TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies

 

Course Overview:

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies is the big picture overview of a SOC, other courses provide a deep dive into the technologies that a SOC may utilize. This course addresses the internal workings of staff, skills required, required authorizations, internal agreements, and setting appropriate expectation levels of a SOC within budget constraints. A SOC is not a one size fits all, the instructor has decades of security experience and brings to the table opportunities to discuss what can work within constraints. Many organizations are coming to the realization that some level of a SOC is now required and to learn just what decisions need to be made: Out-sourced, In-sourced, budgets, capabilities and many more. Students leave with a worksheet of how to progress when they get back to their organization.

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies – Is a course that incorporates lecture, demos, and group exercises for standing up a Security Operations Center (SOC). Students learn strategies and resources required to deploy, build, and run Network Security Monitoring (NSM) and work roles and flows for a SOC. No network is bullet proof and when attackers access your network, this course will show you options and resources to build a security net to detect, contain, and control the attacker. Examples on what it takes to architect an NSM solution to identify sophisticated attackers and a response strategy. Properly implemented detection and response technologies is integral to incident response and provides the responders timely information and tools to react to the incident. Effective demonstrations are given of Open Source technologies that build up a SOC, but any software can be used and demonstrations are provided to demonstrate technology families not push a specific solution.

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies demonstrations utilize a cyber range that gives each student in-depth knowledge of monitoring live systems to include: Cisco, Windows, Linux, IoT, and Firewalls; and software and services to provide orchestrate Incident Response, Intelligence Analysis, and Hunt Operations.

Attendees to TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies class will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 2 Days

Course Objective:

    • To provide management an overview of what it takes to stand up a SOC.

Prerequisites:

  • Students should have an understanding of the security field.

Course Outline:

  • What threats does my organization care about?
  • What does a threat look like?
  • What does a threat look like?
  • How to present the SOC internally.
  • Communication with Stakeholders and Executives
    • Leveraging and integrating existing security measures
  • People
    • Establishing a skill matrix and work roles for SOC members
    • Establishing a training path
    • Personnel background requirementsProcesses
  • Processes
    • Alignment to standards: NIST, PCI, HIPAA, etc.
    • Risk related decision trees
    • Playbooks
    • Threat Intelligence Integration
  • Technology – Tool Suites to Support:
    • Ethical Hacking
    • Network Security Monitoring and SIEM
    • Forensics
    • Dashboards
    • Analysis and Hunting
    • Incident Management and Ticketing

 

Comments

Latest comments from students

 

Liked the class?  Then let everyone know!

TN-575: Open Source Network Security Monitoring

 

Course Overview:

TN-575: Open Source Network Security Monitoring teaches students how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools. No network is bullet proof and when attackers access your network, this course will show you how to build a security net to detect, contain, and control the attacker. Sensitive data can be monitored and deep packet and deep attachment analysis can be achieved. As organizations stand up a Security Operations Center (SOC) the enterprise NSM is the key ingredient to that SOC. This course not only teaches how to implement an NSM technologically, but how to effectively monitor an enterprise operationally. You will learn how to architect an NSM solution: where to deploy your NSM platforms and how to size them, stand-alone or distributed, and integration into packet analysis, interpret evidence, and integrate threat intelligence from external sources to identify sophisticated attackers. A properly implemented NSM is integral to incident response and provides the responders timely information to react to the incident. TN-575: Open Source Network Security Monitoring is a lab intensive environment with a cyber range that gives each student in-depth knowledge and practical experience monitoring live systems to include: Cisco, Windows, Linux, IoT, and Firewalls.

Attendees to TN-575: Open Source Network Security Monitoring class will receive TechNow approved course materials and expert instruction.

This Course is taught utilizing Security Onion or RockNSM as specified by the customer.

Dates/Locations:

No Events

Duration: 5 Days

Course Objective:

The focus of this course is to present a suite of Open Source security products integrated into a highly functional and scalable Network Security Monitoring solution.

