Cloud IR Foundations for SOC Analysts (IRC220)
Description
CISA is proud to offer the webinar, Cloud IR Foundations for SOC Analysts (IRC220). We are excited to share this information with stakeholders across the federal enterprise and nationally. This 2-day course is the first of the three-part Incident Response Cloud (IRC) series. Participants gain valuable incident response skills in a fully-dedicated Microsoft Azure cloud environment in addition to practical knowledge of cloud architecture and IR in the cloud. Through a mix of theoretical understanding and practical exercises, participants learn how to incorporate IR strategies while leveraging the unique conditions of cloud environments, like Azure. The course provides 48-hours of range access for participants.
The target audience for this webinar are technical personnel (lab and SOC personnel).
- Benefits for training include:
• Expanded knowledge of Azure architecture, its nomenclature, and security functionalities in the IR context
• Live follow-along demos, practice videos, and interactive resources
• 48 hours of full admin access to a dedicated Vertex cloud environment - Topics of training are:
• Cloud versus OnPrem IR
• Azure architecture
• Microsoft EntraID
• VMs, storage accounts, virtual networks, logs - Learning objectives include:
• Explain core Azure functions and network (VMs, storage, networking, IAM)
• Create and manage Azure resources using the Azure Portal, Azure Cloud Shell and Azure PowerShell cmdlets
• Identify and mitigate common Azure threats related to resource misconfiguration and automated development processes
• Identify the basics of Azure logging sources and log types
This webinar begins with an introduction to a real-world cyber threat intelligence report showcasing how threat intelligence is used to bolster an organization's defensive posture. Topics include fundamentals of CTI strategy and CTI lifecycle, setting the foundation for exploring how to develop, monitor, and improve upon organizational CTI capability for cybersecurity operations.
This training leverages CISA resources, including evaluation of a real-world CISA Advisory and CISA’s Incident Response (IR) Playbook, to ensure participants learn best practices aligned with national standards and expectations. This alignment ensures participants are prepared to contribute effectively to CTI and IR efforts at any level.
Event Logistics:
- Date: Tuesday-Wednesday, April 8-9. 2025 | Tuesday-Wednesday, April 22-23, 2025
- Time: 9:00 a.m. EDT – 5:00 p.m. EDT
- Location: Online via WebEx
- CPE Credit: Participants can earn 16 CPE credits for attending this course.
- Note: Audio is through WebEx; there is no external dial-in. Closed captioning (English only) will be available during this training event. Previously recorded webinars are available on the CISA YouTube channel for playback in other languages, if required.
If you require a reasonable accommodation to fully participate in this virtual event, please contact cyberinsights@cisa.dhs.gov at least five business days prior to the training with the type of support you need.