About Course

*Instructor-led Classroom Training &
*Instructor-led Online / Hybrid Training

The Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0 course teaches you security concepts, common network and application operations and attacks, and the types of data needed to investigate security incidents. In this course, you will learn how to monitor alerts and security breaches and how to understand and follow established procedures for responding to alerts that have been turned into incidents. Through a combination of lecture, hands-on exercises, and independent study, you will learn the essential skills, concepts, and technologies to contribute as a member of a Cybersecurity Operations Center (SOC), including understanding IT infrastructure, operations, and vulnerabilities. This course will help you prepare for the Cisco Certified CyberOps Associate certification and the role of a junior or entry-level cybersecurity operations analyst in a SOC.

Duration: 5 days

Prerequisites

Before attending this course, you should have the following knowledge and skills:

  • Familiarity with Ethernet and TCP/IP networks
  • Working knowledge of Windows and Linux operating systems
  • Familiarity with the basics of network security concepts

The following Cisco course can help you gain the knowledge you need to prepare for this course:

  • Implement and manage Cisco solutions (CCNA®)

Course objectives

After attending this course you should be able to:

  • Explain how a SOC works and describe the different types of services provided from the perspective of a Tier 1 SOC analyst.
  • Explain the Network Security Monitoring (NSM) tools available to the network security analyst.
  • Explanation of the data available to the network security analyst.
  • Description of the basic concepts and applications of cryptography.
  • Description of security gaps in the TCP/IP protocol and how these can be used to attack networks and hosts.
  • Understanding common security technologies for end devices.
  • Understand the kill chain and diamond models for incident investigation and the use of exploit kits by threat actors.
  • Identification of resources for cyber threat hunting.
  • Explain the necessity of normalizing event data and event correlation.
  • Identification of the usual attack vectors.
  • Identification of malicious activities.
  • Recognize suspicious behavior patterns.
  • Conduct security incident investigations.
  • Explain the use of a typical playbook in the SOC.
  • Explain the use of SOC metrics to measure the effectiveness of the SOC.
  • Explain the use of a workflow management system and automation to improve the effectiveness of the SOC.
  • Description of a typical Incident Response Plan and the functions of a typical CSIRT.
  • Explanation of the use of VERIS to document security incidents in a standard format.
Show More