Prerequisites:

Students should have a basic understanding of networks, TCP/IP and standard protocols such as DNS, HTTP, etc. Some Linux knowledge/experience is recommended, but not required

Course Outline:

  • Network Security Monitoring (NSM) Methodology
  • High Bandwidth Packet Capture Challenges
  • Installation of Security Onion
    • Use Cases (analysis, lab, stand-alone, distributed)
    • Resource Requirements
  • Configuration
    • Setup Phase I – Network Configuration
    • Setup Phase 2 – Service Configuration
    • Evaluation Mode vs. Configuration Mode
    • Verifying Services
  • Security Onion Architecture
    • Configuration Files and Folders
    • Network Interfaces
    • Docker Environment
    • Security Onion Containers
  • Overview of Security Onion Analyst Tools
    • Kibana
    • CapME
    • CyberChef
    • Squert
    • Sguil
    • NetworkMiner
  • Quick Review of Wireshark and Packet Analysis
    • Display and Capture Filters
    • Analyze and Statistics Menu Options
    • Analysis for Signatures
  • Analyzing Alerts
    • Replaying Traffic
    • 3 Primary Interfaces:
      • Squert
      • Sguil
      • Kibana
    • Pivoting Between Interfaces
    • Pivoting to Full Packet Capture
  • Snort and Surricata
    • Rule Syntax and Construction
    • Implementing Custom Rules
    • Implementing Whitelists and Blacklists
  • Hunting
    • Using Kibana to Slice and Dice Logs
    • Hunting Workflow with Kibana
  • Bro
    • Introduction and Overview
      • Architecture, Commands
    • Understanding and Examining Bro Logs
      • Using AWK, sort, uniq, and bro-cut
    • Working with traces/PCAPs
    • Bro Scripts Overview
      • Loading and Using Scripts
    • Bro Frameworks Overview
      • Bro File Analysis Framework FAF
    • Using Bro scripts to carve out more than files
  • RockNSM ( * If Applicable)
    •  Kafka
      • Installation and Configuration
      • Kafka Messaging
      • Brokers
      • Integration with Bro and FSF
    • File Scanning Framework FSF
      • Custom YARA Signatures
      • JSON Trees
      • Sub-Object Recursion
      • Bro and Suricata Integration
  • Elastic Stack
    • Adding new data sources in Logstash
    • Enriching data with Logstash
    • Automating with Elastalert
    • Building new Kibana dashboards
  • Production Deployment
    • Advanced Setup
    • Master vs Sensor
    • Node Types – Master, Forward, Heavy, Storage
    • Command Line Setup with sosetup.conf
    • Architectural Recommendations
    • Sensor Placement
    • Hardening
    • Administration
    • Maintenance
  • Tuning
    • Using PulledPork to Disable Rules
    • BPF’s to Filter Traffic
    • Spinning up Additional Snort / Suricata / Bro Workers to Handle Higher Traffic Loads

Comments

Latest comments from students

 

Liked the class?  Then let everyone know!

AZ-500: Microsoft Azure Security Technologies

 

Course Overview:

Gain the knowledge and skills needed to implement security controls, maintain the security posture, and identify and remediate vulnerabilities by using a variety of security tools. The course covers scripting and automation, virtualization, and cloud N-tier architecture.

After completing this course, students will be able to describe specialized data classifications on Azure, Identify Azure data protection mechanisms, Implement Azure data encryption methods, Secure internet protocols and how to implement them on Azure, Describe Azure security services and features.

TechNow has worked worldwide enterprise infrastructures for over 20 years and has developed demos and labs to exemplify the techniques required to demonstrate cloud technologies and to effectively manage security in the cloud environment.

Attendees to AZ-500: Microsoft Azure Security Technologies will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Course Duration: 5 days

Course Outline:

  • Identity and access
    • Configure Azure Active Directory for Azure workloads and subscriptions
    • Configure Azure AD Privileged Identity Management
    • Configure security for an Azure subscription
  • Platform Protection
    • Understand cloud security
    • Build a network
    • Secure network
    • Implement host security
    • Implement platform security
    • Implement subscription security
  • Security Operations
    • Configure security services
    • Configure security policies by using Azure Security Center
    • Manage security alerts
    • Respond to and remediate security issues
    • Create security baselines
  • Data and Applications
    • Configure security policies to manage data
    • Configure security for data infrastructure
    • Configure encryption for data at rest
    • Understand application security
    • Implement security for application lifecycle
    • Secure applications
    • Configure and manage Azure Key Vault

Prerequisites :

      • AZ-900: Microsoft Azure Fundamentals
      • Students should have 1-2 years professional development experience and experience with Microsoft Azure.
      • Student must be able to program in an Azure Supported Language.

Comments

Latest comments from students

 

Liked the class?  Then let everyone know!

