SUTDLogoDark2x

(SCTP) SOC (Security Operations Center) Analyst

Overview
Programme Outline
Course Fees and Funding
Policies and Financing Options

Programme Outline
Learning Objectives

By the end of the program, participants will have acquired these learning outcomes, enabling them to apply their skills and knowledge in various job roles such as security analyst, incident responder, network administrator, forensic investigator, and vulnerability assessment and penetration testing analyst.

 

•    Understanding of Information Security: Learners will gain a solid understanding of information security principles, the importance of confidentiality, integrity, and availability, and how to apply these principles to protect systems and data.

 

•    Proficiency in Virtualization Technologies: Participants will acquire practical knowledge of virtualization technologies, including the ability to install and configure virtual environments for testing and experimentation purposes.

 

•    Mastery of Network Fundamentals: Learners will develop a strong foundation in networking concepts, protocols, and models, and will be able to analyze network traffic using tools like Packet Tracker and Wireshark.

 

•    Competence in Operating Systems: Participants will gain proficiency in managing Windows operating systems, including user and group management, server roles, and group policy administration. They will also acquire skills in Linux operations, including file system management, package management, and network configuration.

 

•    Scripting and Automation Skills: The program equips learners with scripting skills using PowerShell, enabling them to automate administrative tasks and perform security-related tasks efficiently.

 

•    Understanding of Cloud Security: Participants will gain knowledge of cloud computing models, their security considerations, and practical experience with Azure services and tools.

 

•    Expertise in Security Operations Center (SOC) Services: Learners will acquire knowledge of SOC types, rules, playbooks, and IP investigation techniques using public tools.

 

•    Proficiency in Incident Response Planning: Participants will develop the skills necessary to create and implement incident response plans, effectively detect and respond to security incidents, and conduct forensic investigations.

 

•    Ability to Analyze Logs and Perform Investigations: Learners will gain expertise in log analysis, dynamic and static analysis techniques, and endpoint detection and response. They will also acquire skills in vulnerability management and detection.

 

•    Competence in Security Information and Event Management (SIEM) Systems: Participants will gain practical experience in log collection, analysis, and dashboard creation using SIEM tools like Wazuh.

 

•    Understanding of Web Application Security and Data Loss Prevention: The program covers topics such as web application firewalls (WAF), Mod Security, data loss prevention techniques, and investigating data leakage incidents.

 

•    Proficiency in Digital Forensics: Learners will gain knowledge and skills in evidence handling, file system analysis, malware analysis (static and dynamic), memory forensics, network forensics, and forensic reporting.

 

•    Programming Skills: The program introduces programming concepts, including control flow, functions, and object-oriented programming, providing learners with a solid foundation in programming languages relevant to cyber security.

1. Introduction (Introduction to Security Operation Center Analyst)

Provides an essential foundation for understanding information security. Upon completing, students will have gained a solid understanding of information security principles, including the significance of SOC and the fundamental concepts of Confidentiality, Integrity, and Availability (CIA) to protect sensitive information effectively.

2. Virtualization (Understanding Virtualisation)

Upon completing , students will have acquired comprehensive knowledge of virtualization technologies, gained practical experience in installing VirtualBox, and developed the skills to create and configure VMs efficiently.

