Securing Cisco Networks with Threat Detection and Analysis (SCYBER) 1.2


5 Days

Course Description

This lab-intensive training course prepares you for the Cyber Security Specialist Certification exam (600-199) while quickly launching you into the role of a security analyst team member. Combining lecture materials and hands-on labs, this course presents cybersecurity concepts and enables you to recognize specific threats and attacks on your network. You will learn how a network security operations center (SOC) works and how to begin to monitor, analyze, and respond to security threats within the network.


Employees of federal, state and local governments; and businesses working with the government.

Who Should Attend:

Technical professionals who need to know how to monitor, analyze, and respond to network security threats and attacks

What You’ll Learn:

  • Monitor security events
  • Configure and tune security event detection and alarming
  • Analyze traffic for security threats
  • Respond appropriately to security incidents

Course Outline:

1. Overview of Network Security and Operations

2. Network and Security Operations Data Analysis

3. Packet Analysis

4. Network Log Analysis

5. Baseline Network Operations

6. Preparing for Security Incidents

7. Detecting Security Incidents

8. Investigating Security Incidents

9. Reacting to an Incident

10. Communicating Incidents Effectively

11. Postevent Activity


Lab 1: Assess Understanding of Network and Security Operations

Lab 2: Assess Understanding of Network and Security Data Analysis

Lab 3: Network and Security Data Analysis Team-Building Activity

Lab 4: Packet Capture Exercise 1

Lab 5: Packet Capture Exercise 2

Lab 6: Packet Capture Exercise 3

Lab 7: Understanding Log Data

Lab 8: Correlation Lab

Lab 9: Assessing Understanding

Lab 10: Mapping a Monitored Network Topology

Lab 11: Assessing Normal Behaviors of a Monitored Network

Lab 12: Assessing Current Security Controls

Lab 13: Assessing Current Monitoring System

Lab 14: Manually Correlating Events

Lab 15: Automatically Correlating Events

Lab 16: Identifying a Security Incident

Lab 17: Understanding NetFlow

Lab 18: NetFlow Practical Activity

Lab 19: Assessing Understanding

Lab 20: Selecting Mitigations

Lab 21: Developing Mitigations

Lab 22: Documenting Incidents

Lab 23: Recommending Remediation

Lab 24: Improving Security

Lab 25: Incident Response Challenge Lab