Certified SOC Analyst (CSOC) - Security Operations & Blue Team Professionals

Duration: 5 Days

Modes: In-Person, Live Online, On-Site

Your SOC is only as strong as the analysts running it. This 100% hands-on programme trains you to detect, investigate, and respond to real-world cyber threats using the same tools, techniques, and workflows found in enterprise Security Operations Centres. From log analysis to incident triage, you leave ready to defend.

Speak to a Training Advisor

Course Objectives

Understand the role, structure, and operations of a modern Security Operations Centre

Learn to monitor, detect, and analyse security events using SIEM platforms and log analysis tools

Master incident detection and triage workflows for common attack scenarios

Understand network traffic analysis, packet capture, and anomaly detection techniques

Learn to investigate security incidents across endpoints, networks, and cloud environments

Understand threat intelligence integration within SOC operations

Learn incident response procedures aligned to MAS TRM and CSA CCoP 2.0 requirements

Develop skills in malware analysis, forensic artefact collection, and evidence preservation

Expected Outcomes

Operate effectively as a Tier 1 or Tier 2 SOC analyst from day one

Monitor and triage security alerts using industry-standard SIEM platforms

Detect and investigate common attack patterns including lateral movement, data exfiltration, and privilege escalation

Analyse network traffic and packet captures to identify malicious activity

Perform endpoint forensic analysis and malware triage

Correlate events across multiple data sources to identify advanced threats

Execute incident response procedures within regulatory timelines

Produce clear, actionable incident reports for stakeholders and management

Training Modules

1. Introduction to SOC Operations

1. SOC architecture, roles, and responsibilities (Tier 1, Tier 2, Tier 3)
2. SOC workflows and standard operating procedures
3. Key metrics and KPIs for SOC performance
4. Regulatory requirements: MAS TRM incident notification, CSA CCoP 2.0

2. SIEM Fundamentals and Log Analysis

1. Introduction to SIEM platforms and architecture
2. Log collection, normalisation, and correlation
3. Writing detection rules and alert tuning
4. Reducing false positives and alert fatigue
5. Hands-on SIEM lab exercises

3. Network Traffic Analysis

1. Packet capture and analysis with Wireshark
2. Network flow analysis and anomaly detection
3. Identifying C&C communication patterns
4. DNS, HTTP, and TLS traffic analysis
5. Detecting lateral movement and data exfiltration through network monitoring

4. Endpoint Detection and Analysis

1. Endpoint Detection and Response (EDR) fundamentals
2. Windows event log analysis
3. Linux system log analysis
4. Process analysis and memory forensics basics
5. Identifying persistence mechanisms and malicious processes

5. Threat Intelligence and Incident Detection

1. Threat intelligence sources, feeds, and platforms
2. MITRE ATT&CK Framework for detection and response
3. Indicator of Compromise (IoC) and Indicator of Attack (IoA) analysis
4. Threat hunting fundamentals
5. Mapping adversary behaviour to detection rules

6. Incident Response and Triage

1. Incident classification and prioritisation
2. Incident response lifecycle: Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned
3. Evidence collection and chain of custody
4. Malware triage and basic analysis
5. Hands-on incident response simulations

7. SOC Reporting and Communication

1. Writing effective incident reports
2. Escalation procedures and stakeholder communication
3. Post-incident review and continuous improvement
4. Building a security-first culture within the organisation

Certification & Accreditation

Certification Path 1: GlobalACE Certification

The GlobalACE certification is designed to align with internationally recognised Knowledge, Skills, and Attitudes (KSA) standards for Information Security Professionals. Candidates are assessed through a combination of multiple choice questions, practical assessments, assignments, and case studies. Examinations are conducted at authorised centres across participating member countries, and successful candidates are eligible to apply as Associate or Professional Members under the GlobalACE framework, recognised in 64+ countries.

Certification Path 2: CyberKnights Certification

The CyberKnights certification is conducted through the KALAM platform, a purpose-built cybersecurity examination and skills validation system. Candidates take a 25-question MCQ exam within 60 minutes, with a pass mark of 70%. Exam fees are inclusive in the course fees. All certified candidates receive complimentary membership access to the KALAM Cybersecurity Collaboration and Community Skills Validation Platform, giving them access to an active community of security professionals.

Frequently Asked Questions

Is this course suitable for someone new to SOC operations?

Yes. The programme is designed for professionals transitioning into SOC roles or looking to formalise their skills. It builds from foundational SOC concepts to advanced detection and response techniques.

Does this training cover cloud SOC operations?

Yes. The programme includes detection and investigation techniques for cloud environments alongside traditional on-premise infrastructure monitoring.

Can this be delivered on-site for our SOC team?

Yes. We offer private on-site delivery where the lab environment can be configured to reflect your organisation's SOC tools, workflows, and threat landscape.

What SIEM platform is used during the training?

The course uses industry-standard SIEM platforms in its lab environment. The skills you learn are transferable across any SIEM solution your organisation deploys.

How does the CSOC certification compare to other SOC certifications?

Unlike certifications that rely heavily on theory and MCQs, CSOC is hands-on from start to finish. The exam requires you to detect and respond to real attacks in a simulated environment, proving practical capability rather than memorised knowledge.

Will this help our team meet MAS TRM incident response requirements?

Yes. The programme specifically covers incident response timelines and procedures aligned to MAS TRM and CSA CCoP 2.0 requirements, helping your SOC team meet Singapore's regulatory obligations.

Ready to get started?

Train your team. Strengthen your defence.

Fill in the form and our training advisors will get back to you within 24 hours with a tailored programme recommendation for your team.

20,000+ professionals trained across enterprise and government sectors

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.