O'Reilly logo
live online training icon Live Online training

Security Operation Center (SOC) Best Practices

Understanding best practices for any size SOC and methods to improve SOC maturity

Joseph Muniz

If you are responsible for an organization’s security, it is very likely you are running some form of a Security Operation Center (SOC). The maturity of your practice can range from one person responsible for everything to a team of people using various tools and processes. And although every network is different, the goal is typically the same … protect people and data from cyber threats.

This session will look at industry best practices for running a successful SOC. Topics will include tools and practices and we will even touch upon popular certifications for those looking to get certified. We will also examine when it makes sense to outsource part or all of your SOC capabilities as well as how to meet compliancy requirements. By the end of this training session you should have as solid understanding of what security technology is available and how it can improve your capabilities.

The speaker is the author of many Cisco Press and Pearson IT Certification titles on security and hacking. Titles include: - Security Operations Center - Investigating the Cyber Breach - Digital Forensics and Cyber Crime with Kali Linux Fundamentals LiveLessons - CompTIA Cybersecurity Analyst CySA+ (CS0-001) Complete Video Course - CCNA Cyber Ops (SECFND #210-250 and SECOPS #210-255) Official Cert Guide Library

What you'll learn-and how you can apply it

  • Overview of scoping a Security Operation Center (SOC)
  • Breakdown of the different services a SOC can provide
  • How to map your SOC’s maturity
  • Various characteristics of an effective SOC

This training course is for you because...

  • You want to understand how to develop and maintain an effective SOC
  • You need to or desire to improve your SOC capabilities.

Prerequisites

There are no official prerequisites for this course. However, we highly recommend you have a basic knowledge of computers and computer security concepts as well as basic operations. Commodity technologies such as Firewall and IPS will be quickly defined but how to configure them will not be covered. A basic understanding of how and why these technologies will be fine.

Recommended Preparation:

If you do not have a basic understanding of security terminology, please view the following videos before attending the training. All of Module 1 in CompTIA Cybersecurity Analyst CySA+ (CS0-001)

About your instructor

  • Joseph Muniz is an architect at Cisco Systems and security researcher. Joseph started his career in software development and later managed networks as a contracted technical resource. He moved into consulting and found a passion for security while meeting with a variety of customers.

    Joseph has been involved with the design and implementation of multiple projects ranging from Fortune 500 corporations to large federal networks. He is the author and contributor of several books as well as has spoken for popular security conferences such as RSA, Cisco Live, ISC2 and DEF CON. Joseph’s current role gives him visibility into the latest trends in cyber security both from leading vendors and customers.

Schedule

The timeframes are only estimates and may vary according to how the class is progressing

SOC – 20 mins

  • Business Challenges
  • Compliance
  • Threat Landscape

Different SOC Models – 10 mins

  • Local vs Virtual
  • Cloud
  • Hybrid

SOC Capabilities - 30 mins

  • Risk Management
  • Vulnerability Management
  • Compliance
  • Incident Response
  • Digital Forensics

Break (10 mins)

Security technologies 60 mins

  • SIEM
  • Logging
  • Netflow
  • Packet Capture
  • Threat Intel
  • AI
  • Networks

Break (10 mins)

Recommendations for Risk Reduction 20 mins

  • Edge
  • Remote Users
  • Access Control
  • Continuous Monitoring

Certification and Training 20 mins

Wrap Up 10 mins