
Discover how cybersecurity protects systems, networks, and applications, preventing unauthorized access while preserving data integrity, confidentiality, and availability across network, information, and endpoint security.
Explore high demand for cybersecurity across red team and blue team roles, threat intelligence, and risk assessment, with hands-on training in ethical hacking, penetration testing, and governance, risk and compliance.
Discover common cyber attacks, including ransomware, spyware, adware, and viruses, plus man-in-the-middle, password attacks, phishing, and DDoS via botnets, and web attacks using SQL injection, XSS, and CSRF.
Explore defensive security, offensive security, and security audit and GRC domains, and learn key roles from SOC analyst to malware analyst and exploit developer, protecting networks, data, and compliance.
Explore ethical hacking, including penetration testing, white hat concepts, and red teaming, and learn how legally breaking into systems with written permission helps identify vulnerabilities before the malicious hacker.
Explore the three hacker types: black hat, white hat, and grey hat, examining their intents, legality, and roles from malicious hackers to ethical penetration testers.
Defensive security protects systems, networks, and data in enterprise environments, upholding the CIA triad—confidentiality, integrity, and availability—through encryption, hashing, and defenses against man-in-the-middle attacks.
Learn how offensive security uses ethical hacking and penetration testing to simulate real attacker techniques, uncover vulnerabilities, and test networks, software, and endpoints with proper permission.
Distinguish security events from security incidents by examining logs and login attempts with uncertain confidence. Analysts investigate, correlate events across firewalls, antivirus, and SIEM/EDR to confirm incidents and respond.
Define the security operations center as a centralized unit that detects, prevents, and responds to threats, protecting network assets. Explore core SOC functions, roles, processes, and tools.
Explore essential soc tools and technologies, including security information and event management, edr, threat intelligence, incident response, and itsm, with vendor examples like Splunk, CrowdStrike, and ServiceNow.
Explore the three roles in a security operations center: level one threat management, level two incident response, and level three threat hunting, along with their responsibilities and required skills.
Master the soc process from level one triage, log correlation, and threat intelligence to level two containment and remediation, then level three proactive threat hunting with edr and ttp patterns.
Identify IT assets such as databases and customer data, explain how threats exploit vulnerabilities, and show how risk is computed by threat and vulnerability to prevent data breaches.
Identify, assess, and mitigate vulnerabilities through proactive vulnerability management, using automated scans (Nessus, Qualys, Rapid7) to prioritize by CVSS, exploitability, and business impact, then remediate, verify, and report.
Analyze and evaluate security risk through risk assessment to calculate likelihood and impact, prioritize threats and vulnerabilities, guide mitigation, and meet PCI DSS, ISO 27001, and NIST standards.
Assess vulnerabilities through reconnaissance, scanning, and weaponization to prepare an exploit. Leverage phishing, buffer overflow, and other exploits to enable unauthorized access, data leakage, or backdoors.
Explore the five security control types—preventive, detective, corrective, administrative, and physical—and how they safeguard assets, enforce compliance, and support tools like firewalls, antivirus, IDS/IPS, backups, and policy training.
Understand security posture as the overall security status and readiness to defend, detect, and respond. See how people, processes, and technology drive policies, controls, and defenses, including firewalls, antivirus, edr.
Explore malware as malicious software that spreads via email or drive-by downloads, and review virus, worm, trojan, ransomware, spyware, rootkit, fileless, keylogger, and polymorphic variants like WannaCry.
Explore identity and access management by governing user identities and access across networks and apps, enforcing least privilege with authentication, authorization, single sign-on, multifactor authentication, and audit monitoring.
Explore how logs capture timestamps, events, severity, and source across Linux and Windows, and learn SIEM workflows and tools like Splunk, ELK, Graylog, and Wazoo.
Explore Windows security logs by simulating failed login attempts with hex user one and hex user two, then detect 4625 events in Event Viewer.
Detect PowerShell activity by enabling module, script block, and script execution logging, then use Windows Event Viewer to identify who ran commands (4104) such as get local user.
Simulate a brute force attack using Hydra on Kali Linux to test SSH credentials, then analyze /var/log/auth.log on an Ubuntu server to detect failed attempts.
Analyze Linux firewall logs to detect network probes and port scans using ufw and nmap, enable logging, and review /var/log/ufw.log for attack indicators.
Learn how a SIEM collects logs from network devices, servers, and the domain controller, parses and indexes them, normalizes and aggregates data, and enables threat detection, investigation, and incident response.
Explore Splunk fundamentals, including data indexing, forwarders, indexers, and search heads, plus security apps and the Splunk marketplace to build effective security monitoring dashboards.
