Implementing Cisco Cybersecurity Operations (SECOPS) v1.0 training allows learners to understand how a Security Operations Center (SOC) functions and the introductory-level skills and knowledge needed in this environment. Students in this course obtain the core skills needed to grasp the associate-level materials in the 210-255 SECOPS exam, which when combined with passing the 210-250 SECFND exam, leads to the Cisco CCNA Cyber Ops certification.

This course focuses on the introductory-level skills needed for a SOC Analyst at the associate level. Specifically, understanding basic threat analysis, event correlation, identifying malicious activity, and how to use a playbook for incident response


Upon completion of this course, you will have the skills and knowledge to:
  • Define an SOC and the various job roles in an SOC
  • Understand SOC infrastructure tools and systems
  • Learn basic incident analysis for a threat-centric SOC
  • Explore resources available to assist with an investigation
  • Explain basic event correlation and normalization
  • Describe common attack vectors
  • Learn how to identify malicious activity
  • Understand the concept of a playbook
  • Describe and explain an incident respond handbook
  • Define types of SOC metrics
  • Understand SOC Workflow Management system and automation


This course contains the following components:
  • SOC Overview
    • Defining the Security Operations Center
    • Understanding NSM Tools and Data
    • Lab: Explore Network Security Monitoring Tools
    • Understanding Incident Analysis in a Threat-Centric SOC
    • Lab: Investigate Hacker Methodology
    • Lab: Investigate Hacker Methodology
    • Identifying Resources for Hunting Cyber Threats
    • Lab: Hunt Malicious Traffic
  • Security Incident Investigations
    • Understanding Event Correlation and Normalization
    • Lab: Correlate Event Logs, PCAPs, and Alerts of an Attack
    • Identifying Common Attack Vectors
    • Lab: Investigate Browser-Based Attacks
    • Identifying Malicious Activity
    • Lab: Analyze Suspicious DNS Activity
    • Identifying Patterns of Suspicious Behavior
    • Lab: Investigate Suspicious Activity Using Security Onion
    • Conducting Security Incident Investigations
    • Lab: Investigate Advanced Persistent Threats
  • SOC Operations
    • Describing the SOC Playbook
    • Lab: Explore SOC Playbooks
    • Understanding the SOC Metrics
    • Understanding the SOC WMS and Automation
    • Incident Response Plan
    • Appendix A - Describing the Computer Security Incident Response Team
    • Appendix B - Understanding the use of VERIS

Prerequisite Knowledge

The knowledge and skills that a learner is expected to have before attending this course are as follows:

Associated certifications

  • CCNA Cyber Ops Certification