Strategic SOC Training for Tomorrow’s Threats.
Course Description
This is an advanced SOC analyst course that goes beyond basic alert triage and incident handling, equipping you with advanced techniques for host and network-based triage and adversary tracking.
By the end of this course, you will be able to:
-
Analyze and correlate security events to detect sophisticated cyber threats.
-
Leverage threat intelligence for proactive defense and adversary profiling.
-
Leverage advanced analysis tools for host, binary, and network analysis.
-
Understand MITRE ATT&CK, TTPs, and adversary emulation for predictive defense.
-
Understand strategic methodologies for building and advancing SOC teams.
-
Understand advanced SOC analytical practices for improved analysis efficiency.
Your Instructor - Jonny Johnson
Founder of Johnson Security Research LLC and Principal EDR Product Researcher at Huntress.
Formerly:
-
Sr. Detection Engineering Consultant at SpecterOps
-
Sr. Threat Researcher at RedCanary
-
Sr. Threat Researcher at BinaryDefense
Interests: Windows Internals, Extracting and Exposing Telemetry, Reverse Engineering, Detection Engineering
Open-Source Author/Contributor: Atomic Test Harnesses, The Defender’s Guide, MSRPC-To-ATT&CK, TelemetrySource, JonMon
"As someone who's worked side-by-side with Jonny his consistent ability to communicate nuanced security concepts sets him apart. His talks blend Windows internals, contagious enthusiasm, and actionable detection content. After each talk I left feeling smarter and better equipped to approach my own work. I can’t recommend Jonny’s trainings enough for anyone with the opportunity."
"Jonathan brings his years of Windows expertise and experience developing defensive solutions to the forefront in his teaching. The breadth of his background and care towards each student creates a positive learning environment for anyone who takes his course."
"Jonathan Johnson’s content is the perfect blend of deep technical research and real-world program-building wisdom. He not only demystifies adversarial tradecraft and telemetry, but also shows how to translate detection concepts into a scalable, strategic vision for maturing security programs. It’s rare to find someone who can bridge that gap so effectively."
The course will be instructed live over 4 days with a capstone exam on the 4th day.
-
Day 1 - SOC Methodology
-
Day 2 - Introduction to Alert Investigation & Host-Based Alerting
-
Day 3 - Network-Based Alerting
-
Day 4 - Advanced SOC Processes & Capstone
Content is still in development. You can expect the following days below and more specific labs and lectures will be updated soon.
Live instruction is capped to 25 students maximum.
Each day of class will be 7-8 hours including breaks. You will go through lectures and labs. The days will be very practical lab heavy.
Please plan accordingly.
You will retain access for 1 week after the live course ends.
A full time table will be provided closer to the start date.
This course is targeted at SOC Tier 1 Analysts and up, as well as Technical Leadership that is supporting, managing, or any role adjacent to Security Operations.
At a technical level we recommend to have at least completed:
And to be familiar with the content at a minimum in:
Help is provided during class and in your private Discord channels for the duration of your training and up to 1 week after.
Your channel will be in the Level Effect Discord community.
We're still finalizing cost, but anticipate this to be in line with full-time 4-day live advanced Cybersecurity Training courses! And no, not the overpriced ones.
FAQ
-
What hardware do I need?
All you need is a browser.
We provide the rest on our learning platform over at https://training.leveleffect.com with all virtual machines and lab time provided.
-
How do lab hours work?
Enough lab hours are provided for full in-depth learning of the content. If you need any more hours added during the duration of your training we can top you up at no charge.
-
What if I build my own lab?
You could, and we encourage you to apply what you've learned in your home lab! We don't officially provide support to your home lab however and expect you to be familiar with what is required in setting it up.
We also do have a #home-lab channel in Discord for general chat and support with the community.