Certified Security Operations Manager

CSOM is designed to forge technical managers that already have experience and exposure to security operations. CSOM will develop you in both management principles and technical skills. Below are some examples of the skills and experience you will gain.

• Understand modern security operations across on-premise and cloud environments.
• Conduct static digital forensics and incident response to collect key artifacts for investigations.
• Understand and perform threat modelling and detection engineering to deploy a SIEM with relevant rules and alerting functionality.
• Understand the different sub-teams a security operations team could contain, and how each of them operates, and what value they bring to the organization.
• Demonstrate how to continuously assess the team to demonstrate increasing maturity and business offerings.

And much more!

Introduction

• Welcome to CSOM

Modern Security Operations

• 2. Domain Introduction
• 3. Business Objectives, Legal Enablers, and Considerations
• 4. Security Operations Teams
• 5. Operational Environments
• 6. Cyber Threat Hunting

Building a Security Operations Centre

• 7. Domain Introduction
• 8. Threat Modelling
• 9. Building Your Team
• 10. SIEM & Detection Engineering
• 11. Case Management
• 12. Other Tooling & Administration
• 13. Processes and Policies

Capability Development

• 14. Domain Introduction
• 15. Incident Response
• 16. Threat Intelligence
• 17. Vulnerability Management
• 18. Digital Forensics
• 19. Malware Analysis
• 20. Threat Hunting

Metrics, Maturity, and Measuring Success

• 21. Domain Introduction
• 22. SOC Maturity Models
• 23. Operationalizing MITRE ATT&CK
• 24. Purple Team Engagements
• 25. Deception and Active Defence
• 26. Security Orchestration, Automation, and Response
• 27. Reporting and Metrics
• 28. Security Research and Presentation
• 29. Retaining Talent
• 30. Additional Activities

CSOM Exam Preparation

• 31. Theory Exam Format
• 32. Practical Exam Format
• 33. Preparation Tips

Content subject to change prior to release.

LABS:

• Deploying Sigma Rules
• Case Management
• Endpoint Detection & Response
• Threat Intelligence in Practice (MISP)
• Vulnerability Management in Practice (OpenVAS)
• Digital Forensics in Practice (Autopsy)
• Cyber Deception
• Metrics Dashboarding, Case Management
• Practice Exam Lab

Approx 250 lessons, 15 labs

*To be eligible to take the CSOM exam, students must provide sufficient evidence of at least two years full-time experience working in a defensive cybersecurity role. Students are able to take and go through the course with any level of experience, however to become CSOM certified, this requirement must be met.

TWO PART EXAM

PRACTICAL ASSESSMENT: The practical exam element of CSOM requires you to participate in a security incident investigation. The practical exam has been constructed to appropriately test you on the technical elements covered in the course. There is nothing new in the exam that has not been covered, and no additional external preparation is required to pass.

You will have up to 4 hours to answer twenty questions based on the exam scenario. All answers will be submitted when you manually finish your exam or the 4-hour duration ends. You will receive a pass/fail status, a grade out of 100, and feedback immediately.

If you do not meet the pass requirement of 70% or higher, you must use your free resit voucher to attempt the exam again. If you pass, you cannot retake the exam.

THEORY ASSESSMENT: The theory exam element of CSOM places you as a Security Operations Manager joining a company, Energy Blade Industries, that already has an existing security operations team.

You will complete three tasks and fill out a report template with the information requested. When starting the exam you will download a ZIP archive that contains the files you need to review, alongside using online resources.

We expect the exam to take a student approximately 2-3 hours. However, this can vary depending on experience and how well you have studied the course material. The exam time limit is 24 hours, meaning you must submit a valid report within this timeframe. Please note this does not mean this exam will take 24 hours.

• Exam included
• Online exam voucher