Cyber Defense Training Program

Document created by Craig Hansen Employee on Jan 24, 2016Last modified by Craig Hansen Employee on Feb 26, 2016
Version 5Show Document
  • View in full screen mode

The RSA Cyber Defense courses help safeguard an organization's mission by addressing the necessary knowledge and skills of the people who respond to security threats within a SOC environment. These courses address:


  • Best practices and tools for responding to an identified threat
  • Processes and procedures for incident handling and response
  • Use of threat intelligence to detect and correlate data
  • Application of tools and techniques for analyzing malware and extracting indicators of compromise
  • SOC simulation game that provides participants with an opportunity to practice


Executive Summary

The threat landscape is becoming more complicated every day. With the advent and enhancement of technical innovations like cloud computing, social media, mobile devices and big data, organizations are finding it very difficult to keep ahead of advanced threats. Security products, while necessary, can only go so far in identifying and mitigating potential breaches. A skilled security analyst is key to the success of any Information Security strategy.


As a result of the volume and sophistication of advanced threats, organizations cannot simply add headcount to address the problem. Security analysis is a complex process, requiring a level of expertise and experience that is beyond the traditional abilities of an IT professional. Currently, the security industry is facing a serious shortage of the specialized skills needed to detect, investigate and respond to cyber attacks.


The RSA Cyber Defense courses address these challenges by offering comprehensive training on analytic processes and techniques that are independent of a specific attack technique or security product. These courses focus on analysis skills that are directly relevant to the current security climate. The curriculum also provides a path for security analysts to advance their skills by offering an approach based on roles that are generally consistent with the roles and responsibilities of a SOC.


These courses leverage a combination of open source analysis tools and RSA solutions. Previous experience with RSA products is not necessary.


Learning Path



For security analysts working in a Security Operations Center (SOC), a Critical Incident Response Center (CIRC), or in a more loosely-organized incident response capacity.


Course Offerings

RSA Intelligence-Driven Event Analysis

This course introduces the student to the people, processes, and technology that make up a Security Operations Center

(SOC).  They learn the formats associated with the various sources in information available in a SOC, from alerts and log data

to intelligence feeds.   Students gain an understanding of a Security Analyst's typical workflow from gathering and monitoring

data as well as correlating, prioritizing, documenting and escalating incidents. Students develop a fundamental understanding

of system security, hardening, host scanning tools, and host/network-based instruction detection systems.


RSA Incident Handling & Response

This course prepares a Security Analyst to take on broader responsibility within an incident response team. Students learn the

tasks, workflows and tools used by a Security Analyst/Incident Handler. They investigate a variety of critical incident response

scenarios, which emphasizes decision-making and prioritization with the goal of teaching students how to make assessments

in a short period of time.   Students develop a broader understanding of the role the SOC fulfills in the large organization,

including the legal and compliance issues associated with incident response and assessing organizational risk.


RSA Threat Intelligence

This course helps students to develop a proactive approach to the detection and investigation of Advanced Persistent Threats

(APTs) and Zero-Day attacks. Students learn the tools and tactics to perform threat modeling and to detect suspicious

patterns and anomalies.  Students will engage in exercises to practices strategies for analyzing attacks and mitigating their

effects, and for applying intelligence drive security practices in their own organizations.


RSA SOC Simulation Challenge ("SOCSim")

This forensic analysis experience exposes participants to network and forensic analysis within a real-world breach scenario

using simulated SOC dynamics.  Participants are presented with a use case that requires them to analyze data flowing over the

network. They are guided through the analysis by challenge questions using a "Jeopardy!" style interface based on the Cyber

Kill Chain methodology.


RSA Ma|ware Analysis

This course provides security analysts with the knowledge and skills to develop a strategy for analyzing malware.   Students

analyze commonly exploited file formats and examine the behavior of malware and its interaction with its environment using

both static and dynamic analysis tools and techniques. They investigate the behavior of malware using a debugger and

identify and overcome anti-analysis techniques.


RSA Cyber Defense Workshop

In this highly interactive workshop, students assume different roles within a SOC environment and manage security events

occurring over the course of a three day scenario.   Day-to-day security incidents will occur alongside potentially catastrophic

activity related to the advanced tactics of determined and persistent adversaries.   Each member of the SOC Team will have to

use skills and tools in order to detect, investigate, contain and eradicate the threat as well as document the incident for

executive review.