APPLY
COURSE

SOC Analyst Tier 1

In this course, you will be working as a Tier 1 SOC analyst for a managed security service provider (MSSP) that provides outsourced information security services to a range of clients. You will investigate alerts with a combination of packet captures (PCAPs) and also log files from servers and networking equipment. We have designed this course to help a beginning Tier 1 SOC Analyst become proficient at analyzing and understanding what alerts mean through a series of realistic hands-on tasks based on attackers attempting to gain initial access to a network. This course can be completed in five weeks working 25 hours per week or 10 weeks working 15 hours per week.

ENROLL
DOWNLOAD SYLLABUS
SKILL LEVEL

Beginner

DURATION

5 Weeks at 25 Hours per Week or 10 Weeks at 15 Hours per Week

CERTIFICATE OF COMPLETION

Included with Course Purchase

PREREQUISITES

A Pre-Assessment is Required

SOC Analyst Tier 1

UPCOMING START DATES

No dates are scheduled at this time, please contact us to apply today!

THE CYBER ACADEMY

MONTH DAY
  • 34 Weeks at 25 Hours per Week
  • Application Deadline June 15
APPLY NOW

THE CYBER ACADEMY

MONTH DAY
  • 34 Weeks at 25 Hours per Week
  • Application Deadline June 15
APPLY NOW

THE CYBER ACADEMY

MONTH DAY
  • 34 Weeks at 25 Hours per Week
  • Application Deadline June 15
APPLY NOW

FIND THE RIGHT FIT

WHO SHOULD ENROLL

Students who wish to explore a career in cybersecurity to determine if it is right for them. The ideal student is intensely curious, unwilling to give up on a problem no matter how difficult it is, and predisposed towards self-directed learning.

APPLY

THE CYBER ACADEMY

LEARNING OUTCOMES

Our courses are 100% hands-on, learn-by-doing. Mentors guide students through a learning experience in students solve difficult problems learning just enough, just in time to succeed. We focus on what students are able to do when they complete the program rather than on specific knowledge that traditional programs typically try to impart, which might not always be necessary in practice.

During this course you will learn and practice key SOC analyst skills including:

  • Conducting online technical research

  • Analyzing and verifying Snort alerts

  • Distinguishing between true and false positive alerts

  • Analyzing packet capture (PCAP) files

  • Analyzing system and network logs using a SIEM

  • Identifying OS/Application fingerprints

  • Analyzing suspicious user behavior

  • Identifying vulnerabilities based on vulnerability scans and proposing remediations 

  • Analyzing remote intrusion attempts

  • Analyzing phishing attacks

  • Analyzing watering hole attacks.

Learn More

ADVOCATE YOUR CAREER

CAREER PATHS

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

IMMEDIATE IMMERSION

UPCOMING START DATES

START DATE
PACE
CAMPUS
STATUS
August 7, 2023
Full-time
Online
Few spots left!
September 18, 2023
Full-time
Online
Open
AUGUST 7, 2023
Full-time
Online
Few spots left!
AUGUST 7, 2023
Full-time
Online
Few spots left!

compare and contrast

GO AT YOUR OWN PACE

FULL-Time

You’re ready to commit to a full-time course load. You’ll graduate in 15 weeks working 8 hours a day, Monday to Friday.

  • Paced to complete in 15 weeks
  • In person or online
  • Synchronous cohort learning
  • Group work with instructor
  • Paired with design sessions
  • Lab time with instructional staff
APPLY FULL-TIME
part-time

If you don’t have eight free hours to dedicate a day, then our part-time course offering is for you.

  • Paced to complete in 40 weeks
  • Online only
  • Asynchronous learning at your own pace
  • Recorded lessons
  • Live lectures and office hours
  • Slack with classmates and instructors
APPLY PART-TIME

finance options

TUITION FUNDING

We have teamed up with Meritize to offer our students a unique financing option. Meritize works with students, educators, and employers to help people succeed in skills-based careers. Want to learn more? Check out their FAQ page here, or give them a call at 833-MERIT-4-U. Ready to see if you qualify? Check your options.

Learn More

PROGRAM OVERVIEW

The field of Information Security deals with the ever-growing volume of threats to businesses and government entities. While hardening computer and network infrastructure with patching, firewalls, and intrusion protection systems is important, those tools will probably never stop the threats completely. Adept individuals are needed to monitor the security tools, watching for threats that bypass the automated protections. The analysts in the Security Operations Center (SOC) are the last line of defense. The SOC tries to detect and remediate threats that make it past the protections. The SOC analyst role has traditionally been an entry-level position, but a great deal of knowledge and skills are necessary for success.

