Course Overview:

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies is the big picture overview of a SOC, other courses provide a deep dive into the technologies that a SOC may utilize. This course addresses the internal workings of staff, skills required, required authorizations, internal agreements, and setting appropriate expectation levels of a SOC within budget constraints. A SOC is not a one size fits all, the instructor has decades of security experience and brings to the table opportunities to discuss what can work within constraints. Many organizations are coming to the realization that some level of a SOC is now required and to learn just what decisions need to be made: Out-sourced, In-sourced, budgets, capabilities and many more. Students leave with a worksheet of how to progress when they get back to their organization.

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies – Is a course that incorporates lecture, demos, and group exercises for standing up a Security Operations Center (SOC). Students learn strategies and resources required to deploy, build, and run Network Security Monitoring (NSM) and work roles and flows for a SOC. No network is bullet proof and when attackers access your network, this course will show you options and resources to build a security net to detect, contain, and control the attacker. Examples on what it takes to architect an NSM solution to identify sophisticated attackers and a response strategy. Properly implemented detection and response technologies is integral to incident response and provides the responders timely information and tools to react to the incident. Effective demonstrations are given of Open Source technologies that build up a SOC, but any software can be used and demonstrations are provided to demonstrate technology families not push a specific solution.

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies demonstrations utilize a cyber range that gives each student in-depth knowledge of monitoring live systems to include: Cisco, Windows, Linux, IoT, and Firewalls; and software and services to provide orchestrate Incident Response, Intelligence Analysis, and Hunt Operations.

Attendees to TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies class will receive TechNow approved course materials and expert instruction.

Dates/Locations:

Duration: 2 Days

Course Objective:

• To provide management an overview of what it takes to stand up a SOC.

Prerequisites:

• Students should have an understanding of the security field.

Course Outline:

• What threats does my organization care about?
• What does a threat look like?
• What does a threat look like?
• How to present the SOC internally.
• Communication with Stakeholders and Executives
Leveraging and integrating existing security measures
• People
  • Establishing a skill matrix and work roles for SOC members
  • Establishing a training path
  • Personnel background requirementsProcesses
• Processes
  • Alignment to standards: NIST, PCI, HIPAA, etc.
  • Risk related decision trees
  • Playbooks
  • Threat Intelligence Integration
• Technology – Tool Suites to Support:
  • Ethical Hacking
  • Network Security Monitoring and SIEM
  • Forensics
  • Dashboards
  • Analysis and Hunting
  • Incident Management and Ticketing

Comments

Latest comments from students

Liked the class?  Then let everyone know!

Course Overview: 

Learn to protect yourself and your company against hackers, by learning their tools and techniques, and then testing your network.  This course is heavily based on Kali and primarily on Metasploit.  In TN-515: Implementing Cybersecurity and Information Assurance Methodologies class you will learn the step by step process that hackers use to assess your enterprise network, probe it & hack into it, utilizing a mixed-platform target environment including Windows, Linux, Solaris, and Cisco.  This course is 90% hacking, but  defenses for demonstrated hacks will be discussed.  If you want to know the ins and outs of the hacks presented in this course, then this is the course for you.

Attendees to TN-515: Implementing Cybersecurity and Information Assurance Methodologies Class Attendees will receive TechNow approved course materials and expert instruction.

Dates/Locations:

Duration: 5 Days

Course Objectives:

• Introduction to Pen Testing using the PTES model
• Metasploit Basics
  • MSFconsole, MSFcli, Armitage, MSFpayload, MSFencode, NasmShell
• Intelligence Gathering
  • Nmap, Databases in Metasploit, Port Scanning with Metasploit
• Quick Intro to Ruby
  • Writing a simple Ruby script to create a custom scanner
• Vulnerability Scanning
  • Importing Nessus Results
  • Scanning with Nessus from Within Metasploit
• Exploitation
  • Using the Metasploit Framework and console to exploit
• Meterpreter
  • Compromising a Windows System
  • Attacking MS SQL, xp_cmdshell
  • Dumping Usernames and Passwords, extracting and dumping hashes
  • Pass the Hash and Token Impersonation
  • Pivoting
  • Railgun
  • Using Meterpreter Scripts: Migrating a process, Killing AV, Persistence
• Avoiding Detection
  • Creating Stand-Alone Binaries with MSFpayload
  • Encoding with MSFencode and Packers (go Green Bay:)
• Exploitation Using Client Side Attacks
  • Introduction to Immunity Debugger
  • Using Immunity Debugger to Decipher NOP Shellcode
• Metasploit Auxiliary Modules
• Social Engineer Toolkit (SET)
  • Spear-Phishing, Web Attack
  • Creating a Multipronged Attack
• Creating Your Own Module
  • Adapt an existing Module
  • Add some PowerShell and Run the Exploit
• Meterpreter Scripting
• Capture The Flag Exercise

Prerequisites:

• This is an advanced  Cybersecurity and Information Assurance Course which requires basic Windows & UNIX competency
• Certification or 2 years of experience in these operating systems is highly recommended
• An understanding of TCP/IP

Comments

Latest comments from students

Liked the class?  Then let everyone know!