Here is my feedback on the EC-Council Certified SOC Analyst program.
Since I read the write-up of the dean Eric Bullier from WOCSA and because of my professional objectives I decided to look and tackle the EC-COUNCIL Certified SOC Analyst Certification. In this write-up I will focus my feedback on two aspects : the course content & the exam
- The Course content
The CSA is definetly a good starting point for everyone who is looking for a L1/L2 SOC Analyst position (but not limited to those ones).
The course contains 6 modules + additional ressources (important !!) talking from Security Operation Management to Incident Response process, the importance in SIEM solutions in SOC and how cyber threat intelligence can enhance detection. You will also get familiar with security events IDs, log management, cyber threat, IoC, cyber kill chain phases, SOC lifecycle, APT intrusion phases and so on…!
The course is itself well designed as always and the ilabs give you practical hands-on.
- The Exam
The exam is 3 hours long with 100 questions and you need to strike at least 70% to succeed. My piece of advice is to take your time to properly read all available resources (additional resources included).
Some questions are tricky and others are questionable. The range of questions goes from the mastering of windows security event ID, to understanding SPLUNK strings filters, firewall rules, and to be able to read and interpret IIS Logs etc… In general the success notifies a good understanding of the SOC environment, the tools and different processes.
In hope this write-up enlighted you on the CSA Certification, I wish good luck to those who are preparing the exam.
I cannot finish this write-up without thanking Claire KEMP for her support, advice and professionalism.
Cadnel Zomahoun - IT-Gnosis Official and Accredited Trainer