APPLY
COURSE

SOC Analyst Tier 2

A Tier 2 security operations center (SOC) analyst takes the lead investigating complex information security incidents. Their work includes collecting, analyzing, and preserving digital evidence, as well as ensuring that incidents are appropriately recorded, tracked and reported.

In this course, you will be working as a Tier 2 SOC analyst for a managed security service provider that provides outsourced information security services to a range of clients. During the course you will analyze and report on a single complex cyber attack, beginning with the detonation of ransomware in a client’s network and working backwards to determine the attack vector and true purpose of the attack. This course can be completed in five weeks working 25 hours per week or 10 weeks working 15 hours per week.

Sign Up
DOWNLOAD SYLLABUS
SKILL LEVEL

Beginner

DURATION

5 Weeks at 25 Hours per Week or 10 Weeks at 15 Hours per Week

CERTIFICATE OF COMPLETION

Included with Course Purchase

PREREQUISITES

A Pre-Assessment is Required

SOC Analyst Tier 2

UPCOMING START DATES

No dates are scheduled at this time, please contact us to apply today!

THE CYBER ACADEMY

MONTH DAY
  • 34 Weeks at 25 Hours per Week
  • Application Deadline June 15
APPLY NOW

THE CYBER ACADEMY

MONTH DAY
  • 34 Weeks at 25 Hours per Week
  • Application Deadline June 15
APPLY NOW

THE CYBER ACADEMY

MONTH DAY
  • 34 Weeks at 25 Hours per Week
  • Application Deadline June 15
APPLY NOW

FIND THE RIGHT FIT

WHO SHOULD ENROLL

Students who wish to explore a career in cybersecurity to determine if it is right for them. The ideal student is intensely curious, unwilling to give up on a problem no matter how difficult it is, and predisposed towards self-directed learning.

APPLY

SKILLS TO TAKE WITH YOU

LEARNING OUTCOMES

Our courses are 100% hands-on, learn-by-doing. Mentors guide students through a learning experience in students solve difficult problems learning just enough, just in time to succeed. We focus on what students are able to do when they complete the program rather than on specific knowledge that traditional programs typically try to impart, which might not always be necessary in practice.

During this course you will learn and practice key SOC analyst skills including:

  • Enumerating and baselining the activity of all unique devices in an unknown network
  • Gathering intelligence on and timelining user and workstation activity to discover anomalous behavior
  • Distinguishing between benign and malicious activity when attackers “live off the land”
  • Detecting different forms of privilege escalation within an Active Directory (AD) environment
  • Detecting different forms of lateral movement within an AD domain
  • Determining methods of malware propagation
  • Identifying the scope and timeframe of a ransomware attack
  • Identifying additional compromised user accounts or workstations through pivoting
  • Detecting and identifying the exploitation of an internal server as the means of an attacker’s initial perimeter breach
  • Examining post-exploitation recon and movement in order to profile attackers and determine intent
  • Detecting several types of data exfiltration, including exfil over an alternative protocol (DNS)
  • Appropriate collection of critical information, with whom to share it, and when to share it during phases of incident response.
Learn More

ADVOCATE YOUR CAREER

CAREER PATHS

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

IMMEDIATE IMMERSION

UPCOMING START DATES

START DATE
PACE
CAMPUS
STATUS
August 7, 2023
Full-time
Online
Few spots left!
September 18, 2023
Full-time
Online
Open
AUGUST 7, 2023
Full-time
Online
Few spots left!
AUGUST 7, 2023
Full-time
Online
Few spots left!

compare and contrast

GO AT YOUR OWN PACE

FULL-Time

You’re ready to commit to a full-time course load. You’ll graduate in 15 weeks working 8 hours a day, Monday to Friday.

  • Paced to complete in 15 weeks
  • In person or online
  • Synchronous cohort learning
  • Group work with instructor
  • Paired with design sessions
  • Lab time with instructional staff
APPLY FULL-TIME
part-time

If you don’t have eight free hours to dedicate a day, then our part-time course offering is for you.

