<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=325921436538399&amp;ev=PageView&amp;noscript=1">
Skip to the main content.
Contact Us Join our Discord
Contact Us Join our Discord
Facebook Instagram Linkedin X YouTube Medium

Cyber Defense Analyst (CDA) Program

LIVE INSTRUCTOR-LED

SOC Tier 1 to 2 Training

REGISTER NOW!

The Why Behind the Course

Unsatisfied with generic and costly bootcamps promoting cybersecurity being entry-level (it's not), we saw a gap in training for mid-level expertise.

We created a true-to-life trade school experience and crafted the Cyber Defense Analyst Program to be challenging yet direct, focusing on essential, on-the-job skills rather than unnecessary fluff.

In this program, you're more than a student; you're a Cybersecurity Analyst put in a SOC setting, tackling real malware and security challenges faced by today's enterprises - and not just memorizing theory.

 

 

The next Live Cyber Defense Analyst Program starts in:

00

days

00

hours

00

minutes

00

seconds

Fall 2025

August 4th - November 6th

Winter 2025

Date TBD

Course Description

Through hands-on labs, real attacks, simulations, and practical instruction, students learn the exact skills needed to confidently perform Tier 1 and Tier 2 Security Operations Center (SOC) analyst duties. You'll then work as a SOC Analyst for several weeks in our Virtual SOC (Security Operations Center) to prove it.

The curriculum covers threat detection, incident response, malware analysis, digital forensics, and more, culminating in a realistic Virtual SOC capstone series of incident reports to complete.

Graduates leave with industry-recognized training & certifications, real-world experience, and a robust portfolio of cyber defense projects. 

CDCP_44_Transp

 

Graduates of this program will be prepared to operate within a Security Operations Center (SOC) at both Tier 1 and Tier 2 levels.

You will also be capable of monitoring and analyzing security events, managing incidents, and performing in-depth analysis of complex threats and vulnerabilities.

Note - we've successfully trained students from 0 experience to Tier 2+ SOC Analysts, including Senior Threat Hunters over the past several years. Our training outcomes can improve many adjacent Cybersecurity & IT roles.

  • Complete SOC100-1, SOC100-1 exam (attempts included in SOC100-1), and the SOC100-2 content at a minimum. Ideally all SOC100 content is recommended though.

  • Strong interest and commitment to learning cybersecurity concepts and practices.

  • 0-1 year of IT-related experience, either self-taught or professional, is recommended but not required.

  • Basic computer skills.

  • Students that want to develop SOC Tier 1 to 2 incident response skills

  • Students that benefit from learning in an interactive live class environment instead of self-paced content, and prefer a personalized and tailored ability to ask questions with immediate feedback or clarification on concepts.

  • Those interested in developing report writing and live presentation skills with  feedback provided immediately, or interested in feedback on your assignments submitted including an in-depth VSOC report review.

  • Brand new students to IT/Cybersecurity, or career changes that want to benefit from technical 1 on 1s and mock interviews, and career support services.

  • Review the feature comparison table below compared to Live Instructed CDA

$5000 for Instructor-Led version for 14 weeks

Yes, our pricing might surprise you compared to other bootcamps. But here's the thing: we're not a bootcamp. We evolved from that initial label into something more unique – a trade school focused on the essence of cybersecurity. Discover our roots in our recorded origin story.

Our latest curriculum cuts to the chase: hands-on, technical skills for real-world application. Immerse yourself in our virtualized SOC, a true-to-life simulation of your future role. Forget outdated objectives and bloated disconnected content. There's no need to pay for 2-3 weeks in python and 2-3 weeks in compliance and 2-3 weeks in "ethical hacking" to perform SOC Analyst Tier 1 and 2 work. This is learning with purpose.

If your goal is to earn a cybersecurity degree, our Cyber Defense Analyst Program is a good pit stop.

