Certified Security Strategist and Incident Handler (CSSIH)

Master
Security Operations
& Incident Handling

Master the CSSIH curriculum: a comprehensive dive into SOC operations, SIEM tools, and threat detection, culminating in a 12-hour hands-on capstone project.

Start Your Journey View Labs

28 Hours

Live Training

12 Hours

Capstone Project

8 Modules

Comprehensive Topics

Job Ready

SOC Career Focused

SOC Mastery

Master Security Operations Center (SOC) workflows, components, and alert triage processes.

SIEM Proficiency

Gain hands-on experience with industry-leading SIEM and log management tools like Splunk, Wazuh, and the ELK Stack.

Threat Detection

Learn to investigate incidents, detect threats in real-time, and respond effectively to cyber attacks.

Deep Analysis

Understand the OSI Model, common network layer attacks, and execute advanced queries using Osquery.

The Advantage

Why Choose This Program?

Comprehensive Toolset

Learn Splunk, Wazuh, ELK Stack, Log360, Osquery, and Paper Trail in a single unified program.

Real-World Labs

Engage in practical SSH Log Analysis, Web Log Analysis, and Cloudflare WAF Analysis.

Incident Response

Understand the Cyber Kill Chain and how to detect anomalies using real-time monitoring strategies.

Architecture Focus

Deploy agents, configure pipelines (Logstash), and build interactive visualization dashboards (Kibana).

The Syllabus

CSSIH Course Outline

Click modules to expand details

01 Introduction to SOC
+

Learn the fundamentals of Security Operations Centers, including workflows, monitoring, and incident response.

  • SOC Overview and Operations
  • Monitoring security events and detecting threats
  • Components of SOC (People, Process, Technology)
  • Alert Triage (True/False Positives & Negatives)
  • SOC VS NOC comparisons
02 OSI Layers & Attacks
+

Understand the OSI model, common protocols, and layer-specific cyber attacks, alongside the Cyber Kill Chain.

  • Introduction to OSI Model and Layers Overview
  • Common Attacks used in OSI Layers (SQLi, Syn Flood, Spoofing)
  • Common Protocols used in OSI Layers
  • Cyber Kill Chain phases (Reconnaissance to Actions on Objectives)
03 Splunk
+

Master Splunk installation, components, and real-time monitoring using Search Processing Language (SPL).

  • Splunk Components (Universal Forwarder, Indexer, Search Head)
  • Real Time Monitoring and Basic SPL Commands
  • SSH Log Analysis Lab
  • Web Log Analysis Lab
  • Cloudflare WAF Analysis Lab
04 Wazuh
+

Explore Wazuh history, components, and deployment types for effective host-based intrusion detection.

  • Wazuh Components (Agent, Manager, Indexer, Dashboard)
  • Wazuh Deployment Types and Installation
  • Wazuh Agent Deployment
  • Real Time Monitoring
  • File Integrity Monitoring
05 Paper Trail
+

Learn about Papertrail overview and real-time cloud log management capabilities.

  • What is Papertrail and Key Features
  • Live Log Streaming
  • Filtering and Searching Logs
  • Real-Time Alert Configuration
06 Osquery
+

Understand the concept of treating your operating system as a database using SQL-based system querying.

  • Osquery Overview and Concepts
  • Osquery Query Breakdown (SELECT, FROM, WHERE)
  • Basic Osquery Commands
  • Osquery Installation and Use Cases (Threat Hunting, FIM)
07 ELK STACK
+

Get hands-on with Elasticsearch, Logstash, and Kibana to ingest, parse, and visualize large volumes of data.

  • ELK Stack Workflow
  • Concepts Of ElasticSearch (Cluster, Node, Index)
  • Logstash Pipeline Creation (Input, Filter, Output)
  • Kibana Features (Interactive Dashboards)
  • Log Ingestion in ELK Stack
08 Log360
+

Learn Log360 installation, agent deployment, and establishing alert mechanisms.

  • Log360 Overview and Key Features
  • Log360 Installation
  • Log360 Agent Deployment
  • Log360 Alerts Generation

Hands-on Labs & Cyber Range

  • SIEM Deployments: Configure and install Splunk, Wazuh, and the ELK Stack.
  • Log Analysis: Hands-on analysis of SSH logs, Web server logs, and Cloudflare WAF events.
  • Threat Hunting: Utilize Osquery and SPL commands to identify active threats and system anomalies.
  • 12-Hour Capstone Project: Gain deep hands-on exposure by applying your knowledge to a comprehensive, real-world incident response scenario.
> initializing_soc_dashboard...
> connecting to Splunk Indexer...
> running SPL: index=linux_secure sourcetype=linux_secure "Failed password" | stats count by src_ip
> ...
> VULNERABILITY DETECTED: Brute Force Attempt
> triggering alert... INCIDENT LOGGED
> forwarding events to ELK stack... OK

Career Pathways

Mapped to Security Operations Job Roles

SOC L1/L2 Analyst Incident Responder SIEM Engineer Threat Hunter Security Strategist Information Security Analyst