New Horizons
Project Management Academy
Six Sigma Online
TCM Security
TRACOM
Velopi
Watermark Learning
Login
NEW: LIVE TRAINING CLASSES NOW INCLUDE AN EXAM ATTEMPT READ MORE
SOC Level 2 Live Training: Class Overview
Take your SOC analyst skills to the next level in this live training presented by Andrew Prince. You’ll hit the ground running with three full days (9am – 5pm ET) of back-to-back live training, labs, and challenges that will teach you how to apply advanced investigation methodologies and grasp the responsibilities of an Incident Responder or Threat Hunter.
The training has a practical, hands-on focus that provides realistic scenarios where students investigate sophisticated threats across multiple systems, learning to detect and respond effectively in enterprise-scale environments. The training also integrates proactive threat hunting as part of a continuous detection and response cycle, helping analysts identify active threats, uncover gaps, and feed insights back into investigative processes to improve future detection and response efforts.
By the end of this training, you’ll have an in-depth grasp of incident response and threat hunting. You’ll also receive an exam attempt for the NEW Practical SOC Analyst Professional (PSAP) certification. This class is limited to 50 students, so sign up today to reserve your spot.
Class Objectives
By the end of the training, participants will have a thorough understanding of:
- Incident response
- Threat hunting
- Data transformation techniques
- Understanding and Identifying anomalies
- Evidence collection and handling at scale
- Using PowerShell for incident response
- Hunting and responding to advanced threats following MITRE ATT&CK TTPs
- Incident investigation and root cause analysis
System Requirements
- 8GB RAM & 256GB HDD
- Up-to-Date OS & Internet Browser
- Stable Internet connection
Prerequisites
This class relies heavily on working with IR investigations and forensic artifacts, but does not cover learning basic analysis tools. It is strongly recommended to have taken or be familiar with the Security Operations (SOC) 101 material and its prerequisites, which includes experience with:
- Networking Fundamentals:
- Practical Help Desk or equivalent
- Operating System Fundamentals
- Practical Help Desk or equivalent
- Security Operations Fundamentals
- Network Traffic Analysis
- Endpoint Security Monitoring
- Log Analysis and Management
- Security Information and Event Management (SIEM)
- Basic Digital Forensics Exposure
Black Friday Savings Are Here!
No code required- save 20% on live training classes when you register before December 1st, 2025.
Live, Instructor-Led
SOC Level 2 Certification Training
Details
24+ Hours of Live Online Instruction and CEU Credits
30+ Hours of On-Demand Training (12 Months Access)
1 PSAP Exam Attempt (12 Months Access)
Online Labs w/ 50 Hours Access Post Training
Private Cohort and Instructor Access
24/7/365 Course Support
No discount code required. This promotion cannot be combined with other discounts or offers. Exam retakes are excluded from the sale. Offer expires on December 1, 2025.
Who Should Take SOC Level 2 Live Training?
This advanced training is designed for individuals seeking to advance their defensive security skills beyond foundational knowledge. Ideal candidates include those already familiar with core SOC concepts who are ready to develop expertise in investigating and responding to sophisticated cyber threats.
The SOC Level 2 live training is ideal for:
- Tier 2 Security/SOC Analysts
- Tier 3 Security/SOC Analysts
- Incident Responders
- Threat Hunters
- Digital Forensic Examiners
- Those preparing for the Practical SOC Analyst Professional certification exam.
Why Choose TCM Security Instructor-Led Training?
No Fluff, Practical Focus
You’ll walk away with hands on knowledge and practical skills that can be immediately applied in real-world scenarios.
Lab Access
After the training ends, you have 50 hours of access to online virtual labs to practice what you learned.
Interactive, Small Group Setting
We limit our class sizes to 50 students to encourage interaction with the instructor and classmates. You’ll have access to a private Discord channel for class communication and networking.
Post-Training Resources
You’ll have 12 months of access to on-demand training materials after the training ends.
Professional Development
TCM Security live trainings are eligible for Continuing Education Unit (CEU) credits.
