TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies

Course Overview:

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies is the big picture overview of a SOC, other courses provide a deep dive into the technologies that a SOC may utilize. This course addresses the internal workings of staff, skills required, required authorizations, internal agreements, and setting appropriate expectation levels of a SOC within budget constraints. A SOC is not a one size fits all, the instructor has decades of security experience and brings to the table opportunities to discuss what can work within constraints. Many organizations are coming to the realization that some level of a SOC is now required and to learn just what decisions need to be made: Out-sourced, In-sourced, budgets, capabilities and many more. Students leave with a worksheet of how to progress when they get back to their organization.

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies – Is a course that incorporates lecture, demos, and group exercises for standing up a Security Operations Center (SOC). Students learn strategies and resources required to deploy, build, and run Network Security Monitoring (NSM) and work roles and flows for a SOC. No network is bullet proof and when attackers access your network, this course will show you options and resources to build a security net to detect, contain, and control the attacker. Examples on what it takes to architect an NSM solution to identify sophisticated attackers and a response strategy. Properly implemented detection and response technologies is integral to incident response and provides the responders timely information and tools to react to the incident. Effective demonstrations are given of Open Source technologies that build up a SOC, but any software can be used and demonstrations are provided to demonstrate technology families not push a specific solution.

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies demonstrations utilize a cyber range that gives each student in-depth knowledge of monitoring live systems to include: Cisco, Windows, Linux, IoT, and Firewalls; and software and services to provide orchestrate Incident Response, Intelligence Analysis, and Hunt Operations.

Attendees to TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies class will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 2 Days

Course Objective:

Prerequisites:

Students should have an understanding of the security field.

Course Outline:

What threats does my organization care about?
What does a threat look like?
What does a threat look like?
How to present the SOC internally.
Communication with Stakeholders and Executives
People
- Establishing a skill matrix and work roles for SOC members
- Establishing a training path
- Personnel background requirementsProcesses
Processes
- Alignment to standards: NIST, PCI, HIPAA, etc.
- Risk related decision trees
- Playbooks
- Threat Intelligence Integration
Technology – Tool Suites to Support:
- Ethical Hacking
- Network Security Monitoring and SIEM
- Forensics
- Dashboards
- Analysis and Hunting
- Incident Management and Ticketing

Comments

Latest comments from students

Liked the class? Then let everyone know!

TN-535: Certified Forensic Computer Examiner (CFCE)

CCFE Core Competencies

Procedures and Legal Issues
Computer Fundamentals
Partitioning Schemes
Data Recovery
Windows File Systems
Windows Artifacts
Report writing (Presentation of Finding)

Procedures and Legal issues

Knowledge of search and subjection and rules for evidence as applicable to computer forensics.
Ability to explain the on-scene action taken for evidence preservation.
Ability to maintain and document an environment consolidating the computer forensics.

Computer Fundamentals

Understand BIOS
Computer hardware
Understanding of numbering system (Binary, hexadecimal, bits, bytes).
Knowledge of sectors, clusters, files.
Understanding of logical and physical files.
Understanding of logical and physical drives.

Partitioning schemes

Identification of current partitioning schemes.
Understanding of primary and extended partition.
Knowledge of partitioning schemes and structures and system used by it.
Knowledge of GUID and its application.

Windows file system

Understanding of concepts of files.
Understanding of FAT tables, root directory, subdirectory along with how they store data.
Identification, examination, analyzation of NTFS master file table.
Understanding of $MFT structure and how they store data.
Understanding of Standard information, Filename, and data attributes.

Data Recovery

Ability to validate forensic hardware, software, examination procedures.
Email headers understanding.
Ability to generate and validate forensically sterile media.
Ability to generate and validate a forensic image of media.
Understand hashing and hash sets.
Understand file headers.
Ability to extract file metadata from common file types.
Understanding of file fragmentation.
Ability to extract component files from compound files.
Knowledge of encrypted files and strategies for recovery.
Knowledge of Internet browser artifacts.
Knowledge of search strategies for examining electronic

Windows Artifacts

Understanding the purpose and structure of component files that create the windows registry.
Identify and capability to extract the relevant data from the dead registry.
Understand the importance of restore points and volume shadow copy services.
Knowledge of the locations of common Windows artifacts.
Ability to analyze recycle bin.
Ability to analyze link files.
Analyzing of logs
Extract and view windows logs
Ability to locate, mount and examine VHD files.
Understand the Windows swap and hibernation files.

Report Writing (Presentation of findings)

Ability to conclude things strongly based on examination observations.
Able to report findings using industry standard technically accurate terminologies.
Ability to explain the complex things in simple and easy terms so that non-technical people can understand clearly.
Be able to consider legal boundaries when undertaking a forensic examination

General Unix

Here are the General Unix course offerings:

L-245: Linux System Administration I

Course Overview:

In this course students will learn to install the Linux™ operating system, to administer users and software, to use vi, basic Linux security, process control, file system maintenance, backup and recovery, including some basic networking concepts. This course insures that students have the skills to configure all desktop and client side related activity.

Attendees to L-245: Linux System Administration I will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 days

Course Objectives:

Linux operating system installation
Hardware Issues
LILO & GRUB Configuration
Managing the Linux file system
Boot Process
Customization of setup files
System Startup
Run Levels
Network Services
User Management
Changing Passwords
Monitoring, accessing & restricting root system access
Administration Tools
Disk Management
Quotas
Process Control
Installing & removing software & patches
Network Configuration
Client side components of NFS, Samba, NTP, NIS
Printing
Backup and Recovery
Using utilities for process control, locating files & automating maintenance tasks

Prerequisites:

Students should have an understanding of all basic UNIX commands as well as variable substitution, wild card expansion, command pipes, permissions, the grep and find commands.
These prerequisites can be met through completion of TN-125: Introduction to UNIX & Linux and six month’s experience with Linux.

Comments

Latest comments from students

User: flores2015

Instructor comments: Very Good Instructor (Bill Peterson)

Facilities comments: Nice - Can't wait for your new facility.

Liked the class? Then let everyone know!

N-325: Implementing Cisco IOS Network Security (IINS)

Course Overview:

Implementing Cisco IOS Network Security (IINS) is an instructor-led course. This five-day course focuses on the necessity of a comprehensive security policy and how it affects the posture of the network. TechNow students each get a Cisco Switch, Router, and an ASA. The in the classrom hardware hands-on component of this course is a priority. Using instructor-led discussions, extensive hands-on lab exercises, and supplemental materials, this course allows learners to understand common security concepts, and deploy basic security techniques utilizing a variety of popular security appliances within a “real-life” network infrastructure. TechNow is an Authorized VUE testing partner and this course concludes with the student taking the 210-260 IINS Cisco Certification Exam.

Duration: 5 days

Audience: Cisco Network Administrators. This course is an excellent precursor to Palo Alto Network Firewall Training

DoD 8140: Not Mandated

Course Prerequisites: CCNA

Course Objectives:

Describe common network security concepts
Secure routing and switching infrastructure
Deploy basic authentication, authorization and accounting services
Deploy basic firewalling services
Deploy basic site-to-site and remote access VPN services
Describe the use of more advanced security services such as intrusion protection, content security and identity management

Attendees to N-325: Implementing Cisco IOS Network Security will receive TechNow approved course materials and expert instruction.