For direct assistance contact us! +91-9999508202 [email protected]
Select Page

Security operations center Specialist

Security Operations Center Specialist Diploma training covers up roles and responsibilities of SOC L1, L2 and L3 team .This is a Defensive security diploma which focuses on preparing an all rounder SOC specialist candidate as per the market need . The SOC team is mainly responsible for handling the ongoing operational component of enterprises. Security operations center staff is comprised primarily of SOC analysts who work together to detect, analyze, respond to, report on, and prevent cybersecurity incidents. Additional capabilities of some security operations centers can include advanced forensic analysis, crypt-analysis, and malware reverse engineering to analyze incidents.

The Security Operations Center Specialist training we have divided into three segments .

The first segment of Security operations Center training focuses on how to investigate vulnerabilities, Performing spear phishing campaigns  and exploiting the external and internal infrastructure .

The second segment of Security operations Center Specialist training focuses on inhouse defensive security implementation and continues monitoring .  It Covers a wide range of blue team operations including SOC design and deployment , Log analysis, vulnerability finding , dashboard designing and investigative techniques . The scenario based industrial use cases will be covered up with SPLUNK and IBM Radar.

The third segment of Security operations Center Specialist training focuses on building an investigative mindset . The candidate will learn how to detect the APT lifecycle with combining the capabilities of Live incident response , threat intelligence , digital forensics and malware analysis . Digital forensics and Threat intelligence portion will prepare candidates to make faster security decisions to fight against threat actors .The Practical Incident response primer module combines everything together and provides an fine grained learning  for rapid response with an interesting APT attack . 


Security operations center specialist training




Security operations center specialist training | socs-121 1
  •  SOC models, SOC types, and organizational positioning
  •  SOC budgeting and planning of scope
  •  SOC roles and hierarchy of teams
  •  SOC Models and Compliances
  •  SOC Maturity Model and SOC-CMM tool
  •  SOC- Services: Security Monitoring, Incident Response, Security Analysis, Threat Intelligence, Threat Hunting, Vulnerability Management, Log Managements
Security operations center specialist training | socs-121 2
module 2 : Automated Vulnerability assessment and system hardening
  • Common tools and techniques for vulnerability assessment
  • Nessus vulnerability scanning & management
  • Building vulnerability scan policies and managing scanning as a service
  • MDR, EDR and XDR for endpoint security analysis
  • Practical system hardening and Audits of endpoint perimeter devices
Security operations center specialist training | socs-121 2
module 2.1 : Pentesting the infrastructure
  • Penetration testing frameworks
  • Metasploit and covenant C2 primer for pentesters
  • Bruteforcing the infrastructure services 
  • Exploiting the common services and Linux systems
  • Exploiting the web applications critical vulnerabilities
  • Exploitering the windows and active directory network
  • Practical phishing attacks
Certified network security professional
  • What is Incident Response?
  • Why is IR Needed?
  • MITRE ATT&CK Framework for IR
  • APT attack Lab and resources for IR investigation
  • Incident Response Plans, Policies, and Procedures 
Security operations center specialist training | socs-121 4
module 3 : logs PRIMER FOR BLUE TEAMS
  • Data Collection Strategies: Log content, use cases & SIEM rules, Threat-based & business requirement-based logging, log retention
  • Logs and Log Collection: Mechanisms, Syslog, Agents, File-based logging, Log formats, Indexing, and log normalization, log parsing, Regular expressions, Anchors, Repetitions


Stars review
module 4 : iMPLEMENTING AND MANAGING SIEM Operations with Splunk INHOUSE
  • Splunk Configuration ,customisations and implementation
  • Selecting the right Plan for the organisation
  • SPL language primer 
  • Log parsing and filtering
  • Building Dashboards
  • Monitoring and Alerting the vulnerabilities 


module 5 : MANAGING Siem operations with qradar INHOUSE
  • Understating the Need of Qradar vs Other SIEM 
  • Customizing the configurations
  • Understating the architecture
  • Working with log collection
  • Mapping the vulnerabilities with Qradar
  • AQL language for blue teams
  • Developing and customizing rules


Investigation and security training
module 6 : Role of Digital forensics In incient response
  • Fundamentals of digital forensics, digital evidence, and intrusion reconstruction
  • Interact with the lower levels of files , hidden data and disks analysis for investigations
  • Dive deeply into the Windows OS and its artifacts
  • The world of network analysis and forensics
  • Tools and techniques required to analyse the network traffic and detect network attacks.
  • Logs timelines and forensics reporting
Future investigation
module 7 : Malware analysis for Security OPERATIONS
  • Role of malware analysis in incident response
  • types of malware and malware analysis techniques
  • malware sample and acquisiton tools
  • PE file structure analysis
  • IOC to yara rules
  • Windows process and APIs
  • Analysing the process injections
  • Working Dlls and Dll injections
  • Dynamically analysing the backdoors
Security operations center specialist training | socs-121 5
module 8 : Threat intelligence , hunting strategies & tactics
  • Threat Intelligence types, protocols & standards, feeds, platforms
  • ISACs and other communities, Chatham House Rule 
  • CTI process, CTI infrastructure management
  • CTI skills: NIST NICE – CTI Analyst
  • Cyber Kill Chain versus MITRE ATT&CK and PRE-ATT&CK Frameworks
  • Lockheed Martin Cyber Kill Chain
  • OODA loop, Diamond model of intrusion analysis.
  • MaGMa, MaGMa UCF Tool
  • Threat and APT motivations
  • Tools, Techniques, Tactics
  • Living-off-the-land Techniques


