Who should attend
This course is designed for information security professionals and managers who are responsible for detecting, preventing, or responding to cyberattacks.
About the course
This course will give students a baseline knowledge of enterprise security operations. Content will explore models and architectures of Security Operation Centers (SOCs), including implementation of both preventative and detective technologies. Students will gain skills in vulnerability management by learning how to leverage kill chains, characterize threat actors, perform vulnerability scanning, and explore adversarial tactics/techniques/procedures (TTPs). In-depth understanding of SOC operations will be attained by understanding security operation roles along with challenges related to building, operating, and maintaining SOCs. Best practices will be promoted such as the use of open source tools, risk scoring, threat hunting, use cases, incident response plans, and defense-focused architectures. The course will be taught using a combination of lectures, interactive workshops, and hands-on labs.
What You Will Learn
- Cyber threats
- Vulnerability assessment and penetration testing
- Cyber threat detection and prevention
- Security Information and Event Management (SIEM)
How You Will Benefit
- Explore current cyber threats.
- Perform vulnerability scans and penetration tests.
- Identify issues and gaps with currently available security technologies and emulate attacks to test effectiveness.
- Explore SIEM technologies and capabilities.
- Explore SOC implementations, operations, and tools.
INTRODUCTION TO SECURITY OPERATIONS AND CYBER THREATS
- SOC introduction
- Current state of cyber threats
- Cyber threat actors
- Vulnerability landscape
- Vulnerability assessments
- Penetration testing
ENTERPRISE SECURITY OPERATION ARCHITECTURES
- Perimeter protection
- Intrusion detection/prevention
- Advanced malware detection/prevention
- Endpoint protection
- Secure network architectures
- Internal network visibility
- SIEM systems
ENTERPRISE SECURITY OPERATIONS
- Building a SOC
- SOC tools and techniques
- SOC dashboards, metrics, and performance
- Incident response, handling and management
- Threat hunting
Trevor Lewis is a Research Scientist, Professional Education instructor, and Penetration Tester for the Georgia Tech Research Institute. Trevor has nearly a decade of experience in information security including architecting security operations, computer network defense, penetration testing, and ...
Currently leads Cyber Situational Awareness branch, which includes GTRI’s penetration testing team, vulnerability assessments, security operations center (SOC), industry consulting, and software development support in the areas of UI/UX, QA/QC, and PM. Responsible for successful initiation, plan...
Because of COVID-19, many providers are cancelling or postponing in-person programs or providing online participation options.
We are happy to help you find a suitable online alternative.