TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies

Course Overview:

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies is the big picture overview of a SOC, other courses provide a deep dive into the technologies that a SOC may utilize. This course addresses the internal workings of staff, skills required, required authorizations, internal agreements, and setting appropriate expectation levels of a SOC within budget constraints. A SOC is not a one size fits all, the instructor has decades of security experience and brings to the table opportunities to discuss what can work within constraints. Many organizations are coming to the realization that some level of a SOC is now required and to learn just what decisions need to be made: Out-sourced, In-sourced, budgets, capabilities and many more. Students leave with a worksheet of how to progress when they get back to their organization.

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies – Is a course that incorporates lecture, demos, and group exercises for standing up a Security Operations Center (SOC). Students learn strategies and resources required to deploy, build, and run Network Security Monitoring (NSM) and work roles and flows for a SOC. No network is bullet proof and when attackers access your network, this course will show you options and resources to build a security net to detect, contain, and control the attacker. Examples on what it takes to architect an NSM solution to identify sophisticated attackers and a response strategy. Properly implemented detection and response technologies is integral to incident response and provides the responders timely information and tools to react to the incident. Effective demonstrations are given of Open Source technologies that build up a SOC, but any software can be used and demonstrations are provided to demonstrate technology families not push a specific solution.

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies demonstrations utilize a cyber range that gives each student in-depth knowledge of monitoring live systems to include: Cisco, Windows, Linux, IoT, and Firewalls; and software and services to provide orchestrate Incident Response, Intelligence Analysis, and Hunt Operations.

Attendees to TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies class will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 2 Days

Course Objective:

Prerequisites:

Students should have an understanding of the security field.

Course Outline:

What threats does my organization care about?
What does a threat look like?
What does a threat look like?
How to present the SOC internally.
Communication with Stakeholders and Executives
People
- Establishing a skill matrix and work roles for SOC members
- Establishing a training path
- Personnel background requirementsProcesses
Processes
- Alignment to standards: NIST, PCI, HIPAA, etc.
- Risk related decision trees
- Playbooks
- Threat Intelligence Integration
Technology – Tool Suites to Support:
- Ethical Hacking
- Network Security Monitoring and SIEM
- Forensics
- Dashboards
- Analysis and Hunting
- Incident Management and Ticketing

Comments

Latest comments from students

Liked the class? Then let everyone know!

Linux

Here are our Linux course offerings:

TN-385: TCP/IP Analysis & Implementation

Course Overview:

This course, TN-385: TCP/IP Analysis & Implementation, provides students with a comprehensive technical introduction to TCP/IP & the interworkings of TCP/IP application to UNIX, Linux and Windows in a network environment. This course begins by providing a comprehensive protocol stack analysis. It continues with extensive hands-on exercises needed to configure TCP/IP on UNIX and Windows based networks.

Attendees to TN-385: TCP/IP Analysis & Implementation will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

A thorough comprehension of each level of the protocol stack
Configuring UNIX & Windows to access internetworks
Configuring & setting up a Cisco router
Properly implementing subnets to avoid ongoing maintenance headaches
Routing & routing protocols, RIP, OSPF, and IGRP
How to troubleshoot a wide range of routing problems
All major TCP/IP application services including: FTP, TELNET, SNMP, NFS, DNS, DHCP, & WINS
How to avoid common internetworking problems
How to troubleshoot TCP/IP networks using protocol analysis techniques – snoop on Sun Workstation & Network Monitor on Windows.
How to design, build, configure, & manage TCP/IP internetworks
Applying a structured methodology for troubleshooting TCP/IP internetworks
ACL's on Cisco routers

Prerequisites:

Students should have good end-user skills in TCP/IP (FTP, TELNET, RLOGON, & MAIL).

Comments

Latest comments from students

Liked the class? Then let everyone know!

TN-413: Certified AI Program Manager (C|AIPM)

Certified AI Program Manager (CAIPM) is EC-Council’s professional certification for people responsible for owning AI decisions and driving execution: business, technology, data, and risk.