Purdue University Global recognizes our Cyber Defense Analyst Program as having the material to cover 59 credits toward their Bachelor of Science in Cybersecurity degree.

🔗 Bachelor of Science in Cybersecurity Credit Mapping Link

🔗 CDA Credit Mapping Link

 

purdueglobal-stacked_RGB_wht-gld_xl

 

The Cyber Defense Analyst Program is an intensive program aligned to the NIST workforce roles for Protection & Defense. Learn the skills you'll need to be a SOC analyst—by doing the job.

  • Defensive Cybersecurity

  • Digital Forensics

  • Incident Response

  • Infrastructure Support

  • Insider Threat Analysis

  • Threat Analysis

  • Vulnerability Analysis

0

Hours+

0

Units+

0

Hands-on Labs

Curriculum

CDA is taught over a series of grouped modules. You may view the full curriculum clicking here.

NOTE: CDA Live contains additional challenges, capstones, report writing, and in-class only content per module. This equates to approximately another 100 hours of content from CDA.

It is content meant to reinforce. It does not introduce new concepts from CDA itself on-demand.

SUMMARY

The first portion of the course has you develop your SOC Analyst Triage competencies. This is where you learn how to respond to active incidents and resolve them.

Given a network, email, or endpoint event or incident that has cyber threat-like behavior - you will know how to validate, triage, contain, and remedy it. 

Expect this portion to take 6 weeks.

MODULES

  • Network Traffic Analysis

  • Email Security

  • Advanced Windows Triage

  • Log Analysis

 

SUMMARY

The second portion of the course are competencies to layer on top of your developed triage skills.

They take you further than the triage level and develop your ability to research, compile, and deliver intelligence that would be beneficial in preventing the given threat or similar ones like it. You will learn how to communicate this to technical and non-technical stakeholders. 

Expect this portion to take 3 weeks.

 

MODULES

  • Cyber Threat Intelligence

  • Adversary Tactics & Vulnerability Mitigation

  • DFIR (Digital Forensics & Incident Response)

 

We then want you to go through the Virtual SOC.

This is approximately 5 weeks worth of work to complete "on then job".

You will be given your own complete SOC to work from with a series of incident tickets to complete entirely on your own.

You will then have to validate your findings and write full incident reports. This is to gain experience on top of the education so that you:

  • Gain experience triaging alerts in a case management platform mirroring the duties of a Cybersecurity Analyst in the real world

  • Gain experience triaging alerts entirely on your own, proving that you can indeed perform the work required in entry-level cybersecurity tasks

Finally, to make sure you're really capable we put it all together to the test with an exam that is manually reviewed by Instructors.

Take on our signature CDCP exam post-graduation: a one-week, all-practical challenge, reflecting everything from the Cyber Defense Analyst Program. No multiple-choice—just real-world tasks.

Your course includes two attempts.

Conquer the challenges, craft detailed reports, and submit them for personalized instructor feedback. Dive in, apply your knowledge, and prove your expertise.

Here is a link to the badge you'll earn.

REPORT WRITING

Throughout the course you will continuously be developing one of the most undertrained and underdeveloped areas of Cybersecurity Analysts - report writing. 

Expect to write reports for digital forensics and incident response (DFIR) scenarios along the lines of:

  • Compromised Network Traffic

  • Compromised Hosts

  • Malicious Binaries & Executables

  • Log & Event Attack Patterns

  • Malspam & Email Phishing

  • Adversary Capabilities & Incidents

  • And more!

 

HOME LAB

For career prep you are expected to build out a home lab in SOC100-1 as a pre-req and will then be provided with many challenges to fill in a portfolio. 

You may also get plenty of support in our Discord working with us and others to build both your report writing and portfolio presentation!

Course Content

Below are examples of the content students will go through and be able to complete on their own during the course. CDA Live includes report presentations to Instructors as seen in the first few images.