Certified ios pentester
module 9 : Threat intelligence Advance

  • Operational Intelligence
    • What are the precursors how they’re different from IOCs, how we monitor them?
    • What TTP are, why they’re important, using to maintain defenses (preventative)
  • Tactical Threat Intelligence
    • Threat Exposure Checks, how to check your environment for the presence of bad IOCs
    • What are watchlists, how to monitor for IOCs (SIEM, IDPs, AV, EDR, FW)
    • Public Exposure Assessments, google dorks, harvester, social media
    • Open-Web Information Collection
    • How intel companies scrape dark web intel, why it’s useful, data breach dumps, malicious actors on underground forums, commodity malware for sale
    • Malware Information Sharing Platform (MISP)
  • Strategic Threat Intelligence
    • What IOCs are, how they’re generated and shared, using IOCs to feed defenses
    • Why intelligence sharing intel is important, existing partnerships, US-CERT, NCCIC, NCSC, ISACs
    • IOC/TTP Gathering and Distribution
    • Campaign Tracking & Situational Awareness
    • OSINT vs. Paid-for Sources
      • Threat Intelligence Vendors, Public Threat Feeds, National Vulnerability Database, Twitter


Certified network security professional

Introduction to Incident Response

  • What is Incident Response?
  • Why is IR Needed?
  • Security Events vs. Security Incidents
  • Incident Response Lifecycle – NIST SP 800 61r2
  • MITRE ATT&CK Framework for IR
  • APT attack Lab and resources for IR investigation

Preparation of Planning and procedures of IR 

  • Incident Response Plans, Policies, and Procedures
  • The Need for an IR Team
  • Asset Inventory and Risk Assessment to Identify High-Value Assets
  • Live system analysis and gathering the incident activities
  • Offline analysis in co-relation with Forensic teams
  • Collecting Artifacts and imaging for complex scenarios

 Detection and Analysis

  • Common Events and Incidents methodologies 
  • Establishing Baselines and Behavior Profiles with IOC
  • Investigating the registries , shell bags , amcache , shimcache etc  
  • Investigating the VSS and Network activities.
  • Detecting anomaly TTP in memory 
  • Investigating browsers and emails
  • Investigating cloud data sync and timeline analysis
  • Analyzing the APT TTP as Per MITRE framework 

 Containment, Eradication, Recovery

  • CSIRT and CERT Explained
  • Isolating the APT in the specific area 
  • Network Isolation, Single VLAN, Powering System(s) Down, Honeypot Lure
  • Taking Forensic Images of Affected Hosts
  • Linking Back to Digital Forensics Domain
  • Identifying and Removing Malicious Artefacts
  • Memory and disk analysis to identify artifacts and securely remove them
  • Identifying Root Cause and Recovery Measures

 Lessons Learned

  • What Went Well?
  • Highlights from the Incident Response
  • What Could be Improved?
  • Issues from the Incident Response, and How These Can be Addressed
  • Important of Documentation
  • Creating Runbooks for Future Similar Incidents, Audit Trail
  • Metrics and Reporting
  • Presenting Data in Metric Form
  • Further Reading


    module 11 : Inhouse Security Orchestration, Automation, and Response.
    • Need of SOAR in industry 
    • Playbooks in SOAR for automated actions
    • Working with SPLUNK Fantom
    • Automation with Shuffle in blue team operations
    who should attend this training?
    • Freshers

    • Ethical hackers

    • System Administrators

    • IT Support teams

    • Security Engineers

    • IT Managers

    why should i take this training?

    The APT attacks are growing every day because almost every business sector is dependent on technology. Organizations these days started taking IT security seriously hence the need for defensive security teams is increased in the market. 

    Even we addressed the companies that have defensive teams often failed to detect the adversarial attack due to lack of skills.  we have addressed almost every type of skill gap as a defensive security perimeter and designed this blue team operations training to bridge the skill gap. Join this training and mature the overall SOC infrastructure with more capabilities. 

    prerequisite of the training ?

    The candidate should familiar with the Following concepts before joining the sessions:-

    • Strong networking skills
    • Good understanding of Windows and Linux commands

    Note: This training is not for absolute beginners who don’t have any type of Information technology knowledge.

    We highly recommend “Junior Pentester Mastercalss training” for absolute beginners as a prerequisite for this program.

    What is the Total Duration of the training ?

    The total duration of the training is 3 months / 135 Hours

    Is this an Classroom training or Online Training ?

    The training is avaible in both classroom and Online Instructor-led mode . 

    Security Operations



    Training enquiry

    13 + 15 =


    What People Are Saying

    Today I've completed my one 2 one online training by Mr Naresh sir from Certcube Labs .
    This is the first time I have attended a class in this format and wondered how effective it would be. It was very effective and therefore I would definitely be interested in attending other classes in the same format. The instructor was very knowlegeable and provided a wealth of information about the current version, especially since the last version I used was several releases ago.

    Satyam Singh

    BCA, Delhi University

    Positive: Professionalism, Quality, Responsiveness, Value

    5 start training. Naresh is the best. He made me Zero to Hero in 3 months time. Little bit expensive compare to others ,but totally worth it .

    Ravi S

    Cyber Security Consultant , Red Hawk

    We're Here To Help!


    3500 , 1st Floor , Raja Park , New Delhi -110034


    M-S: 10am - 11pm