Cisco - SECOPS - Implementing Cisco Cybersecurity Operations
Request a Class


COURSE COST: $3595.00

COURSE TIMES: 9:00am - 4:30pm

Printable version of this course


Today's organizations are challenged with rapidly detecting cybersecurity breaches and effectively responding to security incidents. Teams of people in Security Operations Centers (SOC’s) keep a vigilant eye on security systems, protecting their organizations by detecting and responding to cybersecurity threats. CCNA Cyber Ops prepares candidates to begin a career working with associate-level cybersecurity analysts within security operations centers.

This course allows learners to understand how a Security Operations Center (SOC) functions and the introductory-level skills and knowledge needed in this environment. It focuses on the introductory-level skills needed for a SOC Analyst at the associate level. Specifically, understanding basic threat analysis, event correlation, identifying malicious activity, and how to use a playbook for incident response.


The primary audience for this course is as follows:

Security Operations Center Security Analyst
Computer Network Defense Analyst
Computer Network Defense Infrastructure Support personnel
Future Incident Responders and Security Operations Center (SOC) personnel
Students beginning a career and entering the cybersecurity field
IT personnel looking to learn more about the area of cybersecurity operations
Students beginning a career, entering the cybersecurity field.
Cisco Channel Partners
The knowledge and skills that a learner should have before attending this course are as follows:

Skills and knowledge equivalent to those learned in Interconnecting Cisco Networking Devices Part 1 (ICND1)
Working knowledge of the Windows operating system
Working knowledge of Cisco IOS networking and concepts


*Course Cost listed includes the cost of courseware & labs. Course is subject to a minimum enrollment to run the class. Course may run as a virtual instructor led class - live on line if the minimum enrollment is not met. For more information, please contact or call 207-775-0244.


Course Objectives
Define a SOC and the various job roles in a SOC
Understand SOC infrastructure tools and systems
Learn basic incident analysis for a threat centric SOC
Explore resources available to assist with an investigation
Explain basic event correlation and normalization
Describe common attack vectors
Learn how to identify malicious activity
Understand the concept of a playbook
Describe and explain an incident respond handbook
Define types of SOC Metrics
Understand SOC Workflow Management system and automation

Module 1: SOC Overview
Lesson 1: Defining the Security Operations Center
Lesson 2: Understanding NSM Tools and Data
Lesson 3: Understanding Incident Analysis in a Threat-centric SOC
Lesson 4: Identifying Resources for Hunting Cyber Threats

Module 2: Security Incident Investigations
Lesson 1: Understanding Event Correlation and Normalization
Lesson 2: Identifying Common Attack Vectors
Lesson 3: Identifying Malicious Activity
Lesson 4: Identifying Patterns of Suspicious Behavior
Lesson 5: Conducting Security Incident Investigations

Module 3: SOC Operations
Lesson 1: Describing the SOC Playbook
Lesson 2: Understanding the SOC Metrics
Lesson 3: Understanding the SOC WMS and Automation
Lesson 4: Describing the Incident Response Plan
Lesson 5: Appendix A—Describing the Computer Security Incident Response Team
Lesson 6: Appendix B—Understanding the use of VERIS

Lab Outline:
Guided Lab 1: Explore Network Security Monitoring Tools
Discovery 1: Investigate Hacker Methodology
Discovery 2: Hunt Malicious Traffic
Discovery 3: Correlate Event Logs, PCAPs, and Alerts of an Attack
Discovery 4: Investigate Browser-Based Attacks
Discovery 5: Analyze Suspicious DNS Activity
Discovery 6: Investigate Suspicious Activity Using Security Onion
Discovery 7: Investigate Advanced Persistent Threats
Discovery 8: Explore SOC Playbooks