SOC-200: Security Operations and Defensive Analysis

SOC-200 (Security Operations and Defensive Analysis) is a defensive-minded course covering the foundations of defending networks and systems against cyber threats. The course will focus on developing techniques for easily parsing and analyzing logs, which can be performed at scale. This more manual approach ensures a better understanding of how logs and artifacts are generated and how they can be queried in both Windows and Linux environments. Along the way, learners will develop an understanding of network security incidents and detection techniques.

SOC-200 equips learners with a wide range of practical skills and defensive techniques, including:

• Understanding Windows endpoint security, including desktops, laptops, and other user devices, along with the threats and vulnerabilities that affect them
• Identifying social engineering and spear phishing tactics, two of the most common attack methods used by adversaries
• Using the Invoke-Obfuscation framework to automate PowerShell obfuscation and create realistic traps for simulated attackersExploring Linux endpoint concepts, including security mechanisms and common vulnerabilities, to understand how attackers target Unix-based systemsLeveraging administrative groups such as Domain Admins, Enterprise Admins, and Full Administrators to understand access control in secure domain environmentsDeploying and working with SIEM tools like ELK and Splunk to monitor logs, detect anomalies, and investigate security incidents

SOC-200 is organized into 19 modules, many with companion videos for learners who prefer a more visual presentation of the information. Each of the modules also includes hands-on activities and labs, which allow the learners to "show their work" and prove they have completed and understand what was covered. Once learners have completed the course materials, there are more than a dozen Challenge Labs to test their ability to bring all of the concepts together and actually defend their infrastructure against attackers. Once they are ready, learners can sit for the OSDA exam, where they will demonstrate their ability to identify, analyze, and respond to potential threats within a live lab environment.

SOC-200 is for anyone looking to take a serious step into the world of information security and learn the skills of detecting cyber attacks. The course material will describe how to detect a variety of attacks and techniques used by malicious entities against enterprises. To be successful in this course, learners should have a solid foundation in TCP/IP networking, a familiarity with Linux and Windows operating systems, and a basic understanding of cybersecurity concepts.