Implementing Cisco Cybersecurity Operations (SECOPS) v1.0

Cisco E-Learning for SECOPS v1.0 allows learners to understand how a Security Operations Center (SOC) functions and the introductory-level skills and knowledge needed in this environment. Students in this course obtain the core skills needed to grasp the associate-level materials in the 210-255 SECOPS exam, which when combined with passing the 210-250 SECFND exam, leads to the Cisco CCNA Cyber Ops certification.


This course focuses on the introductory-level skills needed for a SOC Analyst at the associate level. Specifically, understanding basic threat analysis, event correlation, identifying malicious activity, and how to use a playbook for incident response.


This Cisco self-paced course is designed to be as effective as classroom training. Course content is presented in easily-consumable segments via both instructor video and text. Interactivity is enabled through Discovery labs, content review questions, and graded Challenge labs and tests. This makes the learning experience hands-on, increasing course effectiveness, and provides students direct feedback on how well they have mastered the material. And gamification features are built in, including earning badges and a leaderboard, to encourage better performance.

Who needs to attend

Who needs to attend?

Security Operations Center — Security Analyst
Computer Network Defense — Analyst
Computer Network Defense — Infrastructure Support Personnel
Future Incident Responders and Security Operations Center (SOC) personnel
Students beginning a career entering the cybersecurity field
IT personnel looking to learn more about the area of cybersecurity operations
Cisco Channel Partners

what you will learn

What you will learn

Upon completion of this course, you will have the skills and knowledge to:

Define an SOC and the various job roles in an SOC
Understand SOC infrastructure tools and systems
Learn basic incident analysis for a threat-centric SOC
Explore resources available to assist with an investigation
Explain basic event correlation and normalization
Describe common attack vectors
Learn how to identify malicious activity
Understand the concept of a playbook
Describe and explain an incident respond handbook
Define types of SOC metrics
Understand SOC Workflow Management system and automation



It is recommended, but not required, that students have the following knowledge and skills:

Skills and knowledge equivalent to those learned in Interconnecting Cisco Networking Devices, Part 1 (ICND1)
Skills and knowledge equivalent to those learned in Understanding Cisco Cybersecurity Fundamentals (SECFND)
Working knowledge of the Windows operating system
Working knowledge of Cisco IOS networking and concepts

Course outline

Course Outline

Follow on
There are no follow-ons for this course.

Certification programs
There are no certifications associated with this course.