Description
Duration: 4 days
SOC Level 1 is a four-day, instructor-led course that builds the core skills needed to work in defensive security operations. Topics span monitoring, detection, analysis, and incident response, with hands-on coverage of phishing, network security, endpoint protection, SIEM, threat intelligence, and DFIR. Participants work through real-world scenarios to develop practical investigative skills and a solid understanding of how a Security Operations Center functions. The course includes an exam voucher for TCM Security’s Practical SOC Analyst Associate (PSAA) certification.
Target Audience
- Those pursuing a career as a SOC Analyst or Incident Responder.
- Individuals interested in blue team security who want to understand how security operations function in practice.
- IT professionals with a background in networking or systems administration who are looking to move into cybersecurity and SOC roles.
- Students preparing to sit for the Practical SOC Analyst Associate (PSAA) exam.
Prerequisites
- System Requirements: 8GB RAM & 256GB HDD
- Up-to-Date OS & Internet Browser
- Stable Internet connection
- Completion of the Practical Help Desk course, A+/Net+ equivalent, or familiarity with equivalent topics
- Basic familiarity with Windows and Linux operating system components.
- Comfort using the command line and knowledge of basic commands and navigation (e.g., cd, ls, cat).
- Understanding of networking concepts such as subnets, internal versus external IP addresses, network address translation, and routing.
- Familiarity with foundational security concepts including the CIA triad, security controls, encryption, and hashing.
What’s included?
- Authorized Courseware
- Intensive Hands on Skills Development with an Experienced Subject Matter Expert
- Hands on practice on real Servers and extended lab support 1.800.482.3172
- Examination Vouchers & Onsite Certification Testing – (excluding Adobe and PMP Boot Camps)
- Academy Code of Honor: Test Pass Guarantee
- Optional: Package for Hotel Accommodations, Lunch and Transportation
With several convenient training delivery methods offered, The Code Academy makes getting the training you need easy. Whether you prefer to learn in a classroom or an online live learning virtual environment, training videos hosted online, and private group classes hosted at your site. We offer expert instruction to individuals, government agencies, non-profits, and corporations. Our live classes, on-sites, and online training videos all feature certified instructors who teach a detailed curriculum and share their expertise and insights with trainees. No matter how you prefer to receive the training, you can count on The Code Academy for an engaging and effective learning experience.
Methods
- Instructor Led (the best training format we offer)
- Live Online Classroom – Online Instructor Led
- Self-Paced Video
Speak to an Admissions Representative for complete details
| Start | Finish | Public Price | Public Enroll | Private Price | Private Enroll |
|---|---|---|---|---|---|
| 5/25/2026 | 5/28/2026 | ||||
| 6/15/2026 | 6/18/2026 | ||||
| 7/6/2026 | 7/9/2026 | ||||
| 7/27/2026 | 7/30/2026 | ||||
| 8/17/2026 | 8/20/2026 | ||||
| 9/7/2026 | 9/10/2026 | ||||
| 9/28/2026 | 10/1/2026 | ||||
| 10/19/2026 | 10/22/2026 | ||||
| 11/9/2026 | 11/12/2026 | ||||
| 11/30/2026 | 12/3/2026 | ||||
| 12/21/2026 | 12/24/2026 | ||||
| 1/11/2027 | 1/14/2027 | ||||
| 2/1/2027 | 2/4/2027 | ||||
| 2/22/2027 | 2/25/2027 | ||||
| 3/15/2027 | 3/18/2027 | ||||
| 4/5/2027 | 4/8/2027 | ||||
| 4/26/2027 | 4/29/2027 |
Learning Objectives
- Security Operations Fundamentals
- Phishing Analysis
- Network Security Monitoring
- Network Traffic Analysis
- Endpoint Security Monitoring
- Endpoint Detection and Response
- Log Analysis and Management
- Security Information and Event Management (SIEM)
- Threat Intelligence
- Digital Forensics
- Incident Response
Course Outline
Module Day 1: SOC Fundamentals, Phishing Analysis, and Network Traffic Analysis
Introduces the course structure, lab access setup, and an overview of SOC operations. Students examine phishing attack methods and techniques, including email analysis, URL analysis, attachment analysis, MalDoc analysis, and phishing defenses, followed by a ticket challenge walkthrough. The day also covers packet and flow concepts along with hands-on network traffic analysis using TCPDump and Wireshark, concluding with a ticket challenge.
Module Day 2: Endpoint Security Monitoring and SIEM Fundamentals
Addresses endpoint security across Windows and Linux environments, including identifying malicious network connections and processes, performing live IR with SysInternals and Autoruns, understanding core system processes, and detecting persistence mechanisms. Ticket challenge walkthroughs are included throughout. The day closes with an introduction to SIEM concepts, common attack signatures, command-line log analysis, and a final ticket challenge.
Module Day 3: Splunk, Threat Intelligence, and YARA
Opens with a Splunk introduction covering Search Processing Language, search commands, reporting, alerting, and dashboard creation, as well as using Splunk to investigate intrusions and deploying forwarders. Students then examine threat intelligence concepts, threat intelligence frameworks, and the MITRE ATT&CK framework. The day wraps up with detecting malware using YARA and practice reading and writing YARA rules, with ticket challenges and walkthroughs throughout.
Module Day 4: Digital Forensics and Incident Response
Walks through the fundamentals of digital forensics investigations, disk image acquisition using FTK Imager, and memory acquisition with FTK Imager. Students then analyze Windows forensic artifacts, examine forensic images with Autopsy, and perform memory analysis with Volatility, supported by ticket challenge walkthroughs. The day ends with an overview of the incident response process and a course wrap-up.
