SOC Level 1 Live Training

LEARN HOW TO DEFEND, THEN PROVE IT

Andrew Prince leads this live training focused on Security Operations Center (SOC) fundamentals. Featuring four days of live instruction, students will learn the core skills needed to succeed in Tier 1 and Tier 2 SOC roles. By the end of the training, students will be well-prepared to excel as a SOC analyst and ace the Practical SOC Analyst Associate (PSAA) exam.
SOLD OUT
soc level 1 live

SOC Level 1 Live Training: Course Overview

Registration is closed. Join the waitlist to be notified when registration for the next session opens.

Take your SOC analyst skills to the next level in this live training presented by Andrew Prince. You’ll hit the ground running with four full days (9am – 5pm ET) of back-to-back live training, labs, and challenges that cover the foundational skills needed for success in defensive security operations.

This training dives deep into monitoring, detection, analysis, and response across critical areas including phishing, network security, endpoint protection, SIEM management, threat intelligence, and DFIR operations.

By the end of this training, you’ll have an in-depth grasp of SOC operations and investigative skills. All lessons draw from real-world SOC experience and scenarios encountered by security professionals in active environments. This class is limited to 50 students, so sign up today to reserve your spot.

Course Objectives

By the end of the training, participants will have a thorough understanding of:

  • Security Operations Fundamentals
  • Phishing Analysis
  • Network Security Monitoring
  • Network Traffic Analysis
  • Endpoint Security Monitoring
  • Endpoint Detection and Response
  • Log Analysis and Management
  • Security Information and Event Management (SIEM)
  • Threat Intelligence
  • Digital Forensics
  • Incident Response

System Requirements

  • 8GB RAM & 256GB HDD
  • Up-to-Date OS & Internet Browser
  • Stable Internet connection

Prerequisites

  • Completion of the Practical Help Desk course, A+/Net+ equivalent, or familiarity with the topics such as:
    • Basic familiarity with Windows and Linux operating system components.
    • Experience working with the command-line and knowledge of basic commands and navigation (e.g., cd, ls, cat).
    • Knowledge of network concepts such as subnets, internal vs. external IP addresses, network address translation, and routing.
    • Understanding of foundational security concepts such as the CIA triad, security controls, encryption, and hashing.
Next Class Begins
April 14-17, 2025
9am-5pm Eastern Time
Details

32+ Hours of Live Online Instruction and CEU Credits

30+ Hours of On-Demand Training (12 Months Access)

Online Labs w/ 50 Hours Access Post Training

Private Cohort and Instructor Access

24/7/365 Course Support (Lifetime)

$2499

SOLD OUT
*Students, educators, first responders, active and former military can save 20% on all certifications and live training. Contact [email protected] with proof to get your discount code.

Who Should Take SOC Level 1 Live Training?

This class is designed for IT professionals who want to develop security analysis skills and pursue a career in the SOC. This training provides a hands-on look into the different functions of a security operations center, opening the door to a wide variety of specialized defensive security roles. By the end of this class, individuals who are preparing to take the TCM Security PSAA certification exam will be well-prepared to take the exam. This course is designed for beginners, but individuals looking to enroll should have basic IT skills and knowledge.
The SOC Level 1 live training is ideal for:

  • Aspiring SOC Analysts and Incident Responders.
  • Individuals with a strong interest in blue teaming and a desire to understand how security operations work in real-world environments.
  • IT professionals with some experience in networking or systems administration who want to expand their skills into the SOC and cybersecurity field.
  • Students looking to prepare for the Practical SOC Analyst Associate (PSAA) exam.

Why Choose TCM Security Instructor-Led Training?

No Fluff, Practical Focus

You’ll walk away with hands on knowledge and practical skills that can be immediately applied in real-world scenarios.

Lab Access

After the training ends, you have 50 hours of access to online virtual labs to practice what you learned.

Interactive, Small Group Setting

We limit our class sizes to 50 students to encourage interaction with the instructor and classmates. You’ll have access to a private Discord channel for class communication and networking.

Post-Training Resources

You’ll have 12 months of access to class recordings and relevant course materials from TCM Security Academy.

Professional Development

TCM Security live trainings are eligible for Continuing Education Unit (CEU) credits.

Prepare for Certification Exams

Intensive live training classes will prepare you for TCM Security Certifications and keep you focused on your goals.

Request Live Training Reimbursement

Training doesn’t stop once you land a SOC Analyst position. If your company offers a training budget or reimbursement for continuing education, consider using it on TCM Security live training and certifications! To make things easier, we’ve created a Training Budget Request Template—a customizable document designed to align your learning goals with your company’s objectives. Be sure to follow your company’s policies and procedures to increase the likelihood of your request being approved.
DOWNLOAD THE TEMPLATE

Training Options for Organizations

Are you a manager looking to upskill your team? We offer bulk discounts for organizations looking to purchase multiple seats in our live training classes. We can also conduct private group session training. Please reach out to us at [email protected] if you are interested in learning more about those options!

