SOC Operator & Incident Responder: SOC-IR

    5FC4B8D9-E1F4-4542-8C21-9449212E9893 Created with sketchtool. call us Fill 1 Created with Sketch. contact us
    download syllabus

    About the SOC Programme

    The domains covered in this comprehensive training programme relates to the core skills and knowledge you need to know to working and operating a SOC & IR centres.

    The graduates of this training shall understand the theoretical and practical components associated with their roles as SOC analysts. Therefore, the course is rich in hands-on practices which closely accompanied the theoretical topics addressed in this training.

    SOC analyst is a cybersecurity professional who works as part of a team to monitor and fight threats to an organisation’s IT infrastructure, and to assess security systems and measures for weaknesses and possible improvements. The SOC in the job title stands for security operations centre; this is the name for the team, which consists of multiple analysts and other security pros, and often works together in a single physical location. A SOC may be an internal team serving a single enterprise or an outsourced service providing security for one or more external clients.

    SOC analyst is a job title held by infosec newbies and more experienced pros alike. The job can be a great steppingstone into a cybersecurity career.

    There are three main Tiers (or level of expertise) in this progression:

    • Tier 1 SOC analysts are triage specialists who monitor, manage, and configure security tools, review incidents to assess their urgency, and escalate incidents if necessary.
    • Tier 2 SOC analysts are incident responders, remediating serious attacks escalated from Tier 1, assessing the scope of the attack and affected systems, and collecting data for further analysis.
    • Tier 3 SOC analysts are threat hunters, working proactively to seek out weaknesses and stealthy attackers, conducting penetration tests, and reviewing vulnerability assessments. Some Tier 3 analysts focus more on doing deep dives into datasets to understand what is happening during and after attacks.

    Other graduates may proceed to advanced studies in Forensics or Malware Analysis.

    Target Audience

    The programme is aimed for students with a background in IT who wish to develop a career in SOC and Incident Response. A familiarity with OP and Networking is essential.

    Entry Requirements

    You will not be tested on these requirements for enrolment. However, we emphasize that without background knowledge it will be difficult to keep up with materials covered throughout the course and even more challenging to pass the exams and assignments. The following are expected:

    1. Prior knowledge in IT: OS and Networking
    2. Passing an admission interview
    3. Good command of the English language

    Pedagogical Requirements

    1. Attendance in 85% of the sessions
    2. Passing grade (70 and above) in each of the exams and assignments
    3. In technical modules – ”hands-on” practice labs in class and at home.

    Academic Faculty

    Our lecturers live and breathe cyber with a deep knowledge of the world of IT systems and networking and have extensive experience in establishing SOC and IR centres in Israel and abroad.


    Module 0: Course Introduction

    1. Welcome to SOC Analyst Course
    • Message to the Student
    • Welcome
    • Today’s Cybersecurity Analyst

    Module 1: Threat & Vulnerability Management

    1. The importance of threat data and intelligence
    • Intelligence sources
    • Confidence levels
    • Indicator management
    • Threat classification
    • Threat actors
    • Collection
    • Commodity malware
    • Information sharing and analysis communities
    • Reconnaissance Techniques
    • Network Reconnaissance
    • Response and Counter Measures
    • Securing Corporate Environments
    • Implementing the Information Security Vulnerability Management Process
    • Analyze Output of Vulnerability Scan
    • Compare and Contrast Common Vulnerabilities
    1. Utilization of threat intelligence to support organizational security
    • Attack frameworks
    • Threat research
    • Threat modeling methodologies
    • Threat intelligence sharing with supported functions
    1. Vulnerability management activities
    • Vulnerability identification
    • Validation
    • Remediation/mitigation
    • Scanning parameters and criteria
    • Inhibitors to remediation
    1. Vulnerability assessment tools
    • Web application scanner
    • Infrastructure vulnerability scanner
    • Software assessment tools and techniques
    • Enumeration
    • Wireless assessment tools
    • Cloud infrastructure assessment tools
    1. Threats and vulnerabilities
    • Mobile
    • Internet of Things (IoT)
    • Embedded
    • Real-time operating system (RTOS)
    • System-on-Chip (SoC)
    • Field programmable gate array (FPGA)
    • Physical access control
    • Building automation systems
    • Vehicles and drones – CAN bus
    • Workflow and process automation systems
    • Industrial control system
    • Supervisory control and data acquisition (SCADA) – Modbus
    1. Threats and vulnerabilities in cloud environment
    • Cloud service models
    • Cloud deployment models – Public – Private – Community – Hybrid
    • Function as a Service (FaaS)/ serverless architecture
    • Infrastructure as code (IaC)
    • Insecure application programming interface (API)
    • Improper key management
    • Unprotected storage
    • Logging and monitoring
    1. Implementation of controls
    • Attack types
    • Vulnerabilities