The Certified AI Program Manager (CAIPM) Course equips you with hands-on expertise across the full spectrum of AI tools, from conversational AI and image generation to code assistants and audio synthesis.

Participants will learn how to evaluate, deploy, and integrate AI tools into enterprise workflows, understanding not just how they work, but how to leverage them for maximum business impact. This course covers how to assess AI readiness across teams and processes, Prioritize AI use cases tied to business outcomes, Design adoption and rollout roadmaps , Coordinate delivery across cross-functional teams, implement governance, Responsible AI, and security controls , and how to track performance and ROI to prove value

By the end of the course, learners will be well-prepared to take the Certified AI Program Manager (CAIPM) exam and demonstrate the ability to own AI initiatives end to end , validate mastery of decision framing and trade-off analysis for AI initiatives and Apply governance, ethics, and risk management principles across the AI lifecycle.

Course Objectives:

•MLOps Principles: Model life cycle management for scalable, production-ready AI
•Use Case Evaluation: ROI-driven assessment and prioritization of AI initiatives
•AI Strategy Frameworks: Enterprise AI roadmapping, portfolio planning, and value prioritization
•AI Investment Justification: Quantifying AI value, ROI, and mission impact for funding decisions
•Change Management: Workforce enablement and stakeholder alignment
•KPI Development: AI metrics, success indicators, and executive dashboards
•AI Governance: Risk, ethics, compliance, and responsible AI principles
•Vendor Evaluation: AI platform and tool selection aligned with enterprise needs

Dates/Locations:

No Events

Prerequisites: Familiarity with generative AI concepts, prompt engineering fundamentals, and AI workflows will help you succeed.

TN-412: Artificial Intelligence Essentials (AI|E)

TN-939: Hacker Techniques, Exploits, and Incident Handling Course

Course Overview:

A skills focus enables the student to better absorb the subject matter and perform successfully on the exam. This is not death by power point. The course is aligned with information assurance operators and executing hands-on labs. Lecture and labs walk the student through the knowledge required to truly understand the mechanics of the attacks and the effectiveness. Students then gain network experience and use sniffing to help exemplify the benefit of learning wired and wireless security configurations. The course concludes with exercising real attack strategies to demonstrate the techniques acquired throughout the course.

Attendees to TN-939: Hacker Techniques, Exploits, and Incident Handling will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 9 days

Course Objectives:

Backdoors & Trojan Horses
Buffer Overflows
Covering Tracks: Networks
Covering Tracks: Systems
Denial of Service Attacks
Exploiting Systems Using Netcat
Format String Attacks
Incident Handling Overview and Preparation
Incident Handling Phase 2: Identification
Incident Handling Phase 3: Containment
Incident Handling: Recovering and Improving Capabilities
IP Address Spoofing
Network Sniffing
Password Attacks
Reconnaissance
Rootkits
Scanning: Host Discovery
Scanning: Network and Application Vulnerability scanning and tools
Scanning: Network Devices (Firewall rules determination, fragmentation, and IDS/IPS evasion)
Scanning: Service Discovery
Session Hijacking, Tools and Defenses
Types of Incidents
Virtual Machine Attacks
Web Application Attacks
Worms, Bots & Bot-Nets

Prerequisites:

GSEC or equivalent experience
UNIX, Windows, Networking, and Security Experience
This is a hands-on skill course requiring comfort with command line interaction and network communications

Comments

Latest comments from students

User: m_jurrens

Instructor comments: Both instructors Mr. Askey and Mr. Hackney, were very good. the open learning environment was extremely productive and I felt we all learned far more that we ever would out of a structured rote memorization course.

User: natebonds

Instructor comments: Both Mr. Askey and Hackney were extremely knowledgeable. They were also extremely interested in helping each student learn. I was particularly impressed with the way they tailored the course to optimize our time since we weren't testing. I feel like I know much much more than I did when the class started.

Facilities comments: The facilities were fine. I would have preferred it be closer to Lackland.