Enterprise Security Operations for Effective Cyber Defense
This course will give students a baseline knowledge of enterprise security operations. Content will explore models and architectures of Security Operation Centers (SOCs), including implementation of both preventative and detective technologies. Students will gain skills in vulnerability management by learning how to leverage kill chains, characterize threat actors, perform vulnerability scanning, and explore adversarial tactics/techniques/procedures (TTPs). In-depth understanding of SOC operations will be attained by understanding security operation roles along with challenges related to building, operating, and maintaining SOCs. Best practices will be promoted such as the use of open source tools, risk scoring, threat hunting, use cases, incident response plans, and defense-focused architectures. The course will be taught using a combination of lectures, interactive workshops, and hands-on labs.
What You Will Learn
- Cyber threats
- Vulnerability assessment and penetration testing
- Cyber threat detection and prevention
- Security Information and Event Management (SIEM)
How You Will Benefit
- Explore current cyber threats.
- Perform vulnerability scans and penetration tests.
- Identify issues and gaps with currently available security technologies and emulate attacks to test effectiveness.
- Explore SIEM technologies and capabilities.
- Explore SOC implementations, operations, and tools.
INTRODUCTION TO SECURITY OPERATIONS AND CYBER THREATS
- SOC introduction
- Current state of cyber threats
- Cyber threat actors
- Vulnerability landscape
- Vulnerability assessments
- Penetration testing
ENTERPRISE SECURITY OPERATION ARCHITECTURES
- Perimeter protection
- Intrusion detection/prevention
- Advanced malware detection/prevention
- Endpoint protection
- Secure network architectures
- Internal network visibility
- SIEM systems
ENTERPRISE SECURITY OPERATIONS
- Building a SOC
- SOC tools and techniques
- SOC dashboards, metrics, and performance
- Incident response, handling and management
- Threat hunting
Who should attend
This course is designed for information security professionals and managers who are responsible for detecting, preventing, or responding to cyberattacks.