BTL1 Logo

Certified Security Operations Manager

Built by experienced security leaders across military, finance, and managed security, CSOM has been designed to provide established or aspiring security managers with the knowledge they need to develop a high-performing security operations team.

Covers the following 4 domains:

  • Understanding Modern Security Operations
  • Building a Security Operations Centre
  • Capability and Function Development
  • Metrics, Maturity, and Measuring Success

COURSE OVERVIEW

COURSE PREREQUISITES

Because of the nature of this certification, we only permit certain students to become fully certified, however anyone can take the training course. Only candidates with 2 years of security operations or related experience will be permitted to take the exams.

WHO IS THE COURSE FOR?

CSOM is aimed at security professionals with 2+ years experience in security operations or a similar discipline. Roles that we believe would benefit from this course include:

  • Security Analysts
  • Senior Security Analysts
  • Security Managers
  • SOC Managers
  • Heads of Security Operations
  • Directors of Security Operations
  • Consultants

WHY CHOOSE CSOM?

CSOM is designed to forge technical managers that already have experience and exposure to security operations. CSOM will develop you in both management principles and technical skills. Below are some examples of the skills and experience you will gain.

  • Perform threat modelling to identify threats to the organization.
  • Understand security operations functions, the services they can provide, and the value they bring to the organization.
  • Learn how to build a SOC, including the people, technology, and processes.
  • Learn how to conduct maturity assessments for SOC, IR, Hunting, and CTI teams.
  • Understand the power of metrics for reporting and how they can help identify issues.
  • And much more!

Tools Covered

4CERT, ATT&CK Navigator, Autopsy, Canarytokens, Confluence, CTI-MAS, Deploy-Deception, DeTTECT, HMM, MISP, MITRE ATT&CK, MITRE D3FEND, MITRE Engage, OpenVAS, RE&CT, RE&CT Navigator, SOC-CMM, Sigconverter, Sigma, TheHive5, Uncoder, Velociraptor, Wazuh

COURSE CONTENT

Below is a list of the CSOM in-browser labs available as part of the training course:

  • Deploying Sigma Rules
  • Threat Intelligence in Practice
  • Digital Forensics in Practice
  • Vulnerability Management in Practice
  • Threat Hunting in Practice
  • Deploying Honey Users For Deception
  • Case Management Dashboarding
  • Practical Exam Practice

CERTIFICATION PROCESS

OUR HYBRID EXAM APPROACH

Students will undertake two exam elements, one practical and one theoretical. The marks from both elements are used to determine the final grade, which must be 70/100 or higher to pass and become certified.

If a student’s combined grade does not meet the 70% passing criteria, they are able to retake one, or both exam elements for free.

PRACTICAL EXAM ELEMENT

Students will take part in a short hands-on incident response engagement, using threat intelligence context and existing scenario details to perform analysis and capture key information about the attacker’s actions.

THEORY EXAM ELEMENT

Students will complete a business case study, conducting research, performing threat modelling, and completing other tasks to populate a short report template.

EXAM FEEDBACK

We believe feedback is crucial to developing your skills, rather than just passing the certification. We provide feedback to all students regardless of whether they pass or fail each exam element, so you can understand your weak areas, and become a stronger security professional.

CERTIFIED REWARDS

Once a student passes both exam elements and becomes CSOM certified, they will receive several rewards for their hard work:

  • Become a Certified Security Operations Manager for 4 years
  • Digital PDF certificate
  • Credly digital badge
  • Printed certificate
  • CSOM silver challenge coin (gold if score 90%+ combined on first attempt)
  • Laptop Sticker