Cybersecurity Operations Fundamentals

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you acquire the fundamental skills required in a security operations center. You will learn the primary functions of a security operations center (SOC) and the critical role it plays in protecting organizational assets from cyber-attacks. By the end of the course, you will be able to: • Gain an understanding of SOC team member’s daily activities and responsibilities. • Identify who these bad actors are, their motives, why they attack, and what they attack. • Review the goals of implementing a SOC and covers the business benefits that an organization achieves by employing a SOC. • Introduce technical and procedural challenges in a SOC. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

The three most used endpoint operating systems are Windows, Linux, and Mac. When investigating security incidents, security analysts often encounter these operating systems running on servers or user end hosts. If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand basic Windows operations principles. By the end of the course, you will be able to: •By the end of the course, you will be able to: • Describe the history of the Windows operating system and vulnerabilities. • Describe the Windows OS architecture and components. • Describe Windows processes, threads, and handles. • Describe virtual memory allocation in the Windows OS.• Describe Windows services and how they are used. • Describe the functionality of Windows NTFS. • Describe the Windows NTFS structure. • Describe Windows domains and local user accounts. • Describe the Windows graphical user interface and its use. • Describe how to perform tasks in Windows which may require administrator privileges.• Describe the Windows command line interface use and features. • Describe the features of the Windows PowerShell. • Describe how the net command is used for Windows administration and maintenance. •Describe how to control Windows startup services and execute a system shutdown. • Describe how to control Windows services and processes that are operating on a host. • Describe how to monitor Windows system resources with the use of Windows Task Manager. • Describe the Windows boot process, starting services, and registry entries. • Describe how to configure Windows networking properties. •Use the netstat command to view running networking functions. •Access Windows network resources and perform remote functions. •Describe the use of the Windows registry. •Describe how the Windows Event Viewer is used to browse and manage event logs. • Use the Windows Management Instrumentation to manage data and operations on Windows-based operating systems.• Understand common Windows server functions and features. • Describe commonly used third-party tools to manage to manage Windows operating systems. • Explore the Windows operating system and services. The knowledge and skills that students are expected to have before attending this course are: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will provide introduction to network infrastructure and network security monitoring tools. By the end of the course, you will be able to: •Describe ACL operation when using the established option • Describe the purpose of Access List Control lists •Describe network address translation (NAT) fundamental concepts • Explain the NSM tools that are available to the network security analyst • Describe the three types of NSM tools used within the SOC (commercial, Open Source, or homegrown) • Describe network-based malware protection • Describe the benefits of load balancing and web application firewalls. • Describe AAA • Describe basic models for implementing access controls over network resources. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you explore data type categories in context to network security analytics. By the end of the course, you will be able to: • Explain the data that is available to the network security analysis •Describe the various types of data used in monitoring network security • Describe the deployment and use of SIEMs to collect, sort, process, prioritize, store, and report alarms • Describe the functions of SOAR platforms and features of Cisco SecureX •Describe the Security Onion Open Source security monitoring tool • Explain how packet capture data is stored in the PCAP format and the storage requirements for full packet capture. • Describe packet capture usage and benefits for investigating security incidents • Describe packet captures using tools such as Tcpdump • Describe session data content and provide an example of session data •Describe transaction data content and provide an example of transaction data z • Describe alert data content and provide an example of alert data •Describe other types of NSM data (extracted content, statistical data, and metadata) •Explain the need to correlate NSM data and provide an example •Describe the Information Security CIA triad • Understand PII as it relates to information security • Describe compliance regulations and their effects on an organization • Describe intellectual property and the importance of protecting it • Use various tool capabilities of the Security Onion Linux distribution To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand Incident Analysis in a Threat-Centric SOC. By the end of the course, you will be able to: •Use the classic kill chain model to perform network security incident analysis • Describe the reconnaissance phase of the classic kill chain model • Describe the weaponization phase of the classic kill chain model • Describe the delivery phase of the classic kill chain model • Describe the exploitation phase of the classic kill chain model •Describe the installation phase of the classic kill chain mode l• Describe the command-and-control phase of the classic kill chain model • Describe the actions on objectives phase of the classic kill chain model • Describe how the kill chain model can be applied to detect and prevent ransomware • Describe using the diamond model to perform network security incident analysis • Describe how to apply the diamond model to perform network security incident analysis using a threat intelligence platform, such as ThreatConnect • Describe the MITRE ATTACK framework and its use • Walk-through the classic kill chain model and use various tool capabilities of the Security Onion Linux distribution •Understand the kill chain and the diamond models for incident investigations, and the use of exploit kits by threat actors. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand how threat-centric SOC must prepare for analyzing new and emerging threats by implementing robust security investigation procedures • By the end of the course, you will be able to: • Understand cyber-threat hunting concepts • Describe the five hunting maturity levels (HM0–HM4) • Describe the hunting cycle four-stage loop• Describe the use of the Common Vulnerability Scoring System (CVSS) and list the CVSS v3.0 base metrics• Describe the CVSS v3.0 scoring components (base, temporal, and environmental) • Provide an example of CVSS v3.0 scoring • Describe the use of a hot threat dashboard within a SOC • Provide examples of publicly available threat awareness resources • Provide examples of publicly available external threat intelligence sources and feeds• Describe the use of security intelligence feed • Describe threat analytics systems • Describe online security research tools • Simulate malicious actions to populate the event data on the Security Onion tools for later analysis • Identify resources for hunting cyber threats. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand threat response. By the end of the course, you will be able to: • Explain the purpose of incident response planning • Describe the typical incident response life cycle • Describe the typical elements within an incident response policy • Describe how incidents can be classified. • Describe the different US-CERT incident categories (CAT 0 to CAT 6) • Describe compliance regulations that contain incident response requirements • Describe the different general CSIRT categories • Describe the basic framework that defines a CSIRT• Describe the different CSIRT incident handling services: triage, handling, feedback, and optional announcement • Describe a typical incident response plan and the functions of a typical CSIRT. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.