Hero Banner

Certified Security Operations Center (CSOC Part 2) Course

Launch your career as a well-paid SOC specialist & sharpen your capabilities to perform effective SOC management

We have trained over 750 organizations including:

Sharpen your SOC management capabilities substantially & become industry-ready

An intensive training course with content-rich videos spread over 6 detailed modules

Acquire highly in-demand skills to analyse and detect organisational threats

Bolster knowledge with several practical sessions and downloadable learning materials

The Certified Security Operations Center (CSOC Part 2) course covers the design, deployment and operation of the SOC.

Created by deeply experienced practitioners, the course teaches you the skills to analyse and detect threats to an organisation through demonstrations, labs, and lectures.

The course covers the functional areas of Communications, Network Security Monitoring, Threat Intelligence, Incident Response, Forensics, and Self-Assessment. With all the detailed theory and intense practical training it offers, this course is unlike anything else in the market.

Benefits of the Certified Security Operations Center (CSOC Part 2) Course

  • Helps you build the ability to perform SOC responsibilities - a highly lucrative career avenue.

  • Covers all functional areas including Communications, Network Security Monitoring, Threat Intelligence, Incident Response, Forensics, and Self-Assessment.

  • An in-depth course covering fundamentals as well as advanced topics like attack methodologies, SIEM and log management. 

csoc 2 (1)


CSOC (Part 2) Course Learning Objectives:

After completing the CSOC (Part 2) course, you will be able to:  

  • Explain in your own words the basics of a Security Operations Centre, what the SOC team structure should look like and what some of the SOC best practices are.

  • Offer a detailed explanation of the fundamentals of Log Management and Log Management Infrastructure.

  • Articulate what Log Analysis Methodology is. 

  • Explain what is SIEM Architecture, Logs and Events, ArcSight and Log Baselining. 

  • Work with QRadar, its components console tab, dashboard, log activity and QRadar Assets. 

  • Fully comprehend Incident Response Best Practices and Policies, how to create an Incident Response Plan, why and how to conduct Training and Awareness, and what comprises Incident Management. 

  • Define the relationship between Incident Response, Incident Handling, and Incident Management.

Feedback and Testimonials for our Courses

Kevin Hayes
The playbooks training course was a good 'part-2' to the CIPR and went into greater depth in a number of areas. The day was fun and Amar kept us moving along at a good pace.
Kevin Hayes
CISO, Cyber Risk Associates
Russ Smith

Enjoyed the course. Good mix of attendees and plenty of lively conversation. Amar steered us through it all admirably.

Russ Smith
Kim Rose

Overall the course was very good. I would strongly recommend this training to anyone who is involved in Cyber Security or has control of information assets.

Kim Rose
Information Governance Officer, Wye Valley NHS Trust
Philipp Scheiwiler

It was a great workshop with a lot of interesting people and a great learning experience.

Philipp Scheiwiler
System Engineer
Andrew Lock
This was a very helpful day and opportunity to speak with a number of operational incident responders to discuss what really works in practice and not just in theory. I gained a great deal from the day, particularly around the construction of bespoke playbooks and also a variety of useful resources to inform my learning. A really good day.
Andrew Lock
Information Security Consultant

CSOC Part 2 Course Modules 

Module 1 - SOC
  • Introduction to SoC

  • SoC Team Structure and types of SOC

  • Threats for the organisation
Module 2 - Log Analysis
  • Introduction to Log Management

  • Log Management Infrastructure

  • Log Analysis Methodology

  • Log Handling
Module 3 - SIEM
  • Introduction to SIEM 
Module 4 - QRadar
  • Introduction to QRadar

  • QRadar Components Console Tab

  • QRadar Dashboard

  • QRadar Log Activity, QRadar Network Activity, QRadar Offenses, QRadar Assets and QRadar Report
Module 5 - ArcSight
  • Introduction to ArcSight

  • ArcSight ESM
Module 6 - Incident Response
  • Introduction to Incident Response

  • Incident Response Methodology

All trademarks, service marks, trade names, product names, service names and logos appearing on the site, or on printed or digital material are the property of their respective owners, including in Cyber Management Alliance Ltd. Any rights not expressly granted herein are reserved.

Building and Optimising Incident Response Playbooks

Find out more about our one day public courses or internal workshops, please complete the form below. 

  • callOr call us on:
  • +44 (0) 203 189 1422