Our Programs > For IT Employers

Cyber Defender


Cyber Defender is a sequence of two courses developed to up-skill IT professionals for jobs in defensive cyber security. Each course can be completed in six weeks working 25 hours per week or in 10 weeks working 15 hours per week.


Learn More

Security Operations Center Analyst


Security Operations Center Analyst is a sequence of two courses developed, first, to teach basic security operations center skills to new hires, then second, to increase the skills of experienced analysts. Each course can be completed in five weeks working 30 hours per week or in 10 weeks working 15 hours per week.


Learn More

Timy people working near a padlock sitting on a laptop

About: Cyber Defender

Cybersecurity Ventures estimates cyber crime will cost the world $6 trillion by 2021: over 10 times the 2017 budget for the Department of Defense.

Businesses need people who are ready to work on day 1 -- and they just aren't getting them. The best approach may be to grow a company's cyber security workforce from within by up-skilling existing IT staff. With the right education, IT, HelpDesk Support, and other technical professionals, who've already been tested, can get up to speed quickly and contribute immediately. In each of the Cyber Defender courses, students will work through four tasks (spending 1-2 weeks on each task) online in a private cloud environment with help, advice, and feedback from a knowledgeable mentor and extensive online learning resources. The tasks are embedded in the realistic, but fictional, context of work as an entry-level employee of a managed security service provider.

What students will learn

Cyber Defender 0

Cyber Defender 0 is an optional introductory course for students who lack applied experience with computer networks.

  • Conducting online technical research
  • Analyzing and verifying Snort alerts
  • Distinguishing between true and false positive alerts
  • Analyzing packet capture (PCAP) files
  • Identifying vulnerabilities based on vulnerability scans
  • Distinguishing between attacks and vulnerability scans
  • Identifying open ports using scanners such as NMAP, Nikto, and WPScan
  • Identifying OS/Application fingerprints
  • Analyzing suspicious user behavior

Cyber Defender 1

  • Analyzing network packet traffic (PCAP files)
  • Analyzing and verifying Snort alerts
  • Analyzing network and system log using a security information and event monitoring system (SIEM)
  • Cross-correlating log information and network packet traffic
  • Analyzing watering hole attacks
  • Analyzing brute force attacks
  • Analyzing attacks that employ exploit kits
  • Using online sandboxes for static and dynamic analysis of malicious binaries to identify indicators of compromise
  • Using threat intelligence
  • Identifying malware

Cyber Defender 2

  • Using the results of malware analysis and threat intelligence
  • Performing memory forensics
  • Performing disk forensics
  • Cross-correlating log analysis and forensics
  • Reporting appropriately to technical and non-technical stakeholders
  • Analyzing and critiquing the response to a cyber incident
  • Improving an incident response plan

At a glance

Who should enroll?

IT professionals who desire to transition into a defensive cyber security role.

Prerequisites

  • Applied knowledge of computer networks and protocols
  • Applied knowledge of the Windows and Linux operating systems
  • Experience using command line interfaces

Additional Info

Students must successfully complete Cyber Defender 1 to be permitted to enroll in Cyber Defender 2.

people sitting in the middle of a circular desk with screens everywhere

About: Security Operations Center Analyst

The analysts in the security operations center (SOC) are the last line of defense.

The success of a SOC is difficult to measure since attackers and attacks never stand still: everything is a moving target. Success is typically measured by reducing organizational risk by detecting, remediating, and automatically preventing future instances of known attacks. In reality, this is far beyond the capability of most SOCs today. And to make matters even worse, SOC analysts rarely have the tools, tactics, procedures, or training to deal with all the threats that can affect organizations today. Nobody wants to admit how difficult the struggle is, which means it's difficult to even get the conversation going.

Qualifications for entry-level SOC analysts are problematic because most applicants have little if any training in information security. Realistically, an entry-level SOC analyst can only be expected to be passionate about security and have some networking background, which happen to be the prerequisites for this program.

In each of the security operations center analyst courses, students will work through five-to-six tasks online in a private cloud environment with help, advice, and feedback from a knowledgeable mentor and extensive online learning resources. The tasks are embedded in the realistic, but fictional, context of work as an entry-level employee of a managed security service provider.

What students will learn

Course 1: SOC Analyst, Tier 1

  • Conducting online technical research
  • Analyzing and verifying Snort alerts
  • Distinguishing between true and false positive alerts
  • Analyzing packet capture (PCAP) files
  • Analyzing system and network logs using a SIEM
  • Identifying vulnerabilities based on vulnerability scans
  • Distinguishing between attacks and vulnerability scans
  • Identifying open ports using scanners
  • Identifying OS/Application fingerprints
  • Analyzing suspicious user behavior
  • Analyzing brute force attacks
  • Analyzing phishing attacks
  • Analyzing watering hole attacks

Course 2: SOC Analyst, Tier 2

  • Identifying the scope and timeframe of a ransomware attack
  • Identifying additional compromised user accounts or workstations through pivoting
  • Gathering intelligence on and timelining user and workstation activity to discover anomalous behavior
  • Distinguishing between benign and malicious activity which may indicate attackers "living off the land"
  • Detecting different forms of privilege escalation within an Active Directory (AD) environment
  • Detecting different forms of lateral movement within an AD domain
  • Determining methods of malware propagation
  • Detecting data exfiltration, and reporting on its scope and the method used
  • Reporting appropriately to both management and technical stakeholders

At a glance

Who should enroll?

New hires beginning careers as security operations center analysts should enroll in Tier 1. Experienced analysts should enroll in Tier 2.

Prerequisites

  • Tier 1: Applied knowledge of computer networks, protocols, and operating systems
  • Tier 2: Successful completion of Tier 1 (or equivalent experience); at least one year of work experience in a SOC is strongly recommended.

Additional Info

Students must successfully complete Security Operations Center Analyst, Tier 1 or have equivalent professional experience to be permitted to enroll in Security Operations Center, Tier 2. At least a year of SOC work experience between the Tier 1 and Tier 2 courses is strongly recommended.

Socratic Arts, Inc.

Science-based learning that improves performance.

Contact Us

©2024 Socratic Arts, Inc.