Prepare for Certification Exams
Intensive live training classes will prepare you for TCM Security Certifications and include a certification voucher related to the training.
Training Options for Organizations
The cybersecurity field is always evolving and learning never stops. TCM’s Live Training options will equip your employees with practical, hands-on skills that they can immediately put to use on the job. We offer bulk discounts for organizations looking to purchase multiple seats in our live training classes. We can also conduct private group session training. Please reach out to us using the form if you are interested in learning more about those options!
“What I learned in just one day of Hacking (and Defending) Active Directory training has given me the edge on how to help my customers better secure their environments.”
Curriculum and Agenda
Prerequisites
- Completion of the Practical Help Desk course, A+/Net+ equivalent, or familiarity with the topics such as:
- Basic familiarity with Windows and Linux operating system components.
- Experience working with the command-line and knowledge of basic commands and navigation (e.g., cd, ls, cat).
- Knowledge of network concepts such as subnets, internal vs. external IP addresses, network address translation, and routing.
- Understanding of foundational security concepts such as the CIA triad, security controls, encryption, and hashing.
Day One
- Understanding the Modern Adversary
- Introduction to Incident Response
- Incident Decision Making
- Introduction to Threat Hunting
- Threat Hunting Teams, Data Sources, and Maturity Models
- Cyber Threat Intelligence
- Exploring the MITRE ATT&CK Navigator
- Structured and Unstructured Threat Hunting
- Data Transformation Techniques
- Data Transformation in the Command-Line, PowerShell, and Splunk
- Searching, Aggregations, Statistics, and Visualizations
Day Two
- Understanding and Categorizing Anomalies
- Masquerading
- Ambiguous Identifiers
- Frequency and Volume Anomalies
- Temporal Anomalies
- Location and Environmental Anomalies
- Structure and Format Anomalies
- Absence and Suppression Anomalies
- Entropy Analysis
- Dissecting Threat Reports
- Threat Hunting Lab:
- Tracing an Attack Chain
- Hunting Execution
- Hunting Malicious Process Trees
- Hunting Persistence
- Hunting Defense Evasion
- Hunting Command and Control
- Hunting Lateral Movement
Day Three
- Collection at Scale
- Collection with WMI
- PowerShell 101
- Cmdlets
- Aliases
- Providers
- Scripting and Control Flow
- PowerShell Remoting
- Remote Collection Frameworks
- Triage Artifact Collection
- Live Response with PowerShell
- Collection and Analysis Challenge
*Curriculum is dependent on class skillset and other varying factors. Curriculum may change at the instructor’s discretion.
Request Live Training Reimbursement
Training doesn’t stop once you land a pentesting position. If your company offers a training budget or reimbursement for continuing education, consider using it on TCM Security live training and certifications! To make things easier, we’ve created a Training Budget Request Template—a customizable document designed to align your learning goals with your company’s objectives. Be sure to follow your company’s policies and procedures to increase the likelihood of your request being approved.
Frequently Asked Questions
Do I need to prepare anything before the training begins?
Nope! All of the labs and class files will be accessible in the cloud, with just a VPN connection. You’ll be able to access the class VMs directly in your browser.
What skill level should I have to take the training?
This advanced training is designed for individuals seeking to advance their defensive security skills beyond foundational knowledge. Ideal candidates include those already familiar with core SOC concepts who are ready to develop expertise in investigating and responding to sophisticated cyber threats.
Students should be familiar with security analysis tools.
How long will each training session be?
Classes run each day from 9am-5pm ET. Each session (day) of the class aims to be between 6-8 hours depending on the amount of course material we get through. This includes lecture, hands-on labs, and breaks to work on the challenges.
Does the class come with a PSAP voucher?
Yes! When the Practical SOC Analyst Professional (PSAP) certification is released, all participants will receive a voucher that is valid for 12 months starting at the issue date.
Do you offer any discounts?
Live trainings are not eligible for the student, educator, military, or first responder discount because they are already discounted to include the certification voucher. We periodically offer sales and promotions. Join our email list or follow us on social media to be informed when sales begin.
