“Security Measures and Defensive Analysis” is a defensive-focused course that covers the basics of defending networks and systems against cyber threats.
The course focuses on developing techniques for simple analysis and evaluation of protocols that can be performed on a large scale. This more manual approach ensures a better understanding of how logs and artifacts are generated and how they can be queried in both Windows and Linux environments. Learners develop an understanding of network security incidents and detection techniques.
SOC-200 teaches learners a variety of practical skills and defense techniques, including:
- Understanding Windows endpoint security, including desktops, laptops, and other user devices, and the threats and vulnerabilities they face
- Detecting social engineering and spear phishing tactics, two of the most common attack methods used by attackers
- Using the Invoke Obfuscation framework to automate PowerShell obfuscation and create realistic traps for simulated attackers. Exploring Linux endpoint concepts, including security mechanisms and common vulnerabilities, to understand how attackers attack Unix-based systems. Leveraging administrative groups such as Domain Administrators, Enterprise Admins, and Full Administrators to understand access control in secure domain environments. Deploying and working with SIEM tools such as ELK and Splunk to monitor logs, detect anomalies, and investigate security incidents.
SOC-200: Your introduction to the world of cyber defense
SOC-200 is divided into 19 modules, many of which include accompanying videos for learners who prefer a more visual presentation of information. Each module also includes practical exercises and labs where learners can “show their work” and demonstrate that they have understood and internalized the material. After students have completed the course materials, there are more than a dozen Challenge Labs where they can test their ability to bring all the concepts together and defend their infrastructure against attackers. Once ready, learners can take the OSDA exam, which demonstrates their ability to identify, analyze, and respond to potential threats in a live laboratory environment.
SOC-200 is aimed at anyone who wants to take a serious step into the world of information security and learn the skills to detect cyberattacks. The course material describes how to detect various attacks and techniques used by malicious actors against organizations. To successfully complete this course, learners should have a solid foundation in TCP/IP networking, familiarity with Linux and Windows operating systems, and a basic understanding of cybersecurity concepts.