Foundations of Security Operations with Hayden Covington

Foundations of Security Operations will take you from the ground floor of “What is a SOC” to “How to detect and investigate a multi-stage attack”.

On-Demand $575.00

Course Length: 16 Hours

Includes a Certificate of Completion

Enroll Now

Next scheduled date: WWHF Deadwood 2026 - Link at bottom.

Description

Foundations of Security Operations will take you from the ground floor of “What is a SOC” to “How to detect and investigate a multi-stage attack”.

Have you ever wondered what it would be like to work in a SOC? Do you manage a SOC and want a better understanding of what goes on within? Or maybe you want to experience Elastic and how it can be used for threat detections and analysis?

Throughout the course you will gain an understanding of key functions of a SOC and it’s tools, specifically its SIEM and ticketing systems. You’ll learn how they work under the hood and how to bend them to your will. These fundamentals will build upon themselves until you find yourself writing custom sequence detections and investigating them when they fire.

Foundations of Security Operations has a good mixture of fundamental knowledge with the freedom to apply that knowledge at a more advanced level for more experienced analysts. As different functions within a SIEM are covered there is leeway for those with more experience to branch out and build on the basics of the labs.

By the end of the course, you will have a fully functioning SOC of your very own, lacking only in analysts (besides yourself). You’ll be given resources on how to further improve your SIEM should you wish. Lastly, you will be able to tell interviewers that you single-handedly stood up a SOC’s infrastructure.

System Requirements
- A computer with either VMWare Player or Workstation
- A computer with the ability to run a VM for labs with the following specs: 4 GB RAM, 2 Core CPU, 60 GB of storage
- (Optional) Labs can be performed on the host laptop (Instructions are provided for how to accommodate this approach, with pre-requisite installations needed before the class starts)

Syllabus

- Part 1: SOC, Ticketing Systems, and Jira

- Part 2: SIEMs, Elasticsearch, and Query Languages

- Part 3: Detection Engineering, Testing, and Tuning

- Part 4: Investigation Fundamentals, SOC Tickets, and Practical Application

FAQ

Key Takeaways

Foundations of a SOC
SOC Tools and Operations
Ticketing System Offerings
Jira and Opsgenie configurations
What SOC life is like, both the good and the bad
Security Information and Event Management (SIEM) Offerings
How to Navigate and Use Elasticsearch and Elastic SIEM
Elasticsearch Query Languages
How to Write a good Query
Detection Engineering and Tuning
Detection Tuning Risk Management
Mapping Your Detections to MITRE ATT&CK
Testing Detections with Atomic Red Team (ART)
SOC Investigation Fundamentals
How to Investigate a SOC Ticket When You’re Stuck
How to Write a Good SOC Ticket
How to Investigate Common Event Modules
How to use Elastic Timelines, Cases, and Dashboards for Your Investigations
Investigating Multi-Stage Attacks
Open-Source Detections
How to Improve Your SOC After the Course
How to Apply the Course Learnings to Your Career

Who Should Take This Course

SOC engineers, managers, analysts, or those wanting to work in a SOC
Anyone wanting to learn how to configure Elastic and Jira
Anyone wanting to learn how to work in Elastic or Jira
Anyone wanting to learn how to investigate threat activity in a SIEM
Anyone wanting to know how to write, tune, and test threat detections

Student Requirements

Basic understanding of Windows operating systems
Basic understanding of security fundamentals (i.e. What DNS is, what an IP address is, what a process is)
How to operate a Virtual Machine

Supplemental Reading

https://www.vmware.com/products/workstation-player.html

https://github.com/redcanaryco/atomic-red-team

https://github.com/redcanaryco/invoke-atomicredteam/wiki/Installing-Invoke-AtomicRedTeam#install-execution-framework-and-atomics-folder

https://www.atlassian.com/software/jira/

https://www.elastic.co/security

https://www.elastic.co/guide/en/security/current/index.html

About the Instructor

Hayden Covington

"Security Engineer, Triathlete, and Analytics Addict"

Bio

Hayden Covington is a Senior Analyst in Black Hills Information Security’s SOC where he specializes in training, quality assurance, detection engineering, and investigative analysis. With a previous background as a SOC analyst for a US naval contractor, Hayden has extensive experience in Digital Forensics and Incident Response (DFIR), Security Orchestration, Automation, and Response (SOAR), and insider threat.

Register for Upcoming

Filter by Product Date
Filter by Product Instructor
- Hayden Covington
Filter by Product Type
- On-Demand

Wild West Hackin' Fest Deadwood 2026

Live Training Hayden Covington

Active Directory Security and Hardening is being taught at Wild West Hackin’ Fest – Deadwood 2026.

For more information about our conferences, visit Wild West Hackin’ Fest!