The Modern Security Operation Center (SOC)
Published by Pearson
Building and Running Mature SOC Services and Cyber Defense Strategies
If you are responsible for an organization’s security, it is very likely you are running some form of a Security Operation Center (SOC). The maturity of your practice can range from one person responsible for everything to a team of people using various tools and processes. And although every network is different, the goal is typically the same … protect people and data from cyber threats.
This 4-hour live training course will look at industry best practices for creating and running a successful SOC. Topics will include tools and practices and we will even touch upon popular certifications for those looking to get certified. We will also examine when it makes sense to outsource part or all of your SOC capabilities as well as how to meet compliancy requirements. By the end of this training session you should have a solid understanding of what security technology is available and how it can improve your capabilities.
This course will be taught by Joseph Muniz and is based on his new book The Modern Security Operations Center. Joseph will share his first-hand experiences building and managing Security Operations Centers and this course has use cases throughout that explore the real-world issues encountered by organizations around the world.
What you’ll learn and how you can apply it
- Overview of scoping a Security Operation Center (SOC)
- Breakdown of the different services a SOC can provide
- How to map your SOC’s maturity
- Various characteristics of an effective SOC
This live event is for you because...
- You want to understand how to develop and maintain an effective SOC
- You need to or desire to improve your SOC capabilities.
Prerequisites
There are no official prerequisites for this course. However, we highly recommend you have a basic knowledge of computers and computer security concepts as well as basic operations. Commodity technologies such as Firewall and IPS will be quickly defined but how to configure them will not be covered. A basic understanding of how and why these technologies will be fine.
Recommended Preparation:
If you do not have a basic understanding of security terminology, please view the following videos before attending the training.
- All of Module 1 in CompTIA Cybersecurity Analyst CySA+ (CS0-001)
Recommended Follow-up
The Modern Security Operations Center by Joseph Muniz
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
The Security Operations Center (SOC) (40 mins)
- Business Challenges
- Threat Landscape
- SOC fundamentals
- Maturity Models
- Use case: Creating SOC Walkthrough
Different SOC Models (20 mins)
- Local vs Virtual
- Hybrid
- Managed service vs in house
- Secure Enclave
- Use case: Hybrid SOC
Break (10 mins)
SOC Capabilities (30 mins)
- Risk Management
- Vulnerability Management
- Incident Response
- Compliance
- Analysis
- Digital Forensics
- Situational and security awareness
- Research and development
Security Technologies (60 mins)
- SIEM/SOAR
- NetFlow vs Packet Capture
- Threat Intelligence / Artificial Intelligence
- Malware Analysis
- Threat Hunting
- Network Segmentation and Access Control
- Cloud Security
- Datacenter (Private and Public)
- Use Case: Defending ATP
Break (10 mins)
Technology Trends (30 mins)
- Secure Access Service Edge (SASE)
- Zero Trust Architecture
DevOps (10 mins)
- Playbooks
- Orchestration and Automation
- Use Case: Automating SOC Services
Recommendations for Risk Reduction (10 mins)
- Heat Mapping
- Use Case: Self Assessment
Certification and Training (5 mins)
Wrap Up (5 mins)
Your Instructor
Joseph Muniz
Joseph Muniz is a renowned security expert and security artificial intelligence specialist at Microsoft. With a passion for making the world a safer place, he is dedicated to promoting education and research on adversary tactics. Joseph has over two decades of experience designing security solutions and architectures for Fortune 500 companies and the US Government, serving as a trusted advisor. He is a researcher and thought leader in the industry, regularly speaking at international conferences and contributing to technical magazines. Joseph also develops training for various industry certifications, and has invented the fictitious character of Emily Williams to raise awareness of social engineering. As the founder of thesecurityblogger.com, Joseph has created a valuable resource for security and product implementation. He is the author and contributor of several publications, ranging from security best practices to exploitation tactics. His latest title, The Modern Security Operations Center, was released in 2021 and is his tenth publication. Follow Joseph’s work on Twitter at @SecureBlogger.