Practical SOC Analyst Professional

LEARN HOW TO DEFEND,
THEN PROVE IT.

The PSAP certification is an intermediate-level threat hunting and incident response exam experience. The exam will assess a student’s ability to proactively identify intrusions, reconstruct attacker activity, analyze evidence, and develop actionable recommendations to contain, eradicate, and recover from a realistic compromise.

ENROLL NOW

SOC LIVE TRAINING

What is the Practical SOC Analyst Professional Certification?

The Practical SOC Analyst Professional (PSAP) certification is an intermediate-level threat hunting and incident response exam experience. The exam will assess a student’s ability to proactively identify intrusions, reconstruct attacker activity, analyze evidence, and develop actionable recommendations to contain, eradicate, and recover from a realistic compromise. Students will have three (3) full days to complete the assessment and an additional two (2) days to write a professional incident response report.

By earning the PSAP certification, you’ll demonstrate to employers that you’re ready to succeed within a security team and have the practical skills needed to advance your career.

How to Pass the PSAP Exam

In order to receive the certification, a student must:



Apply a wide array of investigation methodologies and leverage analysis tools to investigate an intrusion, identify the affected systems, and collect supporting evidence artifacts.



Reconstruct the intrusion timeline and describe the attacker’s methods, actions, and impact on the environment.



Submit a detailed and well-organized exam report that documents the investigation, evidence, affected systems, and recommended response actions.

TCM Security exam vouchers are valid for 12 months and come with access to the training materials the exam is based on. Access begins on the day the voucher is purchased. We highly recommend preparing before attempting the exam. If you don’t initially succeed, don’t worry! We never want to profit on failure and include one free retake with every exam voucher.

Practical SOC Analyst Professional Exam Format

Like all TCM Security certifications, the PSAP exam was designed to teach students how to apply their skills in a real-world situation. This is not a CTF. Our exams provide an experience that is similar to what you will be asked to do in a professional environment.

You’ll be dropped directly into a corporate network under investigation for potential intrusion by a sophisticated adversary group. You will need to proactively hunt for signs of compromise, reconstruct the attacker’s activity, and propose actionable containment, eradication, and recovery measures—all based on realistic attack techniques and campaigns observed in similar organizations.



There are no flags to capture.



There are no multiple choice questions.

What is Included



25+ Hours of On-Demand Training (12 Months Access)



Hands-On Local Labs, Exercises, and Challenges



1 Exam Attempt + 1 Free Retake (12 Months Access)



3 Days to Complete



2 Days to Write Report



24/7/365 Course Support

Prerequisites



Understanding of threat hunting and incident response methodologies



Familiarity with endpoint investigation and analysis tools



Experience with SIEM platforms, log correlation, and querying



Device capable of running multiple virtual machines



Ability to document investigations professionally and clearly

Black Friday Savings Are Here!

$499

$399

ENROLL TODAY

No discount code required. This promotion cannot be combined with other discounts or offers. Exam retakes are excluded from the sale. Offer expires on December 1, 2025.

Who Should Take the Practical SOC Analyst Professional Exam?

The PSAP is an intermediate-level threat hunting and incident response exam, designed to assess and develop practical skills in investigating intrusions, analyzing malicious activity, and responding to security incidents. Students should have prior experience with endpoint and network analysis, SIEM tools, and incident response methodologies. The PSAP is suitable for:

Tier 2 Security / SOC Analysts
Tier 3 Security / SOC Analysts
Incident Responders
Threat Hunters
Digital Forensic Examiners

How to Prepare for the PSAP Exam

Students will receive 12 months of access to over 25 hours of training materials in the Security Operations (SOC) 201 course on TCM Security Academy. If you are looking for a different learning format, check out our small group online live training sessions.

Security Operations (SOC) 201

Students will receive 12 months of access to over 25 hours of training materials in the Security Operations (SOC) 201 course on TCM Security Academy. The PSAP exam was designed based on the concepts and techniques covered in this course, including:

Developing an investigator’s methodology
Incident Response
Threat Hunting
Data transformation techniques
Understanding and identifying anomalies
Evidence collection and handling at scale
Using PowerShell for Incident Response
Hunting and responding to advanced threats following MITRE ATT&CK TTPs
Incident investigation and root cause analysis

View the Course

SOC Level 2 Live Training

Next Class Starts December 8th!

This live training focuses on advanced security operations. In three days of live training, participants will learn the detection and investigation skills needed to respond to complex cyber threats at scale. By the end of the training, students will be well-prepared for the Practical SOC Analyst Professional (PSAP) exam.

The training includes:

3 days of live instruction
1 PSAP exam attempt
Access to the class recordings
Access to a private Discord cohort for instructor and classmate discussions
50 hours of online lab access post-class
CEU credits

LEARN MORE

All TCM Security Certifications Include:



Video Training

Receive 12 months of access to video-led training that was developed to provide a hands-on learning experience.



