Security operations center in practice


Learn how AI and threat-hunting practices align in the fight against cyber criminals. Technologies and techniques to get acquainted with the roles and scenarios needed to establish the foundations for a (SOC) – Security Operations Center, within an organization.

IBM SkillsBuild for Academia
Self-paced course

Security operations

Help set the foundations for implementing a security operations center.

Looking for a job?

Gain insights on the latest security tools used by companies around the world; build a unique skill set that can position you in the market as a Security Intelligence Analyst and SIEM power user.

Looking for a better job?

Utilize the power of AI and threat intelligence tools to become part of a global community of experts taking on cyber attacks originating in the Dark Web.


Elevate an organization’s overall security posture by adopting practices, methods, and tools that increase enterprise cyber resilience.

Learning outcomes:

  • Get acquainted with the benefits and risks of leveraging cloud technologies as the underpinning enterprise infrastructure
  • Employ high-end security enterprise solutions such as IBM QRadar SIEM, Vulnerability manager, User behavior analytics, IBM QRadar Advisor with Watson, I2 analyst notebook, and IBM Cloud X-Force exchange to counter a variety of cybersecurity threats
  • Insight into threat modeling methods and frameworks such as MITRE, Diamond, IBM IRIS, IBM threat hunting, and security intelligence approaches to threat management
  • Understand the processes by which a Security Operations Center (SOC) organization responds to incoming cybersecurity threats, including the setup of Blue and Red teams, and the orchestration of Security Intelligence, Threat Hunting, and investigation techniques using sophisticated AI-powered technologies
  • Analyze the roles and archetypes that work in concert to address cybersecurity incidents within a Security Operations Center including – Security Operation Center managers, Triage analysts, Incident response analysts, and Threat hunters.

Course experience

About this course

This course is divided into two practice levels and one project assignment. Each practice level covers more advanced topics and builds up on top of the concepts addressed in the previous one.

Level 1 — Global threat trends

Analyze top cyber attack trends per industry and identify cyber protection techniques.

  1. 1. Threat intelligence overview
  2. 2. Global panorama of cyber threats
  3. 3. Threat intelligence activity map
  4. 4. Cyber attacks anatomy

Level 2 — Threat intelligence

Explore traditional IT security practices and attacker entry points to an organization.

  1. 1. Threat intelligence approaches
  2. 2. Hospital threats and scenario
  3. 3. Hospital phishing attack – episode I
  4. 4. X-Force Exchange world threat map

Level 3 — Threat hunting

Validate the impact of access controls, data breaches, and application vulnerability scans.

  1. 1. Security operation centers
  2. 2. Threat hunting
  3. 3. Hospital phishing attack – episode II
  4. 4. I2 phishing scenario


Skills you must have before joining this course offering.

Complete the Enterprise Security in Practice course from the Cybersecurity Practitioner series.

Alternatively, you will need prior knowledge of the following subjects before joining this course:

  • Motivations behind cyber attacks, impact on known targeted companies, and the cyber resilience framework
  • Market statistics, attack surfaces and vectors in the following industries: Energy and Utilities, Healthcare, Federal government
  • Kill chain analysis, statistics, and examples for the following cyber attack approaches – DDoS, Botnets, Injection Attacks, Shellshock, SQL Injection, Watering Hole, Brute Force, Phishing, and Ransomware
  • Firsthand experience using pen testing tools such as Terminal CLI commands, Telnet, SSH, Nmap, Wireshark, and browser-based security practices
  • Real-world use case experience on the sequence of events that occur within a company when exposed to a cyber attack from an infrastructure perspective to the roles involved in the incident – including the CEO, ISO, DBA, and Network administrators.

Digital credential


Security Operations Center in Practice

Security operations center in practice

See badge

About this badge

This badge earner has completed all the learning activities included in this online learning experience, including hands-on experience, concepts, methods, and tools related to the Security Operations Center’s domain. The individual has developed skills around techniques, technologies, roles, and scenarios needed to establish the foundations of a Security Operations Center (SOC) within an organization.


AI, AI security, Cloud security, Cybersecurity, Design Thinking, Diamond, Empathy, i2, IBM IRIS, IBM QRadar Advisor with Watson, IBM Watson, Incident Response, Industry expertise, MITRE, Personas, Problem-solving, QRadar, Scenarios, Security analyst, Security breach, Security operations center, SIEM, SOC, Stakeholder, Threat hunting, UBA, Use cases, User-centric, Vulnerability manager, X-Force exchange.


  • Must attend a training session at a higher education institution implementing the IBM Skills Academy program.
  • Must have completed the Enterprise Security in Practice course from the Cybersecurity Practitioner series.
  • Must have completed the online course Security Operations Center in Practice, including all assignments.
  • Must pass the final course assessment.