Install and configure Splunk on Ubuntu 22.04, initialize the Splunk service, set a strong admin password, bind to 0.0.0.0 for remote access, and open port 8000 for web access.
Upload DNS log JSON to Splunk, set source type to JSON, and configure index and host. Use stats to identify the most queried domains and the most active user IPs.
upload a ssh log file to splunk, configure json source type and index, then analyze ssh events, including successful and failed logins, to identify the top ten failed endpoints.
Learn Splunk basics for http log analysis by uploading json logs and using pre-built queries to inspect traffic. Identify top ten endpoints, server errors, suspicious user agents, and large transfers.
Learn to investigate ssh brute force attacks using splunk basics on an ubuntu server, upload sample logs, and identify the top failing users and their source ip.
Apply incident response basics on a linux system by executing preparation, detection and analysis, containment, eradication, recovery, and post-incident activities with psim and edr tools.
Learn incident response basics by analyzing an RDP brute-force attack on a Windows server using Kali Linux and Hydra, including creating a password list and examining security event logs.
Learn incident response basics on linux by detecting a suspicious bash script, identifying the running process with ps, eradicating it, and removing the script to prevent reexecution.
Learn to detect malicious cron jobs on a linux lab and analyze a simulated incident by listing cron entries, inspecting unauthorized tasks, and reviewing logs to remove the threat.
Detect suspicious PowerShell activity by enabling module and script logging, monitor event IDs 410 and 4103 in PowerShell logs, then contain, investigate, and recover from the incident.
Detect suspicious linux network connections with netstat, examine related processes with ps, then contain by killing those processes and blocking the suspect IP with ufw; document the incident.
Explore how phishing attacks use social engineering and urgency to trick individuals and organizations into downloading attachments or clicking links, fueling ransomware campaigns.
Explore the five types of phishing attacks, including email phishing, spear phishing, whaling, smishing, and angler phishing, and learn how attackers target individuals and executives across channels.
Dissect the anatomy of a spear phishing attack, where a targeted email links to a credential-stealing site prompting sign-ups with Google, Facebook, or LinkedIn to compromise accounts.
Develop hands-on skills in basic email header analysis for beginners, verifying SPF, DKIM, and DMARC, and interpreting fields like return path, message ID, received hops, and spam status.
Analyze email headers using automated tools with the Google toolbox, copy and paste headers to analyze SPF, DKIM, and multi-domain details for security investigations.
Dive into core SOC concepts in this mock interview, covering CIA triad, AAA, firewall basics, DDoS mitigation, hashing vs encryption, OSI model, and TCP handshake.
Explore stateless vs stateful firewall concepts, TCP three-way handshake, OSI model, and IPsec VPN fundamentals, plus checkpoint, Cisco, Fortigate, and Palo Alto interview topics.
Welcome to my comprehensive course on Cybersecurity Fundamentals and SOC Essentials!
This course is designed to give you a solid foundation in cybersecurity concepts, security operations center (SOC) functions, and practical hands-on skills using industry-leading tools like Splunk. Whether you're starting your cybersecurity journey or looking to strengthen your knowledge of defensive and offensive security, this course will guide you step-by-step.
This is a Learn-by-Example course where I demonstrate key concepts and processes, so you can see exactly how they work and try them yourself. Along with the video lessons, you will get access to free detailed documentation to follow along, copy commands, and practice.
In this course, we will cover:
Introduction to Cybersecurity: What it is, why it matters, types of hackers, and core security principles like the CIA Triad
Understanding SOCs: Roles, tools, processes, and an intro to incident response and digital forensics
Security Terminology: Asset, threat, vulnerability, risk management, identity & access management, malware types, attack lifecycles, and security frameworks like MITRE ATT&CK and Zero Trust
Log Analysis Basics: Learn how to analyze Windows and Linux logs with practical labs
Hands-on with Splunk SIEM: Installation, basic SPL commands, and real log analysis labs using DNS, SSH, and HTTP logs
Incident Response Fundamentals: Investigate real attack scenarios such as brute force, suspicious scripts, and network connections through guided labs
Phishing Analysis & Threat Intelligence: Understand phishing attacks, analyze phishing emails, and leverage threat intelligence data
By the end of this course, you will have a working knowledge of cybersecurity fundamentals, SOC operations, and practical log and incident investigation skills using Splunk and real-world examples.
This is a practical course with all commands and labs demonstrated so you can easily replicate and learn hands-on.
You’re now ready to take the next step in your cybersecurity career.
Thanks for joining, and I’ll see you inside!