Leader in the cybersecurity training sector.

Contact

SOC Analyst (Security Operations Center)

Catégorie
Satisfaction rate
3.6
Success rate
4.8

The target audience for training

  • Systems and Networks technicians and administrators,
  • IT managers,
  • Security consultants,
  • Engineers,
  • Technical managers,
  • Network architects,
  • Project managers

What you will learn

On completion of the course, the trainee will be able to perform the duties of a Security Operations Centre (SOC) analyst, mainly detecting and analysing intrusions, anticipating them and putting in place the necessary protection.

Training programme

  • Duration: 8 days

Day 1 - Morning: Introduction to the SOC and its missions

  • Definition and objectives of a Security Operations Centre (SOC).
  • Types of SOC: in-house, shared, outsourced, hybrid.
  • Main tasks: prevention, detection, reaction, anticipation.
  • Key roles: N1/N2/N3 analysts, SOC manager, threat hunter, SIEM engineer.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.

 

Day 1 - Afternoon: Introduction to the SOC and its missions

  • SOC service catalogue: 24/7 monitoring, incident management, threat intelligence, reporting.
  • Structure and operation: governance, human resources, ITIL/ISO 27035 processes.
  • Resources required: human, logistical, applications.
  • Case study: comparison between internal SOC and MSSP.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt

Day 2 - Morning: Perimeter defences and detection systems

  • Firewalls: types (static, dynamic, NGFW).
  • Proxy: SSL inspection, URL filtering, access policy.
  • Centralised management of security policies.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.

 

Day 2 - Afternoon: Perimeter defences and detection systems

  • IDS/IPS: differences, detection by signature vs. behaviour.
  • Examples of alerts and concrete cases of blocked attacks.
  • Practical workshop: basic firewall / IDS configuration and alert interpretation.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.

Day 3 - Morning: Vulnerability management

  • Presentation of scanners (Nessus, Qualys, OpenVAS).
  • Vulnerability management cycle: identification, assessment, remediation, validation.
  • Correlation with CVSS and business criticality.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.

 

Day 3 - Afternoon: Vulnerability management

  • Study of a scan report: prioritising vulnerabilities.
  • Communication methods with IT teams for remediation.
  • Practical workshop: interpreting and prioritising a simulated scan.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.

Day 4 - Morning: SIEM and security monitoring

  • SIEM architecture (Splunk, QRadar, ELK).
  • Collecting and standardising logs (Windows, Linux, network equipment, applications).
  • Correlation rules and alert scenarios.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.

 

Day 4 - Afternoon: SIEM and security monitoring

  • Log investigation: search for IoCs and suspicious events.
  • Creation of supervision dashboards.
  • Practical workshop: incident simulation and alert search in the SIEM.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt

Day 5 - Morning: Setting up and legal aspects

  • Legal framework: RGPD, CNIL, ISO 27001, ISO 27035, evidential value of logs.
  • Confidentiality, storage and traceability obligations.
  • Rules of digital evidence in the event of litigation.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate the knowledge acquired.
      acquired.

 

Day 5 - Afternoon: Implementation and legal aspects

  • Steps involved in setting up a SOC :
  • Design: identification of business needs, definition of objectives, choice of tools and appropriate architecture.
  • Build: deployment of the infrastructure, integration of SIEM and IDS/IPS, implementation of operating procedures.
  • Run: operational use, alert monitoring, optimisation of detection rules, gradual ramp-up.
  • Case study: assessment of a newly deployed SOC.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.

Day 6 - Morning: Steering, indicators and continuity

  • Definition and monitoring of KPI/KRI.
  • Dashboards for CISOs and COMEX.
  • Continuous improvement process and management of non-conformities.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.

 

Day 6 - Afternoon: Steering, indicators and continuity

  • PCA/PRA applied to the SOC.
  • Managing relations with internal customers and external service providers.
  • SOC outsourcing: advantages, limitations, contractual clauses.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.

Day 7 - Case study

  • Presentation of an operational SOC and its technical architecture.
  • Incident escalation workflow : N1 → N2 → N3 → CERT.
  • Typology of common incidents: phishing, malware, DDoS, data leakage.
  • Practical exercises:
    • Investigation of simulated incidents,
    • Analysis of SIEM/EDR alerts,
    • Remediation decision and internal communication.
      • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt

Day 8 - Simulation and end of training

  • Full incident simulation: APT, ransomware, active directory compromise.
  • Teamwork: SOC roles, investigation, coordination.
  • Drafting of a technical report and an executive report.
  • Oral presentation to a mock management committee.
  • Intelligence session: overview of current threats and future trends.
  • Closing and final assessment.
  • Attendance certificates are handed out and participants evaluate the course.
    • Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.

Trainer profile

The trainer is an expert consultant in cybersecurity and SOC, whose technical, professional and teaching skills have been rigorously assessed and validated as part of our internal selection procedures.

Teaching methods and resources

The course is based on a balanced combination of theoretical and practical approaches, guaranteeing both the acquisition of knowledge and its operational application:

  • Structured theoretical input, illustrated by practical examples tailored to the participants' professional context.
  • Practical exercises and workshops at every stage to help you acquire the knowledge you need.
  • A case study linking the different skill blocks.
  • Strong interaction between trainers and trainees, making exchanges more concrete and in correlation with trainees' expectations.
  • Full educational documentation, supplied in digital format.
  • Course evaluation questionnaire at the end of the course, analysed by our teaching team.
  • Certificate of acquired skills sent to the trainee at the end of the course.
  • End-of-training certificate sent at the same time as the invoice to the company or funding organisation, confirming that the trainee has fully attended the session.

Training objectives

  • Understanding the role and tasks of a SOC analyst
  • Mastering the fundamentals of defensive cyber security
  • Using SOC tools and technologies
  • Analyse and correlate security events
  • Managing security incidents
  • Write technical reports
  • Work in coordination with other cyber security teams
  • Monitor cyber threats and attack techniques

Assessment method

  • Practical exercises and workshops at every stage of the course.
  • A case study linking the different skill blocks.
  • Quiz at the end of each day's training.
  • Self-assessment of knowledge acquired by the trainee via a questionnaire.

Training prerequisites

  • Networking skills
  • Completion of the introductory course in cybersecurity or equivalent knowledge.
See the brochure for this course
  • Language : French
  • Level : Fundamental
  • Certification body : ACG CYBERACADEMY
  • Certification: No
  • Accessibility : Yes
  • Duration: 8 days
Contact us
Book Now

Important information:

Our courses are not registered with the Répertoire National des Certifications Professionnelles (RNCP), but they do comply with the requirements of the Répertoire Spécifique (RS).

Réserver l’événement

icône Form/calendar icon
icône Form/ticket icon
1 personne
icône Form/up small icon icône Form/down small icon
Billets disponibles: Illimité
Le billet de "1 personne" est épuisé. Vous pouvez essayer un autre billet ou une autre date.

We use cookies to improve your experience. See our Cookie policy and our Privacy policy.

Information request

I would like more information about your training courses

ACG Cyberacademy collects and uses the data provided via this form in order to process your registration requests. Fields marked with an * are required. The other information enables us to optimise the follow-up of your request and the quality of our customer relations.