CT-395: CySA+ Cybersecurity Analyst

 

Course Overview:

CT-395: CompTIA CySA+ Cybersecurity Analyst is for IT professionals looking to gain IT security analyst skills, and for those following the recommended skills pathway to achieve cybersecurity mastery. It provides a bridge between CompTIA Security+ (CT-325) and CompTIA SecurityX (CT-425), thus completing a certification path within the CompTIA family of certifications. As attackers have learned to evade traditional signature-based solutions, an analytics-based approach has become extremely important. CySA+ applies behavioral analytics to the IT security market to improve the overall state of security. The CompTIA Cybersecurity Analyst (CySA+) certification verifies that successful candidates have the knowledge and skills required to configure and use threat detection tools, perform data analysis and interpret the results to identify vulnerabilities, threats and risks to an organization, with the end goal of securing and protecting applications and systems within an organization. Let us help you bridge this gap, and leave you prepared for the certification exam (CS0-003).

TechNow is a CompTIA partner uses official CompTIA CySA+ curriculum.

Dates/Locations:

Date/Time Event
03/02/2026 - 03/06/2026
08:00 -16:00 		CT-395: CySA+ Cybersecurity Analyst
TechNow, Inc, San Antonio TX
06/01/2026 - 06/05/2026
08:00 -16:00 		CT-395: CySA+ Cybersecurity Analyst
TechNow, Inc, San Antonio TX
08/24/2026 - 08/28/2026
08:00 -16:00 		CT-395: CySA+ Cybersecurity Analyst
TechNow, Inc, San Antonio TX
11/16/2026 - 11/20/2026
08:00 -16:15 		CT-395: CySA+ Cybersecurity Analyst
TechNow, Inc, San Antonio TX

Duration: 5 Days

Course Objectives:

  • Threat Management
  • Vulnerability Management
  • Cyber Incident Response
  • Security Architecture and Tool Sets

Prerequisites: 

While there is no required prerequisite, the CompTIA CySA+ certification is intended to follow CT-325: Security+ or equivalent experience.  It is recommended for CompTIA CySA+ candidates to have the following:

  • 3-4 years of hands-on information security or related experience
  • Network+, Security+, or equivalent knowledge.

Comments

Latest comments from students

 

Liked the class?  Then let everyone know!

TN-535: Certified Forensic Computer Examiner (CFCE)

CCFE Core Competencies

  • Procedures and Legal Issues
  • Computer Fundamentals
  • Partitioning Schemes
  • Data Recovery
  • Windows File Systems
  • Windows Artifacts
  • Report writing (Presentation of Finding)
  • Procedures and Legal issues
  1. Knowledge of search and subjection and rules for evidence as applicable to computer forensics.
  2. Ability to explain the on-scene action taken for evidence preservation.
  3. Ability to maintain and document an environment consolidating the computer forensics.
  • Computer Fundamentals
  1. Understand BIOS
  2. Computer hardware
  3. Understanding of numbering system (Binary, hexadecimal, bits, bytes).
  4. Knowledge of sectors, clusters, files.
  5. Understanding of logical and physical files.
  6. Understanding of logical and physical drives.
  • Partitioning schemes
  1. Identification of current partitioning schemes.
  2. Understanding of primary and extended partition.
  3. Knowledge of partitioning schemes and structures and system used by it.
  4. Knowledge of GUID and its application.
  • Windows file system
  1. Understanding of concepts of files.
  2. Understanding of FAT tables, root directory, subdirectory along with how they store data.
  3. Identification, examination, analyzation of NTFS master file table.
  4. Understanding of $MFT structure and how they store data.
  5. Understanding of Standard information, Filename, and data attributes.
  • Data Recovery
  1. Ability to validate forensic hardware, software, examination procedures.
  2. Email headers understanding.
  3. Ability to generate and validate forensically sterile media.
  4. Ability to generate and validate a forensic image of media.
  5. Understand hashing and hash sets.
  6. Understand file headers.
  7. Ability to extract file metadata from common file types.
  8. Understanding of file fragmentation.
  9. Ability to extract component files from compound files.
  10. Knowledge of encrypted files and strategies for recovery.
  11. Knowledge of Internet browser artifacts.
  12. Knowledge of search strategies for examining electronic
  • Windows Artifacts
  1. Understanding the purpose and structure of component files that create the windows registry.
  2. Identify and capability to extract the relevant data from the dead registry.
  3. Understand the importance of restore points and volume shadow copy services.
  4. Knowledge of the locations of common Windows artifacts.
  5. Ability to analyze recycle bin.
  6. Ability to analyze link files.
  7. Analyzing of logs
  8. Extract and view windows logs
  9. Ability to locate, mount and examine VHD files.
  10. Understand the Windows swap and hibernation files.
  • Report Writing (Presentation of findings)
  1. Ability to conclude things strongly based on examination observations.
  2. Able to report findings using industry standard technically accurate terminologies.
  3. Ability to explain the complex things in simple and easy terms so that non-technical people can understand clearly.
  4. Be able to consider legal boundaries when undertaking a forensic examination