participants evaluate the course.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.

We use cookies to improve your experience. See our Cookie policy and our Privacy policy.

Demande d’information

Je souhaite obtenir plus d'informations sur vos formations.
ACG CyberAcademy collecte et utilise les données fournies via ce formulaire afin de traiter vos demandes d'inscription. Les champs marqués d’un * sont indispensables. Les autres informations nous permettent d’optimiser le suivi de votre demande ainsi que la qualité de notre relation client.
* Pour en savoir plus et exercer vos droits, consultez notre Politique Vie privée.

Demande d’information

Je souhaite obtenir plus d'informations sur vos formations.
ACG CyberAcademy collecte et utilise les données fournies via ce formulaire afin de traiter vos demandes d'inscription. Les champs marqués d’un * sont indispensables. Les autres informations nous permettent d’optimiser le suivi de votre demande ainsi que la qualité de notre relation client.
* Pour en savoir plus et exercer vos droits, consultez notre Politique Vie privée.