Contact us
Contact us
*Changes may apply

Cyber Analyst (SOC) Syllabus

The Google and Reichman SOC Engineering & Network Defense Program, in partnership with Palo Alto Networks, prepares students for key roles including Security Operations Center (SOC) Analyst and System and Network Administrator, with a strong emphasis on modern, AI-augmented security operations. • SOC Analysts are responsible for maintaining continuous security situational awareness across IT environments, performing threat detection, investigation, containment, and remediation, increasingly supported by AI-driven monitoring, analytics, and automation tools. • System and Network Administrators are responsible for designing, operating, and securing IT infrastructures, ensuring the functionality, reliability, performance, and security of computer systems and networks, while leveraging automation and AI-assisted operational tools. This program offers a broad and future-oriented skill set, training students for interdisciplinary roles that coexist in modern IT environments, including SOC engineering, intelligent system and network administration, and operational management, significantly expanding their professional and career opportunities.

Fundamentals (System and Network Administration verification)
  • Operating Systems administration: Windows, Linux
    • Installation, configuration, and maintenance
    • Command-line tools (e.g., PowerShell, Bash)
    • Managing processes, services, and daemons
    • Filesystem
    • Operations
  • Networking
    • Fundamentals – OSI, TCP/IP stack, IP, DNS, DHCP, NAT, VLAN, Routing, etc.
    • Devices – Switches, Routers, Firewalls
    • VPN
    • Tools – Wireshark, Nmap, etc.
  • System Administrator
    • User and group management (Active Directory, LDAP)
    • Resource management (CPU, memory, storage)
    • Automating tasks using scripting (e.g., Python, Bash, PowerShell)
    • System backup and disaster recovery planning
    • Virtualization technologies (VMware, Hyper-V)
  • Cloud Computing
    • Cloud models – IaaS, PaaS, SaaS
    • Basic usage of cloud environments (Google Cloud)
    • Managing hybrid environments
  • Basic Security
    • Network Attacks
    • Identity and Access Management
    • Securing servers and networks
    • Firewalls, intrusion detection/prevention systems (IDS/IPS)
    • Encryption protocols (TLS, SSL)
    • Vulnerability scanning and patch management
    • Deep Packet Inspection
  • AI-Augmented / assisted
    • System & Network Operations
    • Observability & Debugging
    • Network traffic analysis
    • Troubleshooting and monitoring

SOC Analyst

 

Offensive Cyber Security
  • MITRE ATTACK and Cyber Kill-chain
  • Scanning
  • Exploitations
  • Lateral movement
  • Social Engineering
  • Metasploit
Cyber Defense
  • Cyber security defense landscape
  • Endpoint security
  • Network security
  • API security
  • Sandbox
  • Fundamentals of Threat Intelligence
SIEM
  • Log analysis: Network Logs, Endpoint logs and more…
  • Alert analysis
  • Threat hunting
  • Anomaly detection
  • SOAR
  • Real Cyber-attack simulation
Incident Response (IR)
  • Incident management systems
  • Mitigation
  • Recovery
Cloud Security
  • Cloud infrastructure and technologies basics
  • Container security
  • Cloud Workload Protection Platform (CWPP)
  • Cloud Security Posture Management (CSPM)
  • Data Security Posture Management (DSPM)
  • Real Cloud Cyber-attack simulation
AI-Driven SOC Engineering & Operations (cross-course track)

Students will continuously apply GenAI, ML-based detection, and automation tools to real SOC workflows including detection engineering, investigation, threat hunting and incident response.

  • AI fundamentals
    • AI concepts: Machine Learning, Generative AI, LLM, and more
    • Common usages, capabilities and limitations of current AI tools
    • Human-in-the-loop cyber security and Gen AI approach
    • Prompt engineering
  • AI tooling stack
    • LLM platforms: Gemini, ChatGPT, Claude
    • SIEM copilots
    • SOAR copilots
    • Cloud AI assistants operations and monitoring
    • Open-source LLM SOC tools
  • SOC productivity
    • Gen AI content summarization and visualization
    • Principles for effective learning with LLM
    • Gen AI Productivity tools using Gemini {emails, documents, slides, images, other}
    • Generative AI for cyber security, operations and monitoring
    • AI-Driven Detection Engineering
    • AI for Threat Hunting
    • AI-Augmented Incident Investigation
    • Autonomous & Semi-Autonomous SOC (SOAR + AI)
    • SOC Copilot Engineering
  • AI-Native SOC Operations
    • AI-Driven Detection Engineering
    • AI for Threat Hunting
    • AI-Augmented Incident Investigation
    • Autonomous & Semi-Autonomous SOC (SOAR + AI)
    • SOC Copilot Engineering
  • AI-native Threat Intelligence
    • AI-based threat intelligence analysis
    • LLM-driven: IOC enrichment, Threat report summarization, and more
    • Using GenAI to convert unstructured threat intel into detections
  • AI-driven IR
    • Automated post-incident reporting analysis
    • AI-generated: Executive summaries, lessons learned and recovery playbooks
Final Project

The final project is a comprehensive, hands-on simulation of a modern AI-native enterprise Security Operations environment, in which students will operate across three integrated roles:

System and Network Administrator, SOC Analyst, and Incident Response (IR) Specialist.

Students will design, deploy, secure, monitor, and defend a realistic enterprise IT environment, leveraging AI-powered tools, automation platforms, and intelligent SOC workflows to detect, investigate, contain, and remediate sophisticated cyber-attacks.

The project emphasizes AI-augmented decision-making, automation, and operational efficiency, mirroring the workflows of next-generation SOC teams in industry.