Overview
Security Operations and the Defense Analyst is the third course in this path and includes important concepts that can be the foundation of a career as a Defense Analyst in a SOC. This course is complemented by interviews with Splunk Security champions who provide additional insight into the analyst role and life in the SOC.
This is an e-learning course that combines videos with activities and knowledge checks. A quiz is available at the end and is required to complete the course.
Estimated completion time: 2 hours.
Prerequisites
It is recommended to have a basic understanding of common cyber technologies and concepts including:
- OSI Model
- Networking concepts and common security tools
- Common Operative Systems like Windows and Linux
Course Objectives
At the end of this course you should be able to:
- Describe a typical Security Operations organization
- Summarize the organization of a typical SOC
- Explain the role of the Cyber Analyst and the tasks belonging to Analyst, Engineer and Architect roles
- Describe common performance measurements for Analysts like dwell time, MTTD, MTTR, and how analysts can help define which metrics will be used.
Outline
Cybersecurity Operations
- Introduction
- Interview with Splunk Advanced Response Team Manager, Tony Iacobelli
The Security Operations Center (SOC)
- Introduction
- Common Technologies
- Roles and Responsibilities
- Interview with Security Strategist, Haylee Mills
The Cybersecurity Defense Analyst
- Who is the Defense Analyst?
- Interview with Director of Splunk Security Interlock, Katie Brown
Measuring Success
- Common SOC Metrics
- Interview with Tony I. and Katie B.
Words of advice from Splunk Security champions