SECOPS Certification Training

Course Overview

Our 5- day, instructor-led SECOPS (Implementing Cisco Cybersecurity Operations) training and certification boot camp in Washington, DC Metro, Tysons Corner, VA, Columbia, MD or Live Online is intended to teach the introductory-level skills and knowledge required for success in a Security Operations Center (SOC) . It will teach you the fundamental skills required to begin a career working as an associate-level cybersecurity analyst in a security operations center.

This course will prepare you for the associate level 210-255® Certification exam.


Currently, there are no public classes scheduled. Please contact a Phoenix TS Training Consultant to discuss hosting a private class at 240-667-7757.


Not seeing a good fit?

Let us know. Our team of instructional designers, curriculum developers, and subject matter experts can create a custom course for you.

Contact Us

Learn more about custom training

Course Outline

Module 1: SOC Overview

Lesson 1: Defining the Security Operations Center

  • Types of Security Operations Centers
  • SOC Analyst Tools
  • Data Analytics
  • Hybrid Installations: Automated Reports, Anomaly Alerts
  • Sufficient Staffing Necessary for an Effective Incident Response Team
  • Roles in a Security Operations Center
  • Develop Key Relationships with External Resources
  • Challenge

Lesson 2: Understanding NSM Tools and Data

  • Introduction
  • NSM Tools
  • NSM Data
  • Security Onion
  • Full Packet Capture
  • Session Data
  • Transaction Data
  • Alert Data
  • Other Data Types
  • Correlating NSM Data
  • Challenge

Lesson 3: Understanding Incident Analysis in a Threat-Centric SOC

  • Classic Kill Chain Model Overview
  • Kill Chain Phase 1: Reconnaissance
  • Kill Chain Phase 2: Weaponization
  • Kill Chain Phase 3: Delivery
  • Kill Chain Phase 4: Exploitation
  • Kill Chain Phase 5: Installation
  • Kill Chain Phase 6: Command-and-Control
  • Kill Chain Phase 7: Actions on Objectives
  • Applying the Kill Chain Model
  • Diamond Model Overview
  • Applying the Diamond Model
  • Exploit Kits
  • Challenge

Lesson 4: Identifying Resources for Hunting Cyber Threats

  • Cyber-Threat Hunting Concepts
  • Hunting Maturity Model
  • Cyber-Threat Hunting Cycle
  • Common Vulnerability Scoring System
  • CVSS v3.0 Scoring
  • CVSS v3.0 Example
  • Hot Threat Dashboard
  • Publicly Available Threat Awareness Resources
  • Other External Threat Intelligence Sources and Feeds Reference
  • Challenge

Module 2: Security Incident Investigations

Lesson 1: Understanding Event Correlation and Normalization

  • Event Sources
  • Evidence
  • Security Data Normalization
  • Event Correlation
  • Other Security Data Manipulation
  • Challenge

Lesson 2: Identifying Common Attack Vectors

  • Obfuscated JavaScript
  • Shellcode and Exploits
  • Common Metasploit Payloads
  • Directory Traversal
  • SQL Injection Cross-Site Scripting
  • Punycode
  • DNS Tunneling
  • Pivoting
  • Challenge

Lesson 3: Identifying Malicious Activity

  • Understanding the Network Design
  • Identifying Possible Threat Actors
  • Log Data Search
  • NetFlow as a Security Tool
  • DNS Risk and Mitigation Tool
  • Challenge

Lesson 4: Identifying Patterns of Suspicious Behavior

  • Network Baselining
  • Identify Anomalies and Suspicious Behaviors
  • PCAP Analysis
  • Delivery
  • Challenge

Lesson 5: Conducting Security Incident Investigations

  • Security Incident Investigation Procedures
  • Threat Investigation Example: China Chopper Remote Access Trojan
  • Challenge

Module 3: SOC Operations

Lesson 1: Describing the SOC Playbook

  • Security Analytics
  • Playbook Definition
  • What Is In a Play?
  • Playbook Management System
  • Challenge

Lesson 2: Understanding the SOC Metrics

  • Security Data Aggregation
  • Time to Detection
  • Security Controls Detection Effectiveness
  • SOC Metrics
  • Challenge

Lesson 3: Understanding the SOC WMS and Automation

  • SOC WMS Concepts
  • Incident Response Workflow
  • SOC WMS Integration
  • SOC Workflow Automation Example
  • Challenge

Lesson 4: Describing the Incident Response Plan

  • Incident Response Planning
  • Incident Response Life Cycle
  • Incident Response Policy Elements
  • Incident Attack Categories
  • Reference: US-CERT Incident Categories
  • Regulatory Compliance Incident Response Requirements
  • Challenge

Exam Information

Students can elect to take the associate-level 210-255 Implementing Cisco Cybersecurity Operations (SECOPS) Exam.

SECOPS Certification Exam 210-255 Details:

  • Number of Questions: 60-70
  • Passing Score: 80%
  • Test Duration: 90 minutes
  • Test Format: Multiple Choice, Multiple Answer, Drag and drop, Testlets, Simlets, Router & Switch Simulations
  • Test Delivery: Pearson VUE

SECOPS Certification Exam Domains:

This exam tests candidates on the following domains:

  • Endpoint Threat Analysis and Computer Forensics
  • Network Intrusion Analysis
  • Incident Response
  • Data and Event Analysis
  • Incident Handling

Subscribe now

Get new class alerts, promotions, and blog posts