Curriculum and Agenda

Prerequisites

  • Completion of the Practical Help Desk course, A+/Net+ equivalent, or familiarity with the topics such as:
    • Basic familiarity with Windows and Linux operating system components.
    • Experience working with the command-line and knowledge of basic commands and navigation (e.g., cd, ls, cat).
    • Knowledge of network concepts such as subnets, internal vs. external IP addresses, network address translation, and routing.
    • Understanding of foundational security concepts such as the CIA triad, security controls, encryption, and hashing.

Day One- Monday, April 14, 2025

  • Class Introduction
  • Lab Access, Setup, and Configuration
  • Understanding the SOC
  • Understanding Phishing Attacks and Techniques
  • Email Analysis
  • URL Analysis
  • Attachment Analysis
  • MalDoc Analysis
  • Phishing Defenses
  • Ticket Challenge – Walkthrough and Break
  • Understanding Packets and Flows
  • Network Traffic Analysis with TCPDump
  • Network Traffic Analysis with Wireshark
  • Ticket Challenge

Day Two- Tuesday, April 15, 2025

  • Understanding Endpoint Security
  • Windows – Hunting Malicious Network Connections
  • Windows – Hunting Malicious Processes
  • Live IR with SysInternals and Autoruns
  • Windows – Understanding Core Processes
  • Windows – Hunting Persistence
  • Ticket Challenge – Walkthrough and Break
  • Linux – Hunting Malicious Network Connections
  • Linux – Hunting Malicious Processes
  • Linux – Understanding Core Processes
  • Linux – Hunting Persistence
  • Ticket Challenge – Walkthrough and Break
  • Understanding the SIEM
  • Common Attack Signatures
  • Command Line Log Analysis
  • Ticket Challenge

Day Three- Wednesday, April 16, 2025

  • Splunk Introduction
  • Search Processing Language
  • Search Commands
  • Reporting, Alerting, and Dashboards
  • Investigating Intrusions with Splunk
  • Deploying Forwarders
  • Ticket Challenge – Walkthrough and Break
  • Understanding Threat Intelligence
  • Threat Intelligence Frameworks
  • MITRE ATT&CK
  • Ticket Challenge – Walkthrough and Break
  • Detecting Malware with YARA
  • Reading and Writing YARA Rules
  • Ticket Challenge

Day Four- Thursday, April 17, 2025

  • Understanding Digital Forensics Investigations
  • Disk Image Acquisition with FTK Imager
  • Memory Acquisition with FTK Imager
  • Ticket Challenge – Walkthrough and Break
  • Windows Forensic Artifacts
  • Forensic Image Analysis with Autopsy
  • Memory Analysis with Volatility
  • Ticket Challenge – Walkthrough and Break
  • The Incident Response Process
  • Training Wrap-Up

*Curriculum is dependent on class skillset and other varying factors. Curriculum may change at the instructor’s discretion.

SOLD OUT

Meet the Instructor

Andrew Prince

Instructor
Andrew is a seasoned and passionate security professional who brings a wealth of experience in areas such as security operations, incident response, threat hunting, vulnerability management, and cloud infrastructure security. With a professional background in development and system administration, Andrew offers a well-rounded perspective on his security strategy. Andrew also navigates both offensive and defensive operations to provide a holistic approach to keeping people, processes, and technology secure. He is also active in developing various Capture the Flag challenges, creating security training, and sharing knowledge through content creation. Andrew created the Security Operations (SOC) 101 course in TCM Security Academy and the Practical SOC Analyst Associate certification.

Social Media Links:
Website
LinkedIn

Frequently Asked Questions

Do I need to prepare anything before the training begins?
Nope! All of the labs and class files will be accessible in the cloud, with just a VPN connection. You’ll be able to access the class VMs directly in your browser.
What skill level should I have to take the training?
This class is aimed for current or aspiring SOC Analysts, meaning that you should have a general background in computers and networking, but extensive security experience is not required to succeed. Completion of the Practical Help Desk course or any A+/Net+ equivalent knowledge is more than enough.
How long will each training session be?
Classes run each day from 9am-5pm ET. Each session (day) of the class aims to be between 6-8 hours depending on the amount of course material we get through. This includes lecture, hands-on labs, and breaks to work on the challenges.
Do you offer any discounts?
Yes! We are veteran-owned and want to thank you for your service.

We offer a 20% discount to current and former military as well as first responders (Police, EMTs, Firefighters, Nurses, Doctors, etc.), regardless of country. We also extend this discount to students and educators.

Please email [email protected] with proof of first responder status, such as a discharge form, ID, etc. and we will issue you a coupon code to use on purchase. If you are a student or educator, please email us from a valid educational address or provide proof of current enrollment.

Does the class come with a PSAA voucher?
Though the class will prepare you for the Practical SOC Analyst Associate exam, the live training class does not include an exam voucher. You can buy that separately here.
Will my employer reimburse this training?
Maybe! If your organization has a training budget, this class is an excellent way to expand your security knowledge and gain knowledge that will help protect your organization’s data. Use our reimbursement template to help craft your training request to your manager.
Do you offer private group sessions?
Yes, we can conduct private group sessions for your organization or team. Contact [email protected] to learn more about our offerings.
Do you offer bulk discounts?
We do. If your organization would like to purchase several seats for your team members to participate in the training, please contact [email protected] for more information.

Ready to Get Started?

Your future in cybersecurity is here.
SOLD OUT
TCM Security logo
Home          About          Contact Us