    Module 2: Software and Systems Security

    1. Solutions for infrastructure management
    • Cloud vs. on-premises
    • Asset management
    • Segmentation
    • Network architecture
    • Containerization
    • Identity and access management
    • Cloud access security broker (CASB)
    • Honeypot
    • Monitoring and logging
    • Encryption
    • Certificate management
    • Active defense
    1. Software assurance best practices
    • Software development life cycle (SDLC) integration
    • DevSecOps
    • Software assessment methods
    • Secure coding best practices
    • Static analysis tools
    • Dynamic analysis tools
    • Formal methods for verification of critical software
    • Service-oriented architecture

    Hardware assurance best practices

    • Hardware root of trust
    • eFuse
    • Unified Extensible Firmware Interface (UEFI)
    • Trusted foundry
    • Secure processing
    • Anti-tamper
    • Self-encrypting drive
    • Trusted firmware updates
    • Measured boot and attestation
    • Bus encryption

    Module 3: Security Operations and Monitoring

    1. Analyze data as part of security monitoring activities
    • Heuristics
    • Trend analysis
    • Endpoint
    • Network
    • Log review
    • Impact analysis
    • Security information and event management (SIEM) review
    • Query writing
    • E-mail analysis
    1. Hardening controls to improve security
    • Permissions
    • Allow list (previously known as whitelisting)
    • Blocklist (previously known as blacklisting)
    • Firewall
    • Intrusion prevention system (IPS) rules
    • Data loss prevention (DLP)
    • Endpoint detection and response (EDR)
    • Network access control (NAC)
    • Sinkholing
    • Malware signatures – Development/rule writing
    • Sandboxing
    • Port security

    1. Proactive threat hunting
    • Establishing a hypothesis
    • Profiling threat actors and activities
    • Threat hunting tactics – Executable process analysis
    • Reducing the attack surface area
    • Bundling critical assets
    • Attack vectors
    • Integrated intelligence
    • Improving detection capabilities
    1. Automation concepts and technologies
    • Workflow orchestration
    • Scripting
    • Application programming interface (API) integration
    • Automated malware signature creation
    • Data enrichment
    • Threat feed combination
    • Machine learning
    • Use of automation protocols and standards
    • Continuous integration

    Module 4: Incident Response

    1. Incident response process.
    • Response coordination with relevant entities
    • Factors contributing to data criticality
    1. Incident response procedure
    • Preparation
    • Detection and analysis
    • Containment
    • Eradication and recovery
    • Post-incident activities
    1. Potential indicators of compromis.
    • Network-related
    • Host-related
    • Application-related
    1. Basic digital forensics techniques
    • Network
    • Endpoint
    • Cloud
    • Virtualization
    • Legal hold
    • Procedures
    • Hashing
    • Carving
    • Data acquisition
    1. Forensics Tools and Investigation


    Module 5: Windows Security Monitoring

    1. Introduction to Windows Security Monitoring
    • Windows Auditing Subsystem
    • Security Monitoring Scenarios
    • Local User Accounts
    • Local Security Groups
    • Microsoft Active Directory
    • Active Directory Objects
    • Authentication Protocols
    • Operating System Events
    • Logon Rights and User Privileges
    • Windows Applications
    • Filesystem and Removable Storage
    • Windows Registry
    • Network File Shares and Named Pipes


    Certified SOC Analyst

    See-Security certificate will be awarded to students who fulfil the pedagogical requirement.

    Students can also attempt the CCNA-Cyber Ops and / or the CompTIA-CySA+ and / or the EC Council- ECIH certifications.