The analysts in the security operations center (SOC) are the last line of defense.
The success of a SOC is difficult to measure since attackers and attacks never stand still: everything is a moving target. Success is typically measured by reducing organizational risk by detecting, remediating, and automatically preventing future instances of known attacks. In reality, this is far beyond the capability of most SOCs today. And to make matters even worse, SOC analysts rarely have the tools, tactics, procedures, or training to deal with all the threats that can affect organizations today. Nobody wants to admit how difficult the struggle is, which means it’s difficult to even get the conversation going.
Students can sign up for individual classes or packages of multiple classes.
In this six-week “on-ramp” course, you will investigate alerts by analyzing network traffic at a managed security service provider that provides outsourced information security services to a range of clients. We have designed this course to provide you with initial experience analyzing and understanding what alerts mean through realistic hands-on tasks.
In this six-week “on-ramp” course, you will investigate alerts by analyzing network traffic at a managed security service provider that provides outsourced information security services to a range of clients. We have designed this course to provide you with initial experience analyzing and understanding what alerts mean through realistic hands-on tasks.
The SOC Analyst Program consists of two tiers. New hires beginning careers as security operations center analysts should enroll in Tier 1. Experienced analysts should enroll in Tier 2. Students must successfully complete Security Operations Center Analyst, Tier 1 or have equivalent professional experience to be permitted to enroll in Security Operations Center, Tier 2. At least a year of SOC work experience between the Tier 1 and Tier 2 courses is strongly recommended.
Qualifications for entry-level SOC analysts are problematic because most applicants have little if any training in information security. Realistically, an entry-level SOC analyst can only be expected to be passionate about security and have some networking background, which happens to be the prerequisites for this program.
In each of the security operations center analyst courses, students will work through five-to-six tasks online in a private cloud environment with help, advice, and feedback from a knowledgeable mentor and extensive online learning resources. The tasks are embedded in the realistic, but fictional, context of work as an entry-level employee of a managed security service provider.
In addition to the task-based curriculum, an implicit curriculum runs throughout the program in which students learn and practice the cognitive skills essential for success in all areas of information security. These include:
Security Operations Center (SOC) Analysts play a crucial role in an organization’s cybersecurity efforts. The roles and compensation for SOC analysts can vary depending on the level of expertise, experience, and specific responsibilities. Below are some common types of SOC analysts and their potential compensation ranges as of my last knowledge update in September 2021. Please note that salaries can vary significantly based on factors like location, company size, and industry.
It’s important to keep in mind that these salary ranges are approximate and can vary based on factors like geographic location, the industry the organization operates in, and the candidate’s specific skills and qualifications.
Responsibilities: Monitoring security alerts, conducting initial incident triage, documenting incidents, and escalating as necessary.
Compensation: In the United States, entry-level SOC analysts may earn between $40,000 to $70,000 per year, depending on location and company.
Responsibilities: More advanced threat analysis, incident response, and investigations. May also involve mentoring junior analysts.
Compensation: Mid-level SOC analysts can earn between $70,000 to $100,000 annually or more, depending on experience and location.
Responsibilities: Advanced threat detection and response, developing and implementing security procedures, managing security technologies, and providing leadership within the SOC.
Compensation: Senior SOC analysts typically earn salaries ranging from $100,000 to $150,000 or more, depending on their expertise and location.
Responsibilities: Overseeing the SOC team, managing operations, developing security strategies, liaising with other departments, and reporting to senior management.
Compensation: SOC managers or team leads can earn salaries ranging from $120,000 to $180,000 or more, depending on their experience and the size of the SOC.
Responsibilities: Proactive searching for threats and vulnerabilities within the network, identifying and mitigating advanced threats, and conducting in-depth investigations.
Compensation: Threat hunters often command higher salaries, with ranges typically starting at $100,000 and going well beyond $150,000, depending on experience and expertise.
Responsibilities: Specialized in responding to cybersecurity incidents, conducting forensic analysis, and leading incident response efforts.
Compensation: Incident responders may earn salaries similar to senior SOC analysts, with a typical range of $100,000 to $150,000 or more.
Responsibilities: Focused on collecting and analyzing threat intelligence to proactively identify potential threats and vulnerabilities.
Compensation: Salaries for threat intelligence analysts can range from $70,000 to $120,000 or more.
START DATE | PACE | CAMPUS | STATUS |
TBD | Full-time | Online | Apply Today! |
You’re ready to commit to a full-time course load. You’ll graduate in 15 weeks thanks to a rigorous schedule: 8 hours a day, Monday to Friday.
Our part-time course is designed for busy people. If you don’t have 8 free hours to dedicate a day (same), then our part-time course is for you.
You need not have an IT or computer science background to succeed in this field. That being said, you should have strong basic computer skills, such as the ability to install and run complex applications. If you are unfamiliar with computer networks and protocols, we also recommend that you review the basics before beginning the program. Several online tutorials are available including some good YouTube tutorials.
In addition, you should be:
– intensely curious about how things work
– unwilling to give up on a problem no matter how difficult it is
– highly attentive to detail
– predisposed to independent learning
In order to qualify for the Tuition Reimbursement program there are additional requirements and a rigid application process. If you qualify, we will commit to getting you a job and if you are successful, will pay back the full tuition, effectively rendering your education free. You must complete the program and commit to working with us to get you a job. Please ask for details when you call us for registration.
