O'Reilly logo
live online training icon Live Online training

Security Operation Center (SOC) Best Practices

Understanding best practices for any size SOC and methods to improve SOC maturity

Topic: Security
Joseph Muniz

If you are responsible for an organization’s security, it is very likely you are running some form of a Security Operation Center (SOC). The maturity of your practice can range from one person responsible for everything to a team of people using various tools and processes. And although every network is different, the goal is typically the same … protect people and data from cyber threats.

This session will look at industry best practices for running a successful SOC. Topics will include tools and practices and we will even touch upon popular certifications for those looking to get certified. We will also examine when it makes sense to outsource part or all of your SOC capabilities as well as how to meet compliancy requirements. By the end of this training session you should have as solid understanding of what security technology is available and how it can improve your capabilities.

The speaker is the author of many Cisco Press and Pearson IT Certification titles on security and hacking. Titles include: - Security Operations Center - Investigating the Cyber Breach - Digital Forensics and Cyber Crime with Kali Linux Fundamentals LiveLessons - CompTIA Cybersecurity Analyst CySA+ (CS0-001) Complete Video Course - CCNA Cyber Ops (SECFND #210-250 and SECOPS #210-255) Official Cert Guide Library

What you'll learn-and how you can apply it

  • Overview of scoping a Security Operation Center (SOC)
  • Breakdown of the different services a SOC can provide
  • How to map your SOC’s maturity
  • Various characteristics of an effective SOC

This training course is for you because...

  • You want to understand how to develop and maintain an effective SOC
  • You need to or desire to improve your SOC capabilities.


There are no official prerequisites for this course. However, we highly recommend you have a basic knowledge of computers and computer security concepts as well as basic operations. Commodity technologies such as Firewall and IPS will be quickly defined but how to configure them will not be covered. A basic understanding of how and why these technologies will be fine.

Recommended Preparation:

If you do not have a basic understanding of security terminology, please view the following videos before attending the training. All of Module 1 in CompTIA Cybersecurity Analyst CySA+ (CS0-001)

About your instructor

  • Joseph Muniz is an architect and security researcher in the Cisco Security Sales and Engineering Organization. He is driven by making the world a safer place through education and adversary research. Joseph has extensive experience in designing security solutions and architectures as a trusted advisor for the top Fortune 500 corporations and US Government.

    Joseph is a researcher and industry thought leader. He speaks regularly at international conferences, writes for technical magazines and is involved with developing training for various industry certifications. He invented the fictitious character of Emily Williams to create awareness around Social Engineering. Joseph runs thesecurityblogger.com website, a popular resource for security and product implementation. He is the author and contributor of several publications including titles ranging from security best practices to exploitation tactics. Joseph’s latest title, Digital Forensics for Network Engineers was released 2018 with two new titles on SOC and VPN coming in 2020.

    When Joseph is not using technology, you can find him on the futbal field or raising the next generation of hackers also known as his children. Follow Joseph at www.thesecurityblogger.com and @SecureBlogger.


The timeframes are only estimates and may vary according to how the class is progressing

SOC – 20 mins

  • Business Challenges
  • Compliance
  • Threat Landscape

Different SOC Models – 10 mins

  • Local vs Virtual
  • Cloud
  • Hybrid

SOC Capabilities - 30 mins

  • Risk Management
  • Vulnerability Management
  • Compliance
  • Incident Response
  • Digital Forensics

Break (10 mins)

Security technologies 60 mins

  • SIEM
  • Logging
  • Netflow
  • Packet Capture
  • Threat Intel
  • AI
  • Networks

Break (10 mins)

Recommendations for Risk Reduction 20 mins

  • Edge
  • Remote Users
  • Access Control
  • Continuous Monitoring

Certification and Training 20 mins

Wrap Up 10 mins