Defensive Operations

Build world-class detection and response capabilities

Our Defensive Operations program develops the skilled analysts and engineers your organization needs to run a mature security function. From SIEM tuning to incident response leadership, every module is grounded in real threats, real tools, and real environments.

Duration

5 Days or 8 Weeks

Level

Beginner to Intermediate

Format

In-Person or Virtual

Certifications

CySA+ · GCIH · GCIA

What You Will Achieve

Learning Outcomes

Build and operate a Security Operations Center from the ground up

Analyze logs, network traffic, and alerts for malicious indicators

Apply threat intelligence to strengthen detection coverage

Lead and execute structured incident response engagements

Conduct digital forensic investigations and preserve evidence

Design and tune detection rules aligned to MITRE ATT&CK

Full Curriculum

Course Modules

7 modules

Module 01

SOC Fundamentals

Understand the architecture, roles, and workflows of an effective SOC.

▸SOC tier models, analyst roles, and responsibilities
▸Security tooling ecosystem and technology stack overview
▸Alert triage, escalation workflows, and SLA management
▸SOC performance metrics, KPIs, and continuous improvement

Module 02

Log Analysis and SIEM

Develop deep expertise in collecting, correlating, and acting on log data.

▸Log source identification and normalization strategies
▸Splunk, Microsoft Sentinel, and ELK Stack operations
▸Correlation rule development and use case design
▸SOC dashboard design, alerting, and reporting pipelines

Module 03

Threat Intelligence

Use intelligence to anticipate and preempt emerging threats.

▸Cyber threat intelligence frameworks and lifecycle
▸MITRE ATT&CK: TTPs, threat actor mapping, and detection
▸IOC management, threat feeds, and indicator enrichment
▸Intelligence-driven detection rule development

Module 04

Detection Engineering

Systematically build and continuously improve your detection capability.

▸Sigma and YARA rule development and testing
▸Alert tuning, false positive reduction, and prioritization
▸Purple team exercises and adversary emulation
▸Detection coverage gap analysis and roadmap development

Module 05

Incident Response

Master the full incident response lifecycle from preparation to recovery.

▸IR phases: preparation, detection, containment, and recovery
▸Playbook development and tabletop exercise facilitation
▸Eradication procedures and system hardening post-incident
▸Post-incident review, root cause analysis, and reporting

Module 06

Digital Forensics

Investigate incidents thoroughly and preserve legally sound evidence.

▸Memory acquisition and analysis using Volatility
▸Disk imaging, filesystem forensics, and artifact recovery
▸Timeline reconstruction and event correlation
▸Chain of custody, evidence handling, and legal considerations

Module 07

Malware Analysis

Understand what malicious code does so you can detect and respond effectively.

▸Static analysis: strings, PE headers, and disassembly
▸Dynamic analysis with sandboxing and behavioral monitoring
▸Unpacking, deobfuscation, and anti-analysis bypass
▸Developing behavioral detection signatures from analysis findings

Target Audience

Who Should Attend

SOC analysts at Tier 1, 2, and 3 seeking to advance their careers

IT administrators transitioning into dedicated security roles

Security engineers building detection and response programs

Network administrators developing security operational expertise

Certification Preparation

Certifications Covered

CompTIA CySA+ — Cybersecurity Analyst

GCIH — GIAC Certified Incident Handler

GCIA — GIAC Certified Intrusion Analyst

CompTIA Security+

Ready to begin?

Defensive Operations

Build world-class detection and response capabilities

Book Defensive Operations Training View All Training