3. Networking (Networking Essentials for Security Professionals)
Upon completing , students will gain a comprehensive understanding of networking principles and technologies. They will proficiently work with Wireshark to analyze network traffic, grasp OSI and TCP/IP models, and configure services like DHCP, DNS, HTTP/HTTPS, and FTP. Students will have hands-on experience with Packet Tracker and Wireshark labs for effective network traffic visualization and troubleshooting.
4. Windows (Windows Security Essentials)
Upon completing , students will have a strong grasp of Windows OS, utilities, users and groups management, file formats, and native processes. They will understand server roles, Active Directory, and group policies, gaining hands-on experience with administrative and GPO templates for effective Windows server administration.
5. Windows Scripting (Windows Scripting for Security Automation)
Upon completing , students will have a comprehensive understanding of scripting in Windows environments. They will distinguish between PowerShell and CMD, comprehend administrative privileges, and navigate effectively within PowerShell. Students will learn about PowerShell Cmdlets, Snapins, and Modules, as well as PowerShell Remoting for remote management. They will gain practical knowledge of scripting syntax, variables, data types, and script flow control statements, ensuring their ability to execute scripts securely and perform various administrative tasks using PowerShell.
6. Windows Attacks (Windows Attack Mitigation Strategies)
Students will possess knowledge of various techniques used to exploit Active Directory vulnerabilities. They will understand the concepts and methodologies behind attacks such as Pass the Hash, Pass the Ticket, Password Spraying, Golden Ticket, and DCShadow. With this knowledge, students will be well-equipped to identify and mitigate potential security risks associated with Active Directory systems, ensuring better defense against these targeted attacks.
7. Linux (Linux Security Fundamentals)
The learning outcome of this comprehensive module is to equip students with the necessary knowledge and skills to proficiently manage Linux servers. Upon completing , students will grasp Linux distributions, shell usage, essential commands, file systems, and file manipulation. They’ll gain proficiency in remote access through SSH, managing STDIO, and text processing with grep. Additionally, the module covers Linux networking, package management, user and group administration, file permissions, compression, and SSH protocol with emphasis on keys vs passwords for secure authentication.
8. Cloud Environment (Navigating Cloud Security)
The module’s learning outcome is to provide students with a comprehensive understanding of cloud computing, covering various cloud models (Public/Private/Hybrid) and types (IaaS/PaaS/SaaS). Upon completion, students will be proficient in using Azure services, managing Virtual Machines, accounts, and subscriptions, and leveraging tools like Azure Portal, PowerShell, and CLI & Cloud Shell. Moreover, they will become familiar with Office 365, Azure Compute, Containers, and Logic Apps, empowering them to confidently navigate and utilize cloud environments for diverse purposes and applications.
9. Security Operation Center (SOC) (Demystifying Security Operation Centers)
Module provides students with a comprehensive understanding of SOC’s importance, data enrichment, incident response, and attack investigations. Upon completion, students will be proficient in SOC services, types, rules, and playbooks, IP investigations, MITRE Attack tactics, sandbox solutions, and incident response planning following NIST 800-61 guidelines. Practical lab exercises cover Denial of Service, phishing, malware, ransomware, and RAT investigations.
10. Malware Analysis (Malware Analysis: Unraveling Cyber Threats)

Module focuses on providing students with an in-depth understanding of log analysis and both dynamic and static analysis techniques. Upon completing this module, students will have a comprehensive knowledge of various log types, including OS, application, and audit logs, and the skills to collect and investigate logs effectively. Practical lab exercises will involve Apache logs investigation and attack identification. Additionally, students will learn the differences between dynamic and static analysis, and they will gain hands-on experience using tools like PeStudio, Red Line, IDA for file analysis, and Sysinternals tools such as Process Explorer, Process Monitor, and TCPView. They will also conduct lab exercises involving Sysinternals investigation and PML file investigation to analyze ransomware.

11. SIEM (SIEM for Security Intelligence)

Module covers SIEM fundamentals, Wazuh installation, and Rule Creation & Fine Tuning. Students will learn about SIEM types, data collection (Syslog, CEF, API), Wazuh Architecture, and Configuration, with labs for Log Collection and Kibana Query Language. They’ll gain expertise in Rule Definition, Creation, and utilizing Dashboards, including a Mitre Attack Dashboard for multiple attacks.

12. Proactive Technologies (Proactive Security Technologies)
Module introduces students to Web Application Firewall (WAF) and Data Loss Prevention (DLP). Upon completing this module, students will gain a comprehensive understanding of WAF and its use, specifically focusing on Mod Security. They will also learn about Data Loss Prevention, exploring data leakage channels and data classification. Practical lab exercises will involve investigating an infected endpoint that sent data outside, reinforcing their ability to apply proactive measures and technologies to secure web applications and prevent data loss effectively.
13. Forensics (Forensic Investigations)
Upon completing this module, students will understand the concept of digital forensics, the importance of evidence, and the evidence life cycle. They will gain expertise in handling files and file systems, identifying common artifacts in digital forensics, and analyzing malware statically and dynamically. Students will learn about different persistence mechanisms, MITRE Attack tactics, LOLBINS, memory forensics with Volatility, disk and filesystem analysis, network forensics, and packet analysis. Practical aspects include creating a forensic report, using forensic hardware, hardware write/blockers, processing a scene, and utilizing forensic software. Additionally, students will develop skills in file signature analysis and email analysis to carry out comprehensive digital investigations effectively.
14. Python Programming (Python Programming for Security Analysts)
Upon completing this module, students will be familiar with programming concepts, how code works, and using an integrated development environment (IDE) for Python development. They will have a strong grasp of basic and advanced data types, control flow, loops, and the concept of modules and imports. Additionally, students will gain practical experience in writing functions, exploring Object-Oriented Programming (OOP) principles, and understanding Functional Programming and Lambda functions for efficient Python coding.
Tags
SkillsFuture Career Transition Programme (SCTP)
What’s next

Find out more

Mailing list

Subscribe to our mailing list and learn about the latest developments in SUTD Academy.

Get in touch

Submit an enquiry or schedule a call with our friendly team at +65 6499 7171.

Tags
SkillsFuture Career Transition Programme (SCTP)