The Art of Threat Hunting

Hands-On Cybersecurity Operations Fundamentals

This course is a comprehensive two-day training for anyone interested in the field of Security Operations or CyberOps. It is meant to give you the core knowledge you need to further your career in security. Topics covered include security concepts, security monitoring, host-based analysis, network intrusion analysis, and security policies and procedures. This training is for security and network professionals who want to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. It also gives you a perspective on what you might expect working in a Cyber Operations role in a Security Operations Center.
This course includes deep dives into key topic areas as well as hands-on labs that students can utilize to test out some of the Cyber Operations techniques discussed in the course. This is an interactive course where we spend time whiteboarding and discussing the concepts covered in the schedule as well as demos of controls and tools used in the industry today.

Course Schedule

The timeframes are only estimates and may vary according to how the class is progressing.

Fundamental Security Operations Concepts (1 hour)
Common security and networking terms and topics
Vulnerability management concepts
Attack methodologies and defense techniques
Break (10 mins)

Visibility and Monitoring Fundamentals (50 mins)
Network visibility
Network monitoring
Demo: Network visibility and monitoring tools in SOC environment
Break (10 mins)

Secure your process (50 mins)
Security operations process implementation
Walkthrough: Process documentation resources

Cyber Operations methodologies (1 hour)
Security Operations Center (SOC) methodologies and metrics
Demo: Security Operations Center tools

Finding the blind spots (1.5 hours)

Network intrusion analysis concepts
Demo: Threat hunting tools

Protecting the endpoint (1.5 hours)
Endpoint security controls
Demo: Endpoint security tools
Break (10 mins)

Hands on Lab intro (50 mins)
Introduction to Cyber Defense lab
Demo: Lab environment overview


How do I get access to the lab environment?

The Lab environment for this course is hosted on Cisco Dcloud. You will be assigned a lab pod when the class starts.  From there you will receive an email with a link to the lab environment.  You can also login directly at 

Where can I find the lab guide?

The lab guide can be downloaded from the resources section in the lab environment once you login?

How long will I have access to the lab environment?

The lab pods are scheduled and assigned for one week. However, this can be extended at your request.

Who should I reach out to for help with the labs?

Please send an email to rontay at

Keep in touch with Ron

Keep in touch with Ron