Curriculum
Security Operations Center (SOC) Fundamentals - From Monitoring to Mitigation
Module 1: Introduction to Security Operations
0/6
Module 2: Core SOC Technologies and Architecture
0/6
Module 3: Log Management and Event Correlation
0/5
Lab 1: Log Analysis and Correlation Techniques
0/2
Module 4: Threat Detection and Investigation
0/4
Case Study Assignment
0/1
Module 5: Incident Response and Ticketing
0/5
Module 6: SOC Metrics, Reporting, and Compliance
0/4
Module 7: Hands-On Lab - Simulated SOC Environment
0/2
Module 8: Career Path and Industry Tools
0/4
Final Assessment
0/1
Text lesson
Case Study Assignment
Title: Research Assignment: Dissecting a Real-World Breach
Assignment Format:
Students will choose (or be assigned) a well-documented cybersecurity incident (e.g., SolarWinds, Target POS breach, Colonial Pipeline, Uber breach, Equifax, etc.) and prepare a 2-page technical analysis report.
Assignment Requirements
Sections to Include:
- Overview of the Incident
- What happened, when, and how it was discovered
- Initial Attack Vector
- Technical detail on the point of entry (e.g., phishing, supply chain, VPN, misconfiguration)
- MITRE ATT&CK Mapping
- Identify techniques and tactics used (e.g., T1566.001, Spearphishing Attachment)
- Log Artifacts and Detection Possibilities
- What artifacts would have appeared in a SOC (logs, alerts)?
- How could a SIEM or EDR have detected this earlier?
- Response Timeline
- How was it contained, and what were the key mistakes or wins?
- Lessons Learned / Prevention Steps
- What technical controls could prevent recurrence?
- What monitoring or alerting gaps existed?
Evaluation Focus:
- Technical depth of research
- Correct MITRE mappings and timeline logic
- Ability to identify missed detection opportunities
- Clarity and precision of written analysis