Contact US : +919999508202 [email protected]

security operations center specialist

Security Operations Center Specialist Diploma training covers up roles and responsibilities of SOC L1, L2 and L3 team .This is a Defensive security diploma which focuses on preparing an all rounder SOC specialist candidate as per the market need . The SOC team is mainly responsible for handling the ongoing operational component of enterprises. Security operations center staff is comprised primarily of SOC analysts who work together to detect, analyze, respond to, report on, and prevent cybersecurity incidents. Additional capabilities of some security operations centers can include advanced forensic analysis, crypt-analysis, and malware reverse engineering to analyze incidents.

The Security Operations Center Specialist training we have divided into three segments .

The first segment of Security operations Center training focuses on how to investigate vulnerabilities, Performing spear phishing campaigns  and exploiting the external and internal infrastructure .

The second segment of Security operations Center Specialist training focuses on inhouse defensive security implementation and continues monitoring .  It Covers a wide range of blue team operations including SOC design and deployment , Log analysis, vulnerability finding , dashboard designing and investigative techniques . The scenario based industrial use cases will be covered up with SPLUNK and IBM Radar.

The third segment of Security operations Center Specialist training focuses on building an investigative mindset . The candidate will learn how to detect the APT lifecycle with combining the capabilities of Live incident response , threat intelligence , digital forensics and malware analysis . Digital forensics and Threat intelligence portion will prepare candidates to make faster security decisions to fight against threat actors .The Practical Incident response primer module combines everything together and provides an fine grained learning  for rapid response with an interesting APT attack . 

Security operations center specialist training

training modules


  •  SOC models, SOC types, and organizational positioning
  •  SOC budgeting and planning of scope
  •  SOC roles and hierarchy of teams
  •  SOC Models and Compliances
  •  SOC Maturity Model and SOC-CMM tool
  •  SOC- Services: Security Monitoring, Incident Response, Security Analysis, Threat Intelligence, Threat Hunting, Vulnerability Management, Log Managements

Automated Vulnerability assessment

  • Common tools and techniques for vulnerability assessment
  • Nessus vulnerability scanning & management
  • Building vulnerability scan policies and managing scanning as a service
  • MDR, EDR and XDR for endpoint security analysis
  • Practical system hardening and Audits of endpoint perimeter devices

Pentesting infrastructure

  • Penetration testing frameworks
  • Metasploit and covenant C2 primer for pentesters
  • Bruteforcing the infrastructure services 
  • Exploiting the common services and Linux systems
  • Exploiting the web applications critical vulnerabilities
  • Exploitering the windows and active directory network
  • Practical phishing attacks

Incident response mindmap

  • What is Incident Response?
  • Why is IR Needed?
  • MITRE ATT&CK Framework for IR
  • APT attack Lab and resources for IR investigation
  • Incident Response Plans, Policies, and Procedures
  • Incident Response Documentation procedure

log aNalysis for blue teams

  • Data Collection Strategies: Log content, use cases & SIEM rules, Threat-based & business requirement-based logging, log retention
  • Logs and Log Collection: Mechanisms, Syslog, Agents, File-based logging, Log formats, Indexing, and log normalization, log parsing, Regular expressions, Anchors, Repetitions

Splunk SIEM operations

  • Splunk Configuration ,customisations and implementation
  • Selecting the right Plan for the organisation
  • SPL language primer 
  • Log parsing and filtering
  • Building Dashboards
  • Adding Custom Addons for IR
  • Monitoring and Alerting the vulnerabilities 


  • Understating the Need of Qradar vs Other SIEM 
  • Defining log sources and events details
  • Customizing the configurations
  • Understanding Custom rule engine
  • Discover and manage asset engine
  • Understating the architecture
  • Working with log collection
  • Mapping the vulnerabilities with Qradar
  • AQL language for blue teams
  • Developing and customising rules


  • Fundamentals of digital forensics, digital evidence, and intrusion reconstruction
  • Interact with the lower levels of files , hidden data and disks analysis for investigations
  • Windows OS and its artifacts
  • Network analysis and forensics
  • Tools and techniques required to analyse the network traffic and detect network attacks.
  • Logs timelines and forensics reporting

malware analysis for defenders

  • Role of malware analysis in incident response
  • Types of malware and malware analysis techniques
  • Malware sample and acquisiton tools
  • PE file structure analysis
  • IOC to yara rules
  • Windows process and APIs
  • Analysing the process injections
  • Working Dlls and Dll injections
  • Dynamically analysing the backdoors