The success of a SOC is difficult to measure since attackers and attacks never stand still: Everything is a moving target. Success is typically measured by reducing organizational risk by detecting, remediating, and automatically preventing future instances of known attacks. In reality, this is far beyond the capability of most SOCs today. And to make matters even worse, SOC analysts rarely have the tools, tactics, procedures, or training to deal with all the threats that can affect organizations today. Nobody wants to admit how difficult the struggle is, which means it’s difficult to even get the conversation going.

Qualifications for entry-level SOC analysts are problematic because most applicants have little if any training in information security. Realistically, an entry-level SOC analyst can only be expected to be passionate about security and have some networking background – which happens to be the prerequisites for this course.

In this course, you will be working as a Tier 1 SOC analyst for a managed security service provider (MSSP) that provides outsourced information security services to a range of clients. You will investigate alerts with a combination of packet captures (PCAPs) and also log files from servers and networking equipment. We have designed this course to help a beginning Tier 1 SOC Analyst become proficient at analyzing and understanding what alerts mean through a series of realistic hands-on tasks based on attackers attempting to gain initial access to a network. (Future courses will deal with lateral movement by an attacker after gaining initial access, command and control communication, and data exfiltration.)

SOC Analyst Tier 1

CURRICULUM

The student receives a report that an IT support employees had unusual text on his screen that didn’t seem to be work related. His network traffic has been captured from that time period. The student will use NetworkMiner and then WireShark to open the packet capture (PCAP) file and analyze what the user was doing. Was his activity benign or was this evidence of an insider attack?

Analysts are asked to use the network pentesting tool Nmap to profile the attack surface of potentially-vulnerable Windows and Linux hosts within a client’s AWS VPS. Using Nmap’s output, they must identify and assess the severity of any vulnerabilities associated with the OS and services of profiled devices, then attempt to locate viable published exploits available on popular websites like exploit.db, GitHub, and Twitter. After successfully enumerating the VPS’s attack surface, analysts must devise a series of recommendations for the client: short term advice for immediate implementation as well as long-term recommendations for reducing the identified attack surface and improving detection visibility for what remains.

A security operations center analyst has seen evidence of a password cracking attempt within a key network. Students analyze a PCAP and event logs within a security information and event management system (the Splunk SIEM) to determine whether or not any passwords were compromised, and if the network was breached as a result. The student must also identify which tools were used by the attacker, and which steps should be taken to safeguard specific hosts in the network from similar cracking attempts in the future.

A client of the MSSP was alerted to suspicious activity on one of their HR department computers by their antivirus application. At the time, the event was classified as benign, but now there are growing concerns that it may have been something more serious. The student will determine whether this was a false or true positive—and if further incident response is necessary.

Students analyze a possible “watering hole” attack in which clicking on a malicious link embedded in an otherwise legitimate website launches an exploit kit that infects a user’s machine with a “trojan.” To accomplish this, they must analyze multiple logs within the Splunk SIEM

DOWNLOAD SYLLABUS

Additional Information

Prerequisites

Applied knowledge of computer networks and protocols, knowledge of the Windows and Linux operating systems, and experience using command line interfaces.

WHAT OUR STUDENTS ARE SAYING

TESTIMONIALS

“A student doesn’t really need much background and technology, you just need that determination to push through. If you can ask yourself the right questions, that’s all you really need to get through these programs”
“I didn’t have a whole lot of experience when I started these courses.”
“It was all pretty new to me. I had very bare minimum knowledge with computers prior to this [program].”
“It was a lot of problem solving, puzzles.”
“The program felt like a video game I was playing the entire time.”
“[If you] get a really good grasp on something small and build off of that, eventually you’ve got this story in front of you that you can piece together.”
“Having these obstacles and having to overcome these challenges, it makes you remember. You learn things kind of the hard way, but eventually you’ll have a good grasp on that concept.”
“I took a chance on myself. That’s honestly what I did when I joined this program. And I hope that anybody [on the fence] decides to take a chance on themselves too.”

Programs

APPLY

Terms & Conditions

SMARTSite by Site Hub

Privacy Policy