Certified Cybersecurity Operations Analyst (CCOA)

The CCOA certification is recommended for cybersecurity professionals with 2–3 years of practical experience who wish to expand their technical capabilities and respond more effectively to evolving cyber threats. A useful pre-requisite for this course is the OffSec SEC-100 Security Essentials.

Target audience

This course is designed for:

• Cybersecurity analysts and operations professionals
• SOC analysts and incident responders
• IT and network administrators seeking to build security expertise
• Professionals responsible for cybersecurity governance, compliance, and risk management
• Early to mid-career practitioners aiming to enhance technical and operational skills

By the end of this course, learners will be able to:

• Identify the key components of computer and cloud networking, databases, and virtualised environments
• Understand cybersecurity governance and align security strategy with enterprise objectives
• Analyse adversarial tactics, techniques, and procedures to detect and respond to threats effectively
• Apply incident detection and response techniques, including forensic and malware analysis
• Recognise the significance of proactive incident preparedness and planning
• Design and recommend countermeasures to secure digital assets across industries
• Implement identity, access, and vulnerability management practices
• Apply best practices, frameworks, and standards to strengthen cybersecurity operations

Domain 1: Technology essentials

• Computer and cloud networking fundamentals
• Databases, virtualisation, and containerisation
• Command line interfaces
• APIs: purpose, benefits, and usage
• Principles of DevOps, SecDevOps, and CI/CD pipelines
• Fundamentals of programming and scripting

Domain 2: Cybersecurity principles

• Cybersecurity governance and alignment with business drivers
• Defining strategy based on enterprise objectives
• Cross-organisational communication for cybersecurity
• Roles and responsibilities for initiatives
• Metrics for evaluating programme performance
• Stakeholder engagement and investment planning
• Risk management processes and compliance requirements
• Documenting risk in enterprise operations

Domain 3: Adversarial tactics, techniques, and procedures (TTPs)

• Common adversarial tactics, techniques, and procedures
• Developing critical and creative thinking for threat detection
• Differentiating dashboard events vs attacker insights
• Baseline detections for anomalous behaviours
• Reactive and proactive threat detection capabilities
• Threat hunting and intelligence source utilisation
• Attack vectors, threat actors, and motivations
• Analysis of exploit techniques and attack stages
• Role of security testing in detection and resilience

Domain 4: Incident detection and response

• Incident preparedness and significance of early detection
• Components and techniques of detection (analytics, logs, alerts)
• Developing detection use cases and recognising indicators of compromise
• Tools and technologies for effective monitoring
• Fundamentals of incident response: containment and handling
• Forensic, malware, network traffic, and packet analysis techniques
• Threat analysis and structured response processes

Domain 5: Securing assets

• Designing countermeasures for digital asset protection
• Iterative and holistic approaches to system security
• Industry-specific asset protection needs and risk tolerance
• Influence of business goals and risk assessments on security controls
• Contingency planning and business continuity
• Control techniques for securing assets
• Identity and access management principles and practices
• Best practices, frameworks, and standards for asset security
• Vulnerability assessment, remediation, and risk mitigation

Exams and assessments

The CCOA certification exam voucher is included in this course, taken post course directly with ISACA, validates knowledge and applied skills across all domains. Successful learners receive the Certified Cybersecurity Operations Analyst (CCOA™) credential.

Hands-on learning

This course includes:

• Scenario-driven labs to apply incident detection and response techniques
• Practical exercises in network, forensic, and malware analysis
• Threat modelling and intelligence activities
• Applied learning focused on asset security and vulnerability management
• Guided practice using common security tools and monitoring platforms