Cybersecurity for Analysts Training

Cybersecurity for Analysts

A practical intermediate course for analysts who support monitoring, investigation, and response. Participants learn the analyst mindset, key data sources, detection and triage methods, incident workflows, and clear reporting practices across on-prem and cloud environments.

What will you learn?

You will standardize how you collect signals, investigate alerts, and communicate findings. You will apply repeatable workflows for detection, incident response, identity and email threats, vulnerability triage, cloud telemetry, and stakeholder reporting.

After this training you will be confident in:

Using common telemetry sources to investigate threats and reduce false positives
Running structured triage and incident response with clear handoffs and timelines
Applying detection engineering basics and threat hunting techniques
Communicating findings with concise reports, metrics, and recommendations

Requirements:

Comfortable with operating systems, basic networking, and command line
Familiarity with security concepts and at least one SIEM or log platform
Access to a non-sensitive training tenant or sample datasets is helpful

Course Outline*:

*We know each team has their own needs and specifications. That is why we can modify the training outline per need.

Module 1: Analyst mindset and SOC workflows

Roles, queues, SLAs, and handoffs across monitoring and response
Alert lifecycle from creation to closure with evidence tracking
Runbooks and decision trees that balance speed and accuracy

Module 2: Threat landscape and attacker techniques

Mapping common threats to tactics, techniques, and procedures
Prioritizing risks for your sector and tech stack
Translating tactics into concrete detection opportunities

Module 3: Telemetry and logging essentials

Endpoint, network, identity, and application logs and what each reveals
Parsing events, timestamps, users, and assets for quick context
Building a minimal evidence checklist per alert type

Module 4: SIEM investigations and alert quality

Query building basics and pivot patterns
Suppression, tuning, and deduplication to cut noise
Triage notes that support later handoff and reporting
‍

Module 5: Detection engineering fundamentals

Hypothesis-driven detections and baseline creation
Rule hygiene, versioning, and change reviews
Measuring detection quality with precision and recall signals

Module 6: Incident response lifecycle

Preparation, identification, containment, eradication, recovery
Case structure, timelines, and evidence integrity
Post-incident learning and action tracking

Module 7: Identity and access investigations

Authentication flows, MFA, tokens, and common misuse patterns
High-value signals from directory, SSO, and privilege changes
Quick checks to separate benign anomalies from true abuse

Module 8: Email and web threat handling

Phishing patterns, payload types, and sandbox outcomes
URL and attachment triage, user follow ups, and takedown requests
Blocking, allowlisting, and awareness feedback loops

Module 9: Cloud telemetry for analysts

Core logs and findings across major providers
Resource changes, access keys, and network paths that matter
Practical guardrails for multi-account investigations

Module 10: Vulnerability and exposure management

From scan results to risk-based prioritization
CVSS with context, asset criticality, and exploit intel
Patch windows, exceptions, and validation notes

Module 11: Threat intelligence and hunting

Indicators vs behaviors and when to use each
Enrichment sources, tagging, and simple scoring
Lightweight hunts that convert into detections

Module 12: Reporting, metrics, and stakeholder communication

Writing clear summaries, impact statements, and next actions
Metrics that matter for leadership and operations
Compliance-aware documentation and evidence retention basics

Hands-on learning with expert instructors at your location for organizations.

Level:

Advanced

Duration:

Hours (days:

)

Training customized to your needs

Immersive hands-on experience in a dedicated setting

*Price can range depending on number of participants, change of outline, location etc.

Get Quote

Master new skills guided by experienced instructors from anywhere.

Level:

Advanced

Duration:

Hours (days:

)

Training customized to your needs

Reduced training costs

*Price can range depending on number of participants, change of outline, location etc.

Get Quote

You can participate in a Public Course with people from other organisations.

/per trainee

Thanks for the numbers, they could be going to your emails. But they're going to mine... Thanks ;D

Oops! Something went wrong while submitting the form.

Level:

Advanced

Duration:

Hours (days:

)

Fits ideally for individuals and small groups

Networking opportunities with fellow participants.

*Price can range depending on number of participants, change of outline, location etc.

Get Quote

Cybersecurity for Analysts

What will you learn?

Requirements:

Course Outline*:

Module 1: Analyst mindset and SOC workflows

Module 2: Threat landscape and attacker techniques

Module 3: Telemetry and logging essentials

Module 4: SIEM investigations and alert quality

Module 5: Detection engineering fundamentals

Module 6: Incident response lifecycle

Module 7: Identity and access investigations

Module 8: Email and web threat handling

Module 9: Cloud telemetry for analysts

Module 10: Vulnerability and exposure management

Module 11: Threat intelligence and hunting

Module 12: Reporting, metrics, and stakeholder communication

Get Quote for:

Cybersecurity for Analysts

Start your training experience here!