SECOPS Certification Training

BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!

Course Overview

Our 5- day, instructor-led SECOPS (Implementing Cisco Cybersecurity Operations) training and certification boot camp in Washington, DC Metro, Tysons Corner, VA, Columbia, MD or Live Online is intended to teach the introductory-level skills and knowledge required for success in a Security Operations Center (SOC) . It will teach you the fundamental skills required to begin a career working as an associate-level cybersecurity analyst in a security operations center.

This course will prepare you for the associate level 210-255® Certification exam.


Currently, there are no public classes scheduled. Please contact a Phoenix TS Training Consultant to discuss hosting a private class at 240-667-7757.


Not seeing a good fit?

Let us know. Our team of instructional designers, curriculum developers, and subject matter experts can create a custom course for you.

Contact Us

Learn more about custom training

Course Outline

Module 1: SOC Overview

Lesson 1: Defining the Security Operations Center

  • Types of Security Operations Centers
  • SOC Analyst Tools
  • Data Analytics
  • Hybrid Installations: Automated Reports, Anomaly Alerts
  • Sufficient Staffing Necessary for an Effective Incident Response Team
  • Roles in a Security Operations Center
  • Develop Key Relationships with External Resources
  • Challenge

Lesson 2: Understanding NSM Tools and Data

  • Introduction
  • NSM Tools
  • NSM Data
  • Security Onion
  • Full Packet Capture
  • Session Data
  • Transaction Data
  • Alert Data
  • Other Data Types
  • Correlating NSM Data
  • Challenge

Lesson 3: Understanding Incident Analysis in a Threat-Centric SOC

  • Classic Kill Chain Model Overview
  • Kill Chain Phase 1: Reconnaissance
  • Kill Chain Phase 2: Weaponization
  • Kill Chain Phase 3: Delivery
  • Kill Chain Phase 4: Exploitation
  • Kill Chain Phase 5: Installation
  • Kill Chain Phase 6: Command-and-Control
  • Kill Chain Phase 7: Actions on Objectives
  • Applying the Kill Chain Model
  • Diamond Model Overview
  • Applying the Diamond Model
  • Exploit Kits
  • Challenge

Lesson 4: Identifying Resources for Hunting Cyber Threats

  • Cyber-Threat Hunting Concepts
  • Hunting Maturity Model
  • Cyber-Threat Hunting Cycle
  • Common Vulnerability Scoring System
  • CVSS v3.0 Scoring
  • CVSS v3.0 Example
  • Hot Threat Dashboard
  • Publicly Available Threat Awareness Resources
  • Other External Threat Intelligence Sources and Feeds Reference
  • Challenge

Module 2: Security Incident Investigations

Lesson 1: Understanding Event Correlation and Normalization

  • Event Sources
  • Evidence
  • Security Data Normalization
  • Event Correlation
  • Other Security Data Manipulation
  • Challenge

Lesson 2: Identifying Common Attack Vectors

  • Obfuscated JavaScript
  • Shellcode and Exploits
  • Common Metasploit Payloads
  • Directory Traversal
  • SQL Injection Cross-Site Scripting
  • Punycode
  • DNS Tunneling
  • Pivoting
  • Challenge

Lesson 3: Identifying Malicious Activity

  • Understanding the Network Design
  • Identifying Possible Threat Actors
  • Log Data Search
  • NetFlow as a Security Tool
  • DNS Risk and Mitigation Tool
  • Challenge

Lesson 4: Identifying Patterns of Suspicious Behavior

  • Network Baselining
  • Identify Anomalies and Suspicious Behaviors
  • PCAP Analysis
  • Delivery
  • Challenge

Lesson 5: Conducting Security Incident Investigations

  • Security Incident Investigation Procedures
  • Threat Investigation Example: China Chopper Remote Access Trojan
  • Challenge

Module 3: SOC Operations

Lesson 1: Describing the SOC Playbook

  • Security Analytics
  • Playbook Definition
  • What Is In a Play?
  • Playbook Management System
  • Challenge

Lesson 2: Understanding the SOC Metrics

  • Security Data Aggregation
  • Time to Detection
  • Security Controls Detection Effectiveness
  • SOC Metrics
  • Challenge

Lesson 3: Understanding the SOC WMS and Automation

  • SOC WMS Concepts
  • Incident Response Workflow
  • SOC WMS Integration
  • SOC Workflow Automation Example
  • Challenge

Lesson 4: Describing the Incident Response Plan

  • Incident Response Planning
  • Incident Response Life Cycle
  • Incident Response Policy Elements
  • Incident Attack Categories
  • Reference: US-CERT Incident Categories
  • Regulatory Compliance Incident Response Requirements
  • Challenge

Exam Information

Students can elect to take the associate-level 210-255 Implementing Cisco Cybersecurity Operations (SECOPS) Exam.

SECOPS Certification Exam 210-255 Details:

  • Number of Questions: 60-70
  • Passing Score: 80%
  • Test Duration: 90 minutes
  • Test Format: Multiple Choice, Multiple Answer, Drag and drop, Testlets, Simlets, Router & Switch Simulations
  • Test Delivery: Pearson VUE

SECOPS Certification Exam Domains:

This exam tests candidates on the following domains:

  • Endpoint Threat Analysis and Computer Forensics
  • Network Intrusion Analysis
  • Incident Response
  • Data and Event Analysis
  • Incident Handling

BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!

Phoenix TS is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints re-garding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site: www.nasbaregistry.org

Subscribe now

Get new class alerts, promotions, and blog posts

Phoenix TS needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.

Download Course Brochure

Enter your information below to download this brochure!