SECOPS - Implementing Cisco Cybersecurity Operations (SECOPS)

This course allows learners to understand how a Security Operations Center (SOC) functions and the introductory-level skills and knowledge needed in this environment. It focuses on the introductory-level skills needed for a SOC Analyst at the associate level. Specifically, understanding basic threat analysis, event correlation, identifying malicious activity, and how to use a playbook for incident response.

Click here to print this page »


It is strongly recommended, but not required, that students have the following knowledge and skills:
  • Skills and knowledge equivalent to those learned in Interconnecting Cisco Networking Devices Part 1 (ICND1)
  • Working knowledge of the Windows operating system
  • Working knowledge of Cisco IOS networking and concepts
  • Understanding Cisco Cybersecurity Fundamentals (SECFND)

Detailed Class Syllabus

Module 1: SOC Overview

Lesson 1: Defining the Security Operations Center
Lesson 2: Understanding NSM Tools and Data
Lesson 3: Understanding Incident Analysis in a Threat-Centric SOC
Lesson 4: Identifying Resources for Hunting Cyber Threats

Module 2: Security Incident Investigations

Lesson 1: Understanding Event Correlation and Normalization
Lesson 2: Identifying Common Attack Vectors
Lesson 3: Identifying Malicious Activity
Lesson 4: Identifying Patterns of Suspicious Behavior
Lesson 5: Conducting Security Incident Investigations

Module 3: SOC Operations

Lesson 1: Describing the SOC Playbook
Lesson 2: Understanding the SOC Metrics
Lesson 3: Understanding the SOC WMS and Automation
Lesson 4: Describing the Incident Response Plan
Lesson 5: Appendix A—Describing the Computer Security Incident Response Team
Lesson 6: Appendix B—Understanding the use of VERIS