The cybersecurity industry faces a persistent talent shortage crisis. This concerning gap widened for the fourth consecutive year, affecting 70% of organizations, according to research from Enterprise Strategy Group and the Information Systems Security Association.
To bolster defenses against a sophisticated threat landscape amid a massive shift to remote work, some IT leaders are opting to allocate more security budget into talent rather than new tools. SecOps teams must be properly structured and trained on established security procedures and best practices. This foundational knowledge is critical to create a SecOps strategy equipped to securely integrate the latest technology into existing IT infrastructure.
Benefits of SecOps training for security and SOC teams
Security skill building is not only critical to organizations looking to improve incident response and detection or get the most out of their security operations center (SOC) automation investments. It will also be important to both networking and security professionals individually.
Acquiring and demonstrating skills through SecOps training courses and certifications can help IT professionals advance their careers, enhance their resumes and earn higher salaries. Upon expanding their knowledge of SOC functions and SecOps procedures, they may also experience a boost of confidence in their own abilities and increased respect from colleagues and management. SecOps certifications through a membership-based organization can also provide access to a community of peers with a shared interest in pursuing vendor-neutral skills, which are increasingly valuable to organizations affected by the security skills gap.
Deciding which trainings and certifications to pursue can be overwhelming. Learn about five SecOps certifications and training courses available to acquire and demonstrate must-have skills needed to manage and defend critical IT infrastructure.
5 SecOps certification and training courses
The Knowledge Academy Certified SecOps Professional (CSOP)
The CSOP credential covers an introduction to the SecOps approach, SOC analysis and network security monitoring, as well as incident detection and response techniques. The two-day program has no prerequisites and is available to individuals seeking or currently in SecOps roles. Online, instructor-led learning costs $1,295, and online self-paced learning costs $995. The program is also available to teams at an organization in a classroom or on-site.
Applicants will receive the CSOP manual upon enrolling. The curriculum features a SOC playbook, which candidates study and reference when assigned to investigate and respond to security violations. Candidates must pass a 40-question, closed-book exam in one hour with a 65% score minimum to acquire certification.
Cisco Certified CyberOps Associate
The Cisco Certified CyberOps Associate certification encompasses the tactical, day-to-day skills necessary for SOC analysts and teams to effectively detect and respond to security threats. The program is catered to students pursuing technical degrees, junior- and entry-level SecOps or SOC analysts, and other IT professionals. There are no prerequisites, but candidates should have a preliminary understanding of basic networking security concepts, Ethernet and TCP/IP networking, and Windows and Linux OSes.
Candidates must pass the 200-201 Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) exam to earn certification. The CBROPS exam is delivered at a test center or online through Pearson VUE and must be completed within 120 minutes. It contains 95-105 questions on the following general topics:
- security concepts
- security monitoring
- host-based analysis
- network intrusion analysis
- security policies and procedures
Cisco offers multiple preparation options, including instructor-led training in a classroom or on-site, as well as Cisco Press self-study resources and the CyberOps Associate e-learning course.
EC-Council Certified SOC Analyst (CSA)
The CSA program covers SOC processes; SIEM; centralized log management; analysis of alerts from across platforms, such as intrusion detection and prevention systems; help desk ticketing; and threat intelligence integration. Candidates will also gain experience preparing reports and briefings based on SOC analysis findings.
The three-day program is available to individuals with at least one year of work experience in network administration or the security domain. Prospective test-takers include SOC analysts, network security engineers, entry-level cybersecurity professionals or anyone pursuing a career in SOC analysis. Online self-paced, live online and instructor-led instruction are available.
Candidates must achieve a 70% score or higher to pass the 100-question, multiple-choice exam in three hours. CSA curriculum includes the following six modules:
- security operations and management;
- understanding cyber threats, indicators of compromise and attack methodology;
- incidents, events and logging;
- incident detection with SIEM;
- enhanced incident detection with threat intelligence; and
- incident response.
Candidates can enroll in the program for $1,199, which includes instructor-led training modules, official e-courseware, iLabs, an exam voucher and certification of completion.
(ISC)² Systems Security Certified Practitioner (SSCP)
An SSCP accreditation aims to prove an individual's advanced knowledge of security best practices and technical skills required to securely implement, monitor and administer IT infrastructure. SSCP is designed for IT professionals responsible for the hands-on operations of securing critical assets, such as network security engineers, systems administrators, security analysts and consultants, and database administrators.
The SSCP exam assesses expertise in the following Common Body of Knowledge (CBK) domains:
- access controls
- security operations and administration
- risk identification, monitoring and analysis
- incident response and recovery
- network and communications security
- systems and application security
Candidates must achieve a passing score of 70% or higher on the three-hour, 125-question exam. The $250 test is administered at a test center or online through Pearson VUE. One year of professional experience in any of the seven SSCP CBK domains is required. Candidates without the prerequisite experience may still take and pass the exam to become an Associate of (ISC)² until they earn the needed work experience.
There are a variety of training books and study guides available to help candidates prepare for the SSCP exam. (ISC)² also offers classroom-based, online instructor-led or private on-site training for individuals or groups, as well as a self-paced online training course.
Corexcel Security Operations Management
Corexcel's Security Operations Management course provides a detailed overview of infosec operations management. The course incorporates videos and exercises to help students learn how to use administrative controls and trusted recovery methods for effective incident response. The curriculum, intended for IT professionals in need of SecOps training, covers the following topics:
- role of a security audit
- monitoring and detection
- change management
- trusted recovery
- access control
- data backup and systems and facilities security
- incident management and investigation
Individuals can access the online, self-paced course for $79. If enrolling as a team of 10 or more, organizational volume pricing is available upon request. Students can typically complete the course in three to five hours but will have access to the program for 90 days. Upon passing an exam with a 70% minimum score, students will receive the Security Operations Management certificate, as well as 0.5 continuing education units, or CEUs.
Other certifications and training for SecOps professionals
In addition to SecOps-specific certifications, there are other more general IT security accreditations available, which cover skills and techniques useful to the SecOps role. These include the following:
- (ISC)² CISSP
- EC-Council Certified Ethical Hacker
- ISO 27001 Lead Auditor