TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies

 

Course Overview:

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies is the big picture overview of a SOC, other courses provide a deep dive into the technologies that a SOC may utilize. This course addresses the internal workings of staff, skills required, required authorizations, internal agreements, and setting appropriate expectation levels of a SOC within budget constraints. A SOC is not a one size fits all, the instructor has decades of security experience and brings to the table opportunities to discuss what can work within constraints. Many organizations are coming to the realization that some level of a SOC is now required and to learn just what decisions need to be made: Out-sourced, In-sourced, budgets, capabilities and many more. Students leave with a worksheet of how to progress when they get back to their organization.

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies – Is a course that incorporates lecture, demos, and group exercises for standing up a Security Operations Center (SOC). Students learn strategies and resources required to deploy, build, and run Network Security Monitoring (NSM) and work roles and flows for a SOC. No network is bullet proof and when attackers access your network, this course will show you options and resources to build a security net to detect, contain, and control the attacker. Examples on what it takes to architect an NSM solution to identify sophisticated attackers and a response strategy. Properly implemented detection and response technologies is integral to incident response and provides the responders timely information and tools to react to the incident. Effective demonstrations are given of Open Source technologies that build up a SOC, but any software can be used and demonstrations are provided to demonstrate technology families not push a specific solution.

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies demonstrations utilize a cyber range that gives each student in-depth knowledge of monitoring live systems to include: Cisco, Windows, Linux, IoT, and Firewalls; and software and services to provide orchestrate Incident Response, Intelligence Analysis, and Hunt Operations.

Attendees to TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies class will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 2 Days

Course Objective:

    • To provide management an overview of what it takes to stand up a SOC.

Prerequisites:

  • Students should have an understanding of the security field.

Course Outline:

  • What threats does my organization care about?
  • What does a threat look like?
  • What does a threat look like?
  • How to present the SOC internally.
  • Communication with Stakeholders and Executives
    • Leveraging and integrating existing security measures
  • People
    • Establishing a skill matrix and work roles for SOC members
    • Establishing a training path
    • Personnel background requirementsProcesses
  • Processes
    • Alignment to standards: NIST, PCI, HIPAA, etc.
    • Risk related decision trees
    • Playbooks
    • Threat Intelligence Integration
  • Technology – Tool Suites to Support:
    • Ethical Hacking
    • Network Security Monitoring and SIEM
    • Forensics
    • Dashboards
    • Analysis and Hunting
    • Incident Management and Ticketing

 

Comments

Latest comments from students

 

Liked the class?  Then let everyone know!

Security Course Flow

We are often asked what is the recommended sequence of classes.  Here is our recommended sequence of classes for The Security Field.

Certified Information Security Manager (CISM)

CT-325 CompTIA Security+ Arrowright TN-825 Certified Information Security Manager

Certified Information Systems Auditor(CISA)

CT-325 CompTIA Security+ Arrowright TN-425 Certified Ethical Hacker Arrowright TN-822: Certified Information Systems Auditor (CISA)

Certified Information Systems Security Professional(CISSP)

CT-325 CompTIA Security+ Arrowright TN-425 Certified Ethical Hacker Arrowright TN-815 CISSP Certification Prep Seminar

 

TN-715: Systems Security Certified Practitioner (SSCP)

Course Overview:

Looking to move up in the information security field? If you have at least one year of security experience, you qualify for the Systems Security Certified Practitioner (SSCP) certification, which offers junior security professionals a way to validate their experience and demonstrate competence with (ISC²)®’s seven domains.

Attendees to TN-715: Systems Security Certified Practitioner (SSCP) will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

  • Access Controls
  • Security Operations and Administration
  • Analysis and Monitoring
  • Cryptography
  • Networks and Telecommunications
  • Malicious Code/Malware
  • Risk, Response, and Recovery

Prerequisites:

  • One year security experience
  • Some knowledge of the (ISC²)®’s seven domains

Comments

Latest comments from students

User: boyleb15

Instructor comments: Instructor was very knowledgeable on most items covered during this course. There were some topics he did lack the answer to. Instructor would also get sidetracked easily

User: keginth

Instructor comments: he was phenomenal with test prep and knew the book well

Facilities comments: adequate

Like the class?  Then let everyone know!

TN-835: Certified in Risk and Information Systems Control (CRISC) Preparation Seminar

Course Overview:

Certified in Risk and Information Systems Control (CRISC), is for professionals responsible for an organization's risk management program.  Students looking to acquire CRISC qualify themselves as IT security analyst, security engineer architect, information assurance program manager and senior IT auditor.  CRISC certified professionals manage risk, design and oversee response measures, monitor systems for risk, and ensure the organization's risk management strategies are met.

The CRISC exam will primarily align with the terminology and concepts described in The Risk IT Framework, The Risk IT Practioner Guide, and COBIT 5.  This will include applications in the evaluation and monitoring of IT-based risk, as well as the design and implementation of IS controls. 

The CRISC exam covers four domains that are periodically updated to reflect the changing needs of the profession:

  • Domain 1: Risk Identification 
  • Domain 2: Risk Assessment
  • Domain 3: Risk Response and Mitigation
  • Domain 4: Risk and Control Monitoring and Reporting

This course is designed to assist in your exam preparation for the CRISC exam.

Attendees to TN-835: Certified in Risk and Information Systems Control (CRISC) Seminar will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

  • Risk IT Framework—Purpose and Principles
  • Essentials of Risk Governance, Evaluation, and Response
  • Risk and Opportunity Management Using CobiT, Val IT and Risk IT
  • The Risk IT Framework Process Model Overview
  • Managing Risk in Practice—The Practitioner Guide Overview
  • Overview of the Risk IT Framework Process Model 
  • The Risk IT Framework

Prerequisites:

A minimum of at least three (3) years of cumulative work experience performing the tasks of a CRISC professional across at least three (3) CRISC domains is required for certification. There are no substitutions or experience waivers.

Comments

Latest comments from students

User: tracycampbell

Instructor comments: Dave had great command of the class and the flow of information. The lessons seem relevant to the exam and the course material should assist greatly with passing. As a bonus, his breakdown of PKI helped with my current job requirements.

Facilities comments: The Home2Suites by Hilton was FANTASTIC!

Liked the class?  Then let everyone know!

TN-812: Information Systems Security Engineering Professional (ISSEP)

Course Overview:

This concentration was developed in conjunction with the U.S. National Security Agency (NSA) providing an invaluable tool for any systems security engineering professional. CISSP®-ISSEP is the guide for incorporating security into projects, applications, business processes, and all information systems. Security professionals are hungry for workable methodologies and best practices that can be used to integrate security into all facets of business operations. The SSE model taught in the IATF portion of the course is a guiding light in the field of information security and the incorporation of security into all information systems.

Attendees to TN-812: Information Systems Secuirty Engineering Professional (ISSEP) will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

  • Systems Security Engineering
  • Certification and Accreditation
  • Technical Management
  • U.S. Government Information Assurance Governance

Prerequisites:

Comments

Latest comments from students

User: fsarisen

Instructor comments: Thank you Tim for all the great information! I am confident that I'll do well on the ICND exam.

User: storoy30

Instructor comments: The instructor, Tim Burkard, was very knowledgeable on the course material and skilled at explain more complex ideas.

Liked the class?  Then let everyone know?