Realistic Exams

Our certification exams are designed to provide the student with a real-world experience that simulates working as a SOC analyst.



Free Retake

If for any reason you need to take the exam a second time, we include a free retake voucher. We don’t profit from your failures.



Industry Recognized

We are pleased to provide the most realistic and cost-effective cybersecurity certifications recognized by industry professionals and organizations.



Non-Invasive Experience

Complete the exam in the comfort of your own home without proctors or installed monitoring software.



Stable Environments

Get unlimited access to our stable student exam environments. Hosted safely for you in the cloud.



Unbeatable Support

We proudly offer 24/7/365 customer support with the additional benefit of access to our community Discord with over 60,000+ students.



Discounts

We happily provide military, veterans, students, teachers, and first responders with a 20% off coupon, valid on certification vouchers.

Additional Resources

Tools Every SOC Analyst Should Know

Want to work as a SOC analyst? Get familiar with some of the tools you’ll use on the job.

Request Certification Reimbursement

Training doesn’t stop once you land a position. If your company offers a training budget or reimbursement for continuing education, consider using it on TCM Security live training and certifications! To make things easier, we’ve created a Training Budget Request Template—a customizable document designed to align your learning goals with your company’s objectives. Be sure to follow your company’s policies and procedures to increase the likelihood of your request being approved.

Training Options for Organizations

Are you a manager looking to upskill your team? We offer bulk discounts for organizations looking to purchase multiple certification vouchers. Ask us about our training bundle. We also conduct private group session training. Please reach out to us at [email protected] if you are interested in learning more about those options!

Frequently Asked Questions

PSAP Exam FAQ

Who can take the PSAP?

Any individual from any country is eligible to sit for the PSAP exam. Individuals under the age of 18 years old must submit a Parental Consent Form prior to purchasing the exam voucher.

How is this exam and training different from others?

The PSAP certification emphasizes practical, hands-on threat hunting and incident response in a realistic enterprise environment. Unlike theoretical or multiple-choice exams, the PSAP requires you to investigate a full intrusion, analyze evidence, reconstruct the attacker’s actions, and propose actionable response measures. The exam is based on real-world attack techniques and campaigns, giving you an experience that closely mirrors what a professional Tier 2/3 analyst or incident responder would encounter.

Do I need to set up a SOC lab ahead of time to take this exam?

No, the exam environment includes a pre-built lab network that you can access through the exam VPN. All you need is the exam VPN file and a web browser.

How long is the exam?

The exam environment permits three days (72 hours). You will have an additional two days (48 hours) to write a professional report and submit for grading.

How difficult is the exam?

Difficulty varies depending on your experience. For analysts with prior SOC or incident response experience, the PSAP presents a moderate challenge, focusing on applying investigative methodology, data analysis, and threat hunting skills in a single, cohesive scenario.

For those newer to incident response or threat hunting, the exam may be more challenging, and it is strongly recommended to have a very strong understanding of the associated course material and gain hands-on practice before attempting the exam. Beginners should start with with the Practical SOC Analyst Associate (PSAA) before attempting the Practical SOC Analyst Professional.

What tools can I use on the exam?

There are no tool limitations on the exam. However, everything you need will be included on the provided system and the provided Exam Guide will contain more information on available tools.

General FAQ

Does the certification expire?

No, the Practical SOC Analyst Professional certification does NOT expire.

Does my exam voucher expire?

Your exam voucher is valid for 12 months, starting on the day of purchase.

Does my training expire?

The PSAP certification comes with 12 months of training access starting on the purchase date.

Will I receive a digital certification?

Yes! You can view an example of those here.

Do you offer any other discounts?

Yes! We are veteran-owned and want to thank you for your service.

We offer a 20% discount to current and former military as well as first responders (Police, EMTs, Firefighters, Nurses, Doctors, etc.), regardless of country. We also extend this discount to students and educators.

Please email [email protected] with proof of first responder status, such as a discharge form, ID, etc. and we will issue you a coupon code to use on purchase. If you are a student or educator, please email us from a valid educational address or provide proof of current enrollment.

Is the exam proctored?

No. We do monitor network traffic in the exam environment and have detection mechanisms in place for cheating in the environment and the exam, but there will be no proctor or intrusive software to install on your machine.

Do you offer printed certifications?

In efforts to stay green, we do not offer printed certifications. However, our certifications come in a high quality printable format and you’re welcome to have them printed on your own accord.

Do you offer bulk discounts?

We do. If your organization would like to purchase several certification vouchers for your team members to learn more and upskill, please contact [email protected] for more information.

Ready to Get Started?

Your future in cybersecurity is here.