  • Paced to complete in 40 weeks
  • Online only
  • Asynchronous learning at your own pace
  • Recorded lessons
  • Live lectures and office hours
  • Slack with classmates and instructors
APPLY PART-TIME

finance options

TUITION FUNDING

We have teamed up with Meritize to offer our students a unique financing option. Meritize works with students, educators, and employers to help people succeed in skills-based careers. Want to learn more? Check out their FAQ page here, or give them a call at 833-MERIT-4-U. Ready to see if you qualify? Check your options.

Learn More

PROGRAM OVERVIEW

A Tier 2 security operations center (SOC) analyst takes the lead investigating complex information security incidents, which are often escalated by more junior analysts. Their work includes collecting, analyzing, and preserving digital evidence, as well as ensuring that incidents are appropriately recorded, tracked and reported. In many organizations their job also includes proactively hunting for threats that intrusion detection systems may have missed.

In this course, you will be working as a Tier 2 SOC analyst for a managed security service provider that provides outsourced information security services to a range of clients. During the course you will analyze and report on a single complex cyber attack, beginning with the detonation of ransomware in a client’s network and working backwards to determine the attack vector and true purpose of the attack.

SOC Analyst Tier 2

CURRICULUM

  1. The student, working in the role of a tier 2 security operations center analyst, is assigned a traditional malware IR case involving a ransomware attack that compromised a client’s network. The student must determine the scope of the incident, identify the method by which the malware propagated throughout the network, and begin to answer the question of containment—only to discover that the clues don’t lead directly to an initial perimeter compromise.

Following the pivot of the compromised Active Directory account, the student will explore techniques for detecting several common methods of lateral movement as well as privilege escalation within AD. Students must profile the suspicious account, timeline both user and workstation activity, and pivot to any other potentially-compromised accounts, based on following the attacker’s tracks through the logs until “patient 0” is found, the site of initial access.

After identifying the original entry point into the network, the student will dive deep into answering the question of containment. Using primarily network-based logs, they will confirm a specifically targeted server and determine how it was successfully exploited. Then, they will dive deeply into host-based logs to determine what happened post-exploitation and begin to build a profile of the attacker’s motivations. By the conclusion of this task, students will have developed a much more accurate picture of the attacker’s motivations.

Now that it has become clear this is a targeted attack, students will take a higher-level view of their investigation thus far in order to reassess the evidence. They will reexamine their existing evidence, dive deeper into detection strategies for commonly used living-off-the-land techniques, and elaborate the profile of the attacker’s motivations and intent.

Students will analyze several instances of proprietary data being transferred to different locations within the network and ultimately crossing the perimeter to be successfully exfiltrated to the attacker’s C2 server using a novel, difficult-to-detect technique.

Students will conclude their investigation by writing an appropriate report to the CISO and a more technical report to the incident responders. They will also write a non-technical, short executive summary for senior management of the company.

DOWNLOAD SYLLABUS

Additional Information

Prerequisites

Successful completion of The Security Operations Center Analyst, Tier 1 course or equivalent professional experience working in a security operations center.

WHAT OUR STUDENTS ARE SAYING

TESTIMONIALS

“A student doesn’t really need much background and technology, you just need that determination to push through. If you can ask yourself the right questions, that’s all you really need to get through these programs”
“I didn’t have a whole lot of experience when I started these courses.”
“It was all pretty new to me. I had very bare minimum knowledge with computers prior to this [program].”
“It was a lot of problem solving, puzzles.”
“The program felt like a video game I was playing the entire time.”
“[If you] get a really good grasp on something small and build off of that, eventually you’ve got this story in front of you that you can piece together.”
“Having these obstacles and having to overcome these challenges, it makes you remember. You learn things kind of the hard way, but eventually you’ll have a good grasp on that concept.”
“I took a chance on myself. That’s honestly what I did when I joined this program. And I hope that anybody [on the fence] decides to take a chance on themselves too.”

Programs

APPLY

Terms & Conditions

SMARTSite by Site Hub

Privacy Policy