Join us at the Blue Team Summit! Register Here

Foundations of Security Operations with Hayden Covington

Course Authored by .

Foundations of Security Operations with Hayden Covington

Foundations of Security Operations will take you from the ground floor of “What is a SOC” to “How to detect and investigate a multi-stage attack”.

On-Demand $575.00

Course Length: 16 Hours

Includes a Certificate of Completion



Enroll Now

Next scheduled date: WWHF Deadwood 2025 - Link at bottom.

Description

Foundations of Security Operations will take you from the ground floor of “What is a SOC” to “How to detect and investigate a multi-stage attack”.

Have you ever wondered what it would be like to work in a SOC? Do you manage a SOC and want a better understanding of what goes on within? Or maybe you want to experience Elastic and how it can be used for threat detections and analysis?

Throughout the course you will gain an understanding of key functions of a SOC and it’s tools, specifically its SIEM and ticketing systems. You’ll learn how they work under the hood and how to bend them to your will. These fundamentals will build upon themselves until you find yourself writing custom sequence detections and investigating them when they fire.

Foundations of Security Operations has a good mixture of fundamental knowledge with the freedom to apply that knowledge at a more advanced level for more experienced analysts. As different functions within a SIEM are covered there is leeway for those with more experience to branch out and build on the basics of the labs.

By the end of the course, you will have a fully functioning SOC of your very own, lacking only in analysts (besides yourself). You’ll be given resources on how to further improve your SIEM should you wish. Lastly, you will be able to tell interviewers that you single-handedly stood up a SOC’s infrastructure.

System Requirements
  • Hardware/Software Requirements
    • A computer with either VMWare Player or Workstation
    • A computer with the ability to run a VM for labs with the following specs: 4 GB RAM, 2 Core CPU, 60 GB of storage
    • (Optional) Labs can be performed on the host laptop (Instructions are provided for how to accommodate this approach, with pre-requisite installations needed before the class starts)

Syllabus

    • Part 1: SOC, Ticketing Systems, and Jira

    • Part 2: SIEMs, Elasticsearch, and Query Languages

    • Part 3: Detection Engineering, Testing, and Tuning

    • Part 4: Investigation Fundamentals, SOC Tickets, and Practical Application

FAQ

Key Takeaways
Foundations of a SOC
SOC Tools and Operations
Ticketing System Offerings
Jira and Opsgenie configurations
What SOC life is like, both the good and the bad
Security Information and Event Management (SIEM) Offerings
How to Navigate and Use Elasticsearch and Elastic SIEM
Elasticsearch Query Languages
How to Write a good Query
Detection Engineering and Tuning
Detection Tuning Risk Management
Mapping Your Detections to MITRE ATT&CK
Testing Detections with Atomic Red Team (ART)
SOC Investigation Fundamentals
How to Investigate a SOC Ticket When You’re Stuck
How to Write a Good SOC Ticket
How to Investigate Common Event Modules
How to use Elastic Timelines, Cases, and Dashboards for Your Investigations
Investigating Multi-Stage Attacks
Open-Source Detections
How to Improve Your SOC After the Course
How to Apply the Course Learnings to Your Career
Who Should Take This Course
SOC engineers, managers, analysts, or those wanting to work in a SOC
Anyone wanting to learn how to configure Elastic and Jira
Anyone wanting to learn how to work in Elastic or Jira
Anyone wanting to learn how to investigate threat activity in a SIEM
Anyone wanting to know how to write, tune, and test threat detections
Student Requirements
Basic understanding of Windows operating systems
Basic understanding of security fundamentals (i.e. What DNS is, what an IP address is, what a process is)
How to operate a Virtual Machine
Supplemental Reading
https://www.vmware.com/products/workstation-player.html

https://github.com/redcanaryco/atomic-red-team

https://github.com/redcanaryco/invoke-atomicredteam/wiki/Installing-Invoke-AtomicRedTeam#install-execution-framework-and-atomics-folder

https://www.atlassian.com/software/jira/

https://www.elastic.co/security

https://www.elastic.co/guide/en/security/current/index.html

About the Instructor

Pixel splash background
Hayden Covington
Hayden Covington
"Security Engineer, Triathlete, and Analytics Addict"
Bio

Hayden Covington is a Senior Analyst in Black Hills Information Security’s SOC where he specializes in training, quality assurance, detection engineering, and investigative analysis. With a previous background as a SOC analyst for a US naval contractor, Hayden has extensive experience in Digital Forensics and Incident Response (DFIR), Security Orchestration, Automation, and Response (SOAR), and insider threat.

This class is being taught at Wild West Hackin’ Fest – Deadwood 2025.

For more information about our conferences, visit Wild West Hackin’ Fest!

REGISTER HERE

Clicking on the button above will take you to our registration page

On-Demand

Antisyphon's On-Demand classes give you flexible, self-paced access to the same high-quality training our live events are known for. Whether you're diving into forensics, cloud security, or offensive tooling, each course includes:

  • Full access to video recordings, slides, and downloadable resources
  • Hands-on labs and virtual machines to reinforce real-world skills
  • Cyber Range access for immersive practice (select courses)
  • Dedicated Discord support from instructors and peers
  • Certificates of participation upon completion

Start learning when it works for you!
No deadlines, no pressure. Just real, practical cybersecurity training on your schedule.

Purchase:
Content is loading, please wait.

Related products

Shopping Cart

No products in the cart.