Security Operation Center (SOC) Best Practices
Published by Pearson
Understanding best practices for any size SOC and methods to improve SOC maturity
If you are responsible for an organization’s security, it is very likely you are running some form of a Security Operation Center (SOC). The maturity of your practice can range from one person responsible for everything to a team of people using various tools and processes. And although every network is different, the goal is typically the same … protect people and data from cyber threats.
This session will look at industry best practices for running a successful SOC. Topics will include tools and practices and we will even touch upon popular certifications for those looking to get certified. We will also examine when it makes sense to outsource part or all of your SOC capabilities as well as how to meet compliancy requirements. By the end of this training session you should have as solid understanding of what security technology is available and how it can improve your capabilities.
The speaker is the author of many Cisco Press and Pearson IT Certification titles on security and hacking. Titles include:
- Security Operations Center
- Investigating the Cyber Breach
- Digital Forensics and Cyber Crime with Kali Linux Fundamentals LiveLessons
- CompTIA Cybersecurity Analyst CySA+ (CS0-001) Complete Video Course
- CCNA Cyber Ops (SECFND #210-250 and SECOPS #210-255) Official Cert Guide Library
What you’ll learn and how you can apply it
- Overview of scoping a Security Operation Center (SOC)
- Breakdown of the different services a SOC can provide
- How to map your SOC’s maturity
- Various characteristics of an effective SOC
This live event is for you because...
- You want to understand how to develop and maintain an effective SOC
- You need to or desire to improve your SOC capabilities.
Prerequisites
There are no official prerequisites for this course. However, we highly recommend you have a basic knowledge of computers and computer security concepts as well as basic operations. Commodity technologies such as Firewall and IPS will be quickly defined but how to configure them will not be covered. A basic understanding of how and why these technologies will be fine.
Recommended Preparation:
If you do not have a basic understanding of security terminology, please view the following videos before attending the training. All of Module 1 in CompTIA Cybersecurity Analyst CySA+ (CS0-001)
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
SOC – 20 mins
- Business Challenges
- Compliance
- Threat Landscape
Different SOC Models – 10 mins
- Local vs Virtual
- Cloud
- Hybrid
SOC Capabilities - 30 mins
- Risk Management
- Vulnerability Management
- Compliance
- Incident Response
- Digital Forensics
Break (10 mins)
Security technologies 60 mins
- SIEM
- Logging
- Netflow
- Packet Capture
- Threat Intel
- AI
- Networks
Break (10 mins)
Recommendations for Risk Reduction 20 mins
- Edge
- Remote Users
- Access Control
- Continuous Monitoring
Certification and Training 20 mins
Wrap Up 10 mins
Your Instructor
Joseph Muniz
Joseph Muniz is a renowned security expert and security artificial intelligence specialist at Microsoft. With a passion for making the world a safer place, he is dedicated to promoting education and research on adversary tactics. Joseph has over two decades of experience designing security solutions and architectures for Fortune 500 companies and the US Government, serving as a trusted advisor. He is a researcher and thought leader in the industry, regularly speaking at international conferences and contributing to technical magazines. Joseph also develops training for various industry certifications, and has invented the fictitious character of Emily Williams to raise awareness of social engineering. As the founder of thesecurityblogger.com, Joseph has created a valuable resource for security and product implementation. He is the author and contributor of several publications, ranging from security best practices to exploitation tactics. His latest title, The Modern Security Operations Center, was released in 2021 and is his tenth publication. Follow Joseph’s work on Twitter at @SecureBlogger.