Rod Soto - SOC 101 - SOC 1 Analyst Bootcamp DCTLV2025
Name of Training: SOC 101 - SOC 1 Analyst Bootcamp
Trainer(s): Rod Soto
Dates: August 11-12, 2025
Time: 8:00 am to 5:00 pm PT
Venue: Las Vegas Convention Center
Cost: $1,700
Course Description:
This course introduces students to Security Operations Center (SOC) skills and tools, providing a comprehensive foundation in the essential skills required for SOC analysts. Through extensive hands-on exercises and labs that mirror real-life SOC tasks and technologies, students will gain a practical, skill-based understanding of modern security operations.
Key areas of focus will include text handling, packet dissection, and analysis, adversarial simulation, and detection engineering, equipping students with the expertise needed for various SOC tasks. The course emphasizes practical, foundational skills to ensure students are prepared to excel at core SOC tasks, this course will also introduce students to AI tools that improve SOC efficiency, accuracy, and response time in a rapidly evolving security landscape.
Course Outline:
Day 1
-
Introduction to SOC
- A brief overview of the importance of SOC in cybersecurity
-
Understanding Risk and Threats
- Defining risk, threats, and vulnerabilities in a SOC context
-
SOC Frameworks and Models
- Overview of common SOC frameworks and models (e.g., NIST Cybersecurity Framework)
-
Security Controls and Countermeasures
- Types of security controls and countermeasures used in a SOC environment
-
Implementing and Auditing Access Controls
- File & Folder, User & Processes permissions
-
Triaging events and escalating incidents (Events vs Incidents)
- Steps in triaging Incidents, Classification and Escalation
-
Logs and logging basics
- Types of logs, text manipulation, log storage and locations for Linux/Windows.
-
Log auditing and management
- Logging collection frameworks and configuration
-
Network Security Basics
- TCP IP OSI Model and relevant attacks
- Packet Capture fundamentals
- Packet Capture Tools
- Intrusion detection
- DNS basics and related attacks
-
Network Analysis and threat detection
- Zeek, Arkime, Suricata
-
Industry Nomenclature
- Mitre CVE, ATT&CK, CWE
- OWASP Top 10
- LM Killchain
- Industry Compliance Framework
- Vulnerabilities, Risks & Threats
- CVSS, TLP
- Web Attacks and WAF Logs
Day 2
- Log centralization and normalization (Sysmon, Syslog, WEC)
- Security Centric Logs (Sysmon, AD Audit Policies)
- Linux Logs (syslog, rsyslog)
-
CIS Benchmarks. Log Management
- CIS Log benchmarks in Linux Systems
- CIS Log benchmarks in Windows Systems
- SIEM and SOC Operation (Threat Detection, Threat Hunting)
- Introduction to Elastic stack (install, operation and threat detection hands on)
- Introduction to Splunk (Install, operation and threat detection hands on)
- Introduction to EDR
- Wazuh install, operation and threat detection
- Introduction to OS query
- Adversarial Simulation (AS Frameworks & Purple Teaming)
- Detection Engineering
- Cryptography & the SOC
- SOC Periphery Teams
- SOC & AI (Models, Agents, LLMs hands on)
- CTF
Difficulty Level:
Beginner
Suggested Prerequisites:
Understanding of basic networking concepts and basic Linux comprehension.
This training is geared towards Information Technology, Computer System, or Computer Network Professionals seeking to enter the Information Security Industry while enriching those who seek to develop the skills and knowledge necessary to work at a Security Operations Center.
What Students Should Bring:
A laptop with at least 16GB of RAM and the ability to run Virtual Machines (GPUs recommended).
Please do not bring Apple M chip based laptops as they cannot virtualize x86, x64 instances.
Trainer(s) Bio:
Rod Soto has over 15 years of experience in information technology and security. He has worked in Security Operations Centers as a support engineer, soc engineer, security emergency response, and incident response. He is currently working as a detection engineer and researcher at Splunk Threat Research Team and has previously worked at Prolexic/AKAMAI, Splunk UBA, JASK (SOC Automation).
Rod Soto was the winner of the 2012 BlackHat Las Vegas CTF competition and Red Alert ICS CTF at DEFCON 2022 contest. He has spoken at ISSA, ISC2, OWASP, DEFCON, RSA Conference,Hackmiami, DerbyCon, Splunk .CONF, Black Hat,BSides, Underground Economy and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision, BBC, Forbes, VICE, Fox News and CNN.
Registration Terms and Conditions:
Trainings are refundable before July 8, 2025, minus a non-refundable processing fee of $250.
Trainings are non-refundable after July 8, 2025.
Training tickets may be transferred. Please email us at training@defcon.org for specifics.
If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).
Failure to attend the training without prior written notification, will be considered a no-show. No refund will be given.
By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.
Several breaks will be included throughout the day. Please note that food is not included.
All courses come with a certificate of completion, contingent upon attendance at all course sessions.
Training Justification Request – DEF CON Training
To: [Manager Name]
From: [Employee Name]
Date: [Date]
Subject: Business Justification for Attendance at DEF CON Training
Dear [manager’s name],
I am requesting approval to attend DEF CON Training, one of the cybersecurity industry's most recognized technical training programs. I’ve reviewed the options and selected a course to expand my skills with [1-2 key skills focus areas for the course].
DEF CON has been one of the world’s leading cybersecurity communities for more than three decades, known for convening industry, government, and independent experts to exchange advanced knowledge and practical skills. Building on this tradition, DEF CON Training delivers intensive courses taught by recognized global instructors. DEF CON Training courses offer hands-on instruction in a challenging, fast-paced environment. Many of the courses offered by DEF CON Training align with the National Institute of Standards and Technology (NIST) NICE Framework and Department of Defense Cyber Workforce Framework (DCWF), and attending this course will help me build and sharpen the skills required for my role.
Training: [Name of DEF CON Training Course]
Instructor/Provider: [Trainer Name(s)]
Dates: [Training Dates]
Location: Las Vegas, NV
Cost: [Course Fee]
Travel Expenses: [estimated travel & accommodations costs]
Course Description: [Copy short description of the selected class from the website here]
Trainer Bio: [Copy bio of the trainers of the selected class from the website here]
Once I’ve completed the course, I’ll be able to:
[copy student outcomes from course page where available or choose 3-4 skills or topic areas from the outline that are applicable to your current role, will help you fill a skill gap, etc.]
Business Need
As cyber threats continue to evolve, it is critical that our organization maintains current knowledge of emerging techniques and industry best practices. The selected DEF CON training aligns directly with my responsibilities in [your role/field here - for example, security operations, incident response, threat detection and hunting, application security, cloud security, risk management, security engineering].
The course will provide practical, hands-on experience that can be immediately applied to our environment and security initiatives. DEF CON training emphasizes real-world attack and defense scenarios, enabling participants to develop skills that extend beyond traditional classroom learning.
Request for Approval
I respectfully request approval and funding to attend DEF CON Training this August in Las Vegas. The knowledge, hands-on experience, and industry insights gained will directly support our cybersecurity objectives and contribute to strengthening our organization's security capabilities.
Thank you for your consideration. Please let me know if you have questions or need additional information to support this request.
Sincerely,
[Employee name]