The program covers the skills of network traffic analysis, system and network log analysis, digital forensics (both memory and disk forensics), and exploit development in great depth, giving you job-ready skills. The program provides foundational coverage of reverse engineering, malware analysis, open source intelligence gathering and analysis, and offensive/penetration-testing skills.
We convened a workshop sponsored by the Department of Defense (as well as two follow-up workshops and several individual interviews) with DoD-recommended experts to determine the skills and technologies to emphasize in the program. When we engaged with industry, we learned that defensive skills were underemphasized in the program, so we completely revamped the defensive half of the program working with highly-experienced cyber defenders, including the senior staff of a large managed security service provider.
We did not base the design on the NIST NICE (National Initiative for Cybersecurity Education) framework, but an after-the-fact comparison validates that our program does align well with their framework with respect to entry-level job roles.
Rather than being a progression of typical lecture courses, the Cybersecurity Training Certificate is 100% project-based learning by doing. Students work through a progression of realistic tasks online in a private cloud environment, learning the necessary knowledge and skills just in time as the knowledge and skills are relevant to what the student is trying to accomplish. As they work, students are supported by help, advice, and feedback from a knowledgeable mentor and extensive online learning resources.
The courses run in cohort form with specific start and end dates. There will be one or two weekly meetings while a course is running that students are required to attend. The course instructor will work with the cohort to determine the meeting dates and times. The meetings are required because we believe there are significant benefits to peer-to-peer experience sharing that will only be achieved if students are going through a course together. That being said, the majority of a student’s time during the week is self-scheduled.
The scheduled meetings will take 1-2 hours/week; they are typically held on weekday evenings.
What is the time commitment for self-study, outside of the regularly scheduled meetings?
The total time commitment required is 15 or 25 hours/week including scheduled mentor meetings and independent work.
The deadline to register is one week prior to the class start date. This gives us time to set up your accounts to access the curriculum website and the private cloud environment in which you will do your work. This also gives you time to complete some recommended prework which will be sent to you after you register.
To register please call 240-667-7757 to speak with and Odyssey Program Solution Specialist.
If you are unsure of your hands-on computer skills, we will be glad to provide a pre-assessment which should take 1-2 hours to complete.
The program consists of three courses:
Immediate Immersion is primarily to enable you to self-assess if you like the work and believe you will be good at it. The course teaches thinking like an attacker and the basic skills of network traffic analysis. 6 weeks at 25 hours/week or 10 weeks at 15 hours/week.
Cyber Defense The first half of the course focuses on security operations center analyst skills, specifically more advanced network traffic analysis, log analysis, and “lightweight” malware analysis. The second half focuses on digital forensics and incident response — skills that are employed after a breach is discovered. 12 weeks at 25 hours/week or 20 weeks at 15 hours/week.
Cyber Attack Also called Reverse Engineering and Exploitation focuses on reserve engineering, open source intelligence gathering, exploiting vulnerable systems and databases, and phishing attacks. 15 weeks at 25 hours/week.
The three courses build on each other, so they must be taken in order.
Only the Immediate Immersion course has a required textbook: Practical Packet Analysis: Using Wireshark to Solve Real-world Network Problems (3rd edition) by Chris Sanders. The book is available in printed and electronic form from the publisher, No Starch Press, and from Amazon.
You are required to purchase this book, and we suggest that you purchase it from the publisher because the Amazon Kindle version does not have page numbers (which the Immediate Immersion course references) and the author also receives a higher royalty if you buy the book from the publisher.
There is significant regional variation in salaries, but speaking generally, the average salary is Between $70,000 and $89,000, depending on the region of the country. The salary increases significantly as you move up in a cybersecurity career.
You will gain extensive experience with a wide range of professional tools.
Course: Immediate Immersion
Tools used:
Burp Suite – Intercepts traffic
Network Proxy – Configuring a proxy to redirect traffic
John the Ripper – Password cracking tool
Linux Command Line
Network Miner – Network traffic analysis
Wireshark – A more robust network traffic analysis tool.
WinSCP – File transfer tool
Snort – Intrusion detection/prevention system
Putty – Used as a shell to connect to the target machine
Online resource: VirusTotal
Course: The Cyber Academy: Defense
Tools used:
Wireshark – Network traffic analysis
WinSCP – File transfer
Putty – Shell/File transfer; used to connect to linux box
Snort – Intrusion detection/prevention
Linux Command Line
Splunk – Security Information Event Management
Volatility – Memory forensics
Autopsy – Disk forensics
Registry Explorer – Review registry hives
Atom – Note taking
Splunk – Security Information Event Management (SIEM)
Remote Desktop connection (RDP) – connect to forensics machine
WinSCP – File transfers
Putty – Used as a shell
Online resources:
Urlscan.io – Preview a site without navigating to it, also checks the reputation.
VirusTotal – Check the reputation of hashes, IP address and websites.
Any.run – Malware analysis toolkit
Course: The Cyber Academy: Attack
Tools used:
Ida Pro – Reverse Engineering; disassembler
Immunity Debugger – Reverse Engineering; disassembler (more robust than Ida Pro)
Irssi – Internet Relay Chat (IRC)
Relyze – Disassemble, decompile and check binary differences.
Metasploit – Penetration testing framework
Msfvenom – Combination of payload generation and encoding
Shelter(optional) – Shell injection tool
Putty – Used as a shell for remote access to a Linux machine
WinSCP – File transfer Network proxy
We will provide assistance in crafting an effective resume and LinkedIn profile. We will also provide advice on effective networking, which provides a much better route to an entry-level job than simply sending a resume to “the black hole of HR.” We also have a job placement service offering coming soon.