Threat intelligence baseline

  • Threat Intelligence types, protocols & standards, feeds, platforms
  • ISACs and other communities, Chatham House Rule 
  • CTI process, CTI infrastructure management
  • CTI skills: NIST NICE – CTI Analyst
  • Cyber Kill Chain versus MITRE ATT&CK and PRE-ATT&CK Frameworks
  • Lockheed Martin Cyber Kill Chain
  • OODA loop, Diamond model of intrusion analysis.
  • MaGMa, MaGMa UCF Tool
  • Threat and APT motivations
  • Tools, Techniques, Tactics
  • Living-off-the-land Techniques

operational and tactical Threat intelligence

  • Operational Intelligence
    • What are the precursors how they’re different from IOCs, and how do we monitor them?
    • What TTP are, why they’re important, using to maintain defenses 
  • Tactical Threat Intelligence
    • Threat Exposure Checks, how to check your environment for the presence of bad IOCs
    • What are watchlists, and how to monitor for IOCs (SIEM, IDPs, AV, EDR, FW)
    • Public Exposure Assessments, google dorks, harvester, social media
    • Open-Web Information Collection
    • How intel companies scrape dark web intel, why it’s useful, data breach dumps, malicious actors on underground forums, commodity malware for sale
    • Malware Information Sharing Platform (MISP)

strategic intelligence advance

  • Strategic Threat Intelligence
    • What IOCs are, how they’re generated and shared, using IOCs to feed defenses
    • Why intelligence sharing intel is important, existing partnerships, US-CERT, NCCIC, NCSC, ISACs
    • IOC/TTP Gathering and Distribution
    • Campaign Tracking & Situational Awareness
    • OSINT vs. Paid-for Sources
      • Threat Intelligence Vendors, Public Threat Feeds, National Vulnerability Database, Twitter

incident response baseline

  • Introduction to Incident Response

    • What is Incident Response?
    • Why is IR Needed?
    • Security Events vs. Security Incidents
    • Incident Response Lifecycle – NIST SP 800 61r2
    • MITRE ATT&CK Framework for IR
    • APT attack Lab and resources for IR investigation

    Preparation of Planning and procedures of IR 

    • Incident Response Plans, Policies, and Procedures
    • The Need for an IR Team
    • Training for IR teams 
    • Asset Inventory and Risk Assessment to Identify High-Value Assets
    • Live system analysis and gathering the incident activities
    • Offline analysis in co-relation with Forensic teams
    • Collecting Artefacts and imaging for complex scenarios
    • Documentation the Initial targets

incident response advance

  • Detection and Analysis
    • Events and Incidents methodologies
    • Establishing Baselines and Behaviour Profiles with IOC
    • Investigating the registries , shell bags , amcache , shimcache etc
    • Investigating VSS and Network activities.
    • Detecting anomaly TTP in memory
    • Investigating browsers and emails
    • Investigating cloud data sync and timeline analysis
    • Analyzing the APT TTP as Per MITRE framework

     Containment, Eradication, Recovery

    • CSIRT and CERT Explained
    • Isolating the APT in the specific area
    • Network Isolation, Single VLAN, Powering System(s) Down, Honeypot
    • Forensic Imaging of Affected Hosts
    • Linking Back to Digital Forensics Domain
    • Identifying and Removing Malicious Artefacts
    • Memory and disk analysis to identify artefacts and securely remove them
    • Identifying Root Cause and Recovery

malware analysis for defenders

  • Role of malware analysis in incident response
  • types of malware and malware analysis techniques
  • malware sample and acquisiton tools
  • PE file structure analysis
  • IOC to yara rules
  • Windows process and APIs
  • Analysing the process injections
  • Working Dlls and Dll injections
  • Dynamically analysing the backdoors

 Automation anywhere

  • Need of SOAR in industry 
  • Playbooks in SOAR for automated actions
  • Working with SPLUNK Fantom
  • Automation with Shuffle in blue team operations
who should attend this training?
  • Freshers
  • Ethical hackers
  • System Administrators
  • IT Support teams
  • Security Engineers
  • IT Managers
why should i take this training?

The APT attacks are growing every day because almost every business sector is dependent on technology. Organizations these days started taking IT security seriously hence the need for defensive security teams is increased in the market. 

Even we addressed the companies that have defensive teams often failed to detect the adversarial attack due to lack of skills.  we have addressed almost every type of skill gap as a defensive security perimeter and designed this blue team operations training to bridge the skill gap. Join this training and mature the overall SOC infrastructure with more capabilities. 

prerequisite of the training ?

The candidate should familiar with the Following concepts before joining the sessions:-

  • Strong networking skills
  • Good understanding of Windows and Linux commands

Note: This training is not for absolute beginners who don't have any type of Information technology knowledge.

We highly recommend "Junior Pentester Masterclass training" for absolute beginners as a prerequisite for this program.

What is the Total Duration of the training ?

The total duration of the training is 3 months / 135 Hours

Is this an Classroom training or Online Training ?

The training is available in both classroom and Online Instructor-led mode .


What People Are Saying

Today I've completed my one 2 one online training by Mr Naresh sir from Certcube Labs .
This is the first time I have attended a class in this format and wondered how effective it would be. It was very effective and therefore I would definitely be interested in attending other classes in the same format. The instructor was very knowlegeable and provided a wealth of information about the current version, especially since the last version I used was several releases ago.

Satyam Singh

BCA, Delhi University

Positive: Professionalism, Quality, Responsiveness, Value

5 start training. Naresh is the best. He made me Zero to Hero in 3 months time. Little bit expensive compare to others ,but totally worth it .

Ravi S

Cyber Security Consultant , Red Hawk

We're Here To Help!

head Office

3500 , 1st Floor , Raja Park , New Delhi -110034 , India

WORKING Hours - isT

M-S : 10 AM - 7 PM