Implementing Cisco Cybersecurity Operations

5 days


This course allows learners to understand how a Security Operations Center (SOC) functions and the introductory-level skills and knowledge needed in this environment. It focuses on the introductory-level skills needed for a SOC Analyst at the associate level. Specifically, understanding basic threat analysis, event correlation, identifying malicious activity, and how to use a playbook for incident response.


  • This course is part of the following Certifications:
  • Cisco Certified Network Associate Cyber Ops (CCNA)

Course Outline

  • Upon completion of this course, you will be able to:
  • Define a SOC and the various job roles in a SOC
  • Understand SOC infrastructure tools and systems
  • Learn basic incident analysis for a threat centric SOC
  • Explore resources available to assist with an investigation
  • Explain basic event correlation and normalization
  • Describe common attack vectors
  • Learn how to identifying malicious activity
  • Understand the concept of a playbook
  • Describe and explain an incident respond handbook
  • Define types of SOC Metrics
  • Understand SOC Workflow Management system and automation
  • Course Content

Module 1: SOC Overview

  • Lesson 1: Defining the Security Operations Center
  • Lesson 2: Understanding NSM Tools and Data
  • Lesson 3: Understanding Incident Analysis in a Threat-Centric SOC
  • Lesson 4: Identifying Resources for Hunting Cyber Threats

Module 2: Security Incident Investigations

  • Lesson 1: Understanding Event Correlation and Normalization
  • Lesson 2: Identifying Common Attack Vectors
  • Lesson 3: Identifying Malicious Activity
  • Lesson 4: Identifying Patterns of Suspicious Behavior
  • Lesson 5: Conducting Security Incident Investigations

Module 3: SOC Operations

  • Lesson 1: Describing the SOC Playbook
  • Lesson 2: Understanding the SOC Metrics
  • Lesson 3: Understanding the SOC WMS and Automation
  • Lesson 4: Describing the Incident Response Plan
  • Lesson 5: Appendix A—Describing the Computer Security Incident Response Team
  • Lesson 6: Appendix B—Understanding the use of VERIS

Related Courses


Thinking about Onsite?

If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. It's a cost effective option.

Submit an enquiry from any page on this site, and let us know you are interested in the requirements box, or simply mention it when we contact you.

Upcoming Dates

  • GREEN This class is Guaranteed To Run.
  • SPVC - Self-Paced Virtual Class.
  • Click a Date to Enroll.
Course Location Days Cost Date
Midlands Birmingham5 1940 £1940 2019-10-07
Edinburgh Edinburgh5 1940 £1940 2019-10-07
Utrecht Utrecht5 1940 £1940 2019-10-07
Bristol Bristol5 1940 £1940 2019-10-07
Devon Exeter5 1940 £1940 2019-10-07
Yorkshire Leeds5 1940 £1940 2019-11-18
Yorkshire Leeds5 1940 £1940 2019-11-18
London London5 1940 £1940 2019-11-18
London London5 1940 £1940 2019-11-18
Midlands Birmingham5 1940 £1940 2019-12-02
Edinburgh Edinburgh5 1940 £1940 2019-12-02
Bristol Bristol5 1940 £1940 2019-12-02
Devon Exeter5 1940 £1940 2019-12-02