2EmailClassPresentingFindings-enhance-1x
Student incident report presentation in class on an Email Security based challenge.
5AdversaryTacticsClassPresentingVulnMitigation-enhance-1x
Student incident report presentation in class on a Vulnerability Management challenge.
7IRPresentingIncidentResponseFindings-enhance-1x
Student incident report presentation in class on a Compromised Windows Host challenge.
1
Following TCP activity tracking down initiations and establishments of session activity.
2
Samples of the types of questions students will be able to answer during malware traffic analysis exercises.
3
We provide full capstones for you to do on your own including walkthroughs of some of them afterwards to compare your reports against.
4
Isolating malicious registry activity commands within the "strings" of binaries and executables during triage.
5
Sample types of questions students will answer performing compromised endpoint triage.
6
Correlating parent and child relationship information including path analysis of binaries and dependencies of suspect processes.
7
Utilizing ELK to trace PowerShell processes that contain command line activity to vet suspect event logs.
8
Performing adversary emulation exercises to simulate their tactics, techniques, and patterns whereby students will hunt for this activity after.
9
Utilizing cyber threat intelligence sharing platforms to research attack patterns and related attack lifecycle activity.
10
Analyzing phishing email campaign activity during full compromise.
11
Analyzing how malware persistence mechanisms can be placed within the Windows registry manually. Students will carry out this attack to learn more.
12

Students will actually carry out their own phishing campaign attack step by step to understand how these attacks occur.

13
Performing proxied HTTP request analysis to determine where vulnerabilities can lie within common network traffic requests.
14
Examining student crafted malicious malware loader code.
15
Preparing vulnerability finding reports and providing validation and remediation steps for student findings.
16
Working inside the virtual SOC with a dashboard of tickets waiting to be resolved similar to being on the job!
17
Sample types of questions students will answer in the virtual SOC in order to pass this module. You can't guess these answers. You must know how to resolve the incidents.

On-Demand vs Live Comparison

CDA On-Demand (Self-Paced) CDA Live (Instructor-led)
Features
Course Access Time
Lifetime
Lifetime
Technical & Virtual SOC Syllabus
The technical content is exactly the same between on-demand and live.
Everything in on-demand plus more report and group challenges per module.
Career Prep Syllabus
Everything in on-demand plus resume reviews & LinkedIn reviews, and mock interviews.
Cyber Range Access
200 hours included, additional can be purchased after
Unlimited during cohort, additional can be purchased after
CDCP Attempts Included
2
2
Private Discord Channels
Support & Help Requests
Students can submit help tickets within a private Discord channel. We'll respond within 1-2 business days at most.
First priority support
Awards 59 Credits towards a Bachelor of Science in Cybersecurity at Purdue University Global
Live Instructor Led Classes
The technical content will be the same between the two. The difference with CDA Live is that instructors lead four classes per week instructing some of the harder content per module, and taking questions and answers.
SOC Manager Live Review Class
During the Virtual SOC weeks, an instructor will conduct walkthroughs with the class with Q&A provided once per week.
Individual & Group Presentations with Live Feedback
Live Technical 1 on 1s
Live 1 on 1s are technical interviews for SOC Analyst 1 and 2 roles.
Live Career Support
A port of the first several weeks in live is dedicated to group career support discussion, with Q&A.
Mock Technical Interviews, Resume & LinkedIn Reviews
See below
Personalized Feedback on VSOC Report Submissions
Recordings of Live Classes from Cohort
Each live class in a cohort is recorded. The CDA Live students will have access to their cohort recordings forever.
Cost
$499 Launch Rate! (will go up later!)
$5000
Financing Plans
We have financing plans available through Klarna and Affirm. More details coming soon.
Yes - Monthly, Buy Now Pay Later
Yes - Monthly, Buy Now Pay Later
Upgrade to Live
Pay the difference of what you paid versus $5000 to partake in the next available cohort with all the benefits included.
 N/A

 

Frequently Asked Questions