Course Title : Building and Effective Security Operations Center Framework
Course Duration : 2 Day Online Instructor Led Workshop
Online workshop is delivered in two days, two units each day between 9:30 am to 1 pm and 2:30 pm to 5:30 pm
Course Fee : Available upon request (Write to us at
Course Location  : TLC Office, Customer Onsite, and Online 

: Online workshop are delivered in two days, two units each day between 10:30 am to 1 pm and 3 pm to 5:30 pm
Course Code :TN222
Deliverables : Comprehensive Student Guide and Workshop Certificate

This couse can also be conducted for customers at their premieses in Karachi, Lahore, and Islamabad
Security teams are hard at work on the front lines: identifying, analyzing and mitigating threats facing their organization. But despite their best efforts, incident backlogs continue to grow. The reality is that there simply aren’t enough skilled professionals to analyze the volume of incidents that most organizations face.

Security Operation is the continuous operational practice for maintaining and managing a secure IT environment through the Implementation and execution of certain services and process its main purpose is to detect, prevent, prioritize and respond to security incidents. This course is specially designed with all necessary information that can help security professionals for building an effective Security Operations Center and associated tools for building a SOC framework. 

Nevertheless, SOC is now an essential part of protection plan and data protection system that reduces the level of exposure of information systems to both external and internal risks.

The advantages of a SOC: Without SOC services, cyber-criminal attacks can remain hidden for a long time as companies do not have skills to detect and respond to threats in a timely manner. We can always quote the example of Yahoo who has seen their accounts hacked for many years without knowing it.

Thus, a SOC will allow companies to have a better visibility on their environment, have skills, processes and continuous improvement. With more and more regular attacks, many organizations are refocusing their security efforts on prevention and detection.

The training course flow will be a mix of lectures & classroom discussions so that participants can have a detailed understanding of various components of cybersecurity technologies.

Training will be delivered by an experienced TOGAF 9 Certified trainer, practicing TOGAF EAF for over 12 plus years, with 25+ years of career experience imparting education and training services both locally and internationally and have served international enterprise technology vendors including IBM, Fujitsu, and ICL.

Our instructor holds various industry professional certifications in the space of enterprise servers and storage technologies, Information Security, Enterprise Architecture, Blockchain, ITIL, Cloud, Virtualization, Green IT, and a co-author of 10 IBM Redbooks and have designed and developed 70 plus courses based on storage, information security, cybersecurity, enterprise architecture, Blockchain, Open Banking Framework and digital technologies stacks.  

The training course flow will be a mix of lectures, videos demonstrations, and classroom discussions so that participants can have a detailed understanding of various security technologies and how to perform an appropriate planning following best practices sizing guidelines for building up a Next Generation Security Operations Framework. 

This workshop is intended for resources who/from:

  • CIO, CTO, CISO, CITO, Business Leaders, VP/IT Director and IT and IS Managers, Application/Database teams, Audit, Risk and Compliance, Information Security and Cybersecurity Professionals, IT Operations, Project Managers, Enterprise Architects, Network Operation Teams, and Legal professionals with a familiarity of basic IT/IS concepts who want to;
  • Want to learn new trends in security and data breach incidents and how SOC can help in protecting your mission critical business data.
  • Interested in entering the field of Information Security and Cybersecurity.
  • Students and fresh graduates.
  • Managers, Senior IT Managers, Business and HR Leaders who want to refresh thier present knowledge.
  • CSOC Managers and their SOC teams.
  • Network Operations Center teams.
Workshop Summary
At the end of this course, you will be able to:
  • Understand how to develop a strategy for the collection of the most important logs and network data.
  • Understand how to develop SOC playbooks and use cases.
  • Use threat intelligence to focus your budget and detection efforts.
  • Implement threat hunting and active defense strategies.
  • Develop efficient alert triage and investigation workflow.
  • Create effective incident response processes.
  • Implement metrics, KPIs and goals to improve the SOC.
  • Conduct effective team member hiring, training, and retention, and prevent burnout.
  • Understand the fundamentals for developing an effective SOC framework.
Participants attending this workshop should be familiar with basic Information Technology (IT) and Security concepts, business challenges and the role of general system wide infrastructure technologies and their applications. 

Unit 1 – Security Operations Center Fundamentals 
  • Things that you cannot ignore – Your Devices. 
  • Assess and mitigate vulnerabilities in your end-devices.
  • Threats and security challenges faced today and their solution.
  • Assess and mitigate vulnerabilities in mobile systems.
  • Tactics used by the Attackers to compromise your security.
  • Why you need to make cybersecurity a priority? 
  • How cognition works – A behavior-based security.
  • Security Operations Center Defined.
  • How to make you SOC responsive?
  • Understand Cyber Incident Recovery Tool and its importance.
  • Main components of SOC and SOC Team Structure.
  • Challenges every Security Operations Center faces.
  • What Top-Performing SOC Teams have in Common.
  • Understanding SOC Playbook and the need for developing it.
  • Five key Steps for developing a SOC Cybersecurity Playbook.
  • SOC Automation Playbook – User Containment Sample Workflow.
  • Network Operations Center Vs. Security Operations Center.
  • Unit 1 Assessment.
Unit 2 – SOC Design Criteria and Workflow 
  • Organizations must consider questions related to SOC Assessment.
  • Encountering types of supported Data Sources.
  • Prerequisites to establishing a SOC Design.
  • Why SOC Projects Fails? Reasons SOC Projects Fail and Succeed.
  • Common mistakes that should be avoided in SOC designing phase.
  • Log Management/Analytics – A critical aspect of SOC. 
  • Capacity planning and capacity planning guidelines.
  • Selecting the right tools for your Security Operations Center.
  • Knowing key challenges of your SOC Design phase.
  • Recommendations for selecting SOC tools.
  • Strategic Planning Assumption – The right and wrong approach.
  • Reasons SOC Tooling Projects Fail and Succeed.
  • SOC Design Criteria and Flow.
  • Build SOC Approach.
  • Security Operations Centers: One size does not fit all.
  • Unit 2 Assessment. 


Unit 3 – SOC Maturity Assessment and Design Framework
  • Key SOC Metrics and KPIs: How to define your KPIs and use them.
  • A complete list of tasks carried out in Security Operations Center?
  • The three Big Challenges for managing the SOC.
  • Align the tool selection process.
  • Security Target Operating Reference Model.
  • Technologies needed to achieve a Maturing SOC.
  • Endpoint Detection & Response and Network Traffic Analysis.
  • Understand critical components of SIEM Solution and SIEM Process.
  • How to select a right SIEM tools for your business.
  • Problem solved by SIEM Solution and SIEM sizing guidelines.
  • Security Orchestration, Automation and Response – SOAR.
  • Understanding the difference between SOAR and SIEM. 
  • Understanding the important capabilities of a SOAR based solution.
  • Egress Monitoring & solution based on Network Access Control.
  • Understand NAC and how NAC secures your network.
  • Exploiting Next-Generation Firewall.
  • Measuring Capability & Maturity levels in SOCs.
  • SOC Capability Maturity Assessment Model.
  • A Modern SOC Maturity Level and Capabilities – An Example.
  • What exactly is required by SOC Framework?
  • SOC Framework Architecture.
  • Building a Security Operations Center involves multiple domains.
  • Multiple layers of protection – High Level Summary.
  • An Effective SOC – Resource Availability & Non Availability Matrix.
  • Generic Security Operations Center Framework.
  • Unit 3 Assessment.
Unit 4 – Incident Response
  • Understanding Incident Response.
  • The Role of Computer Security Incident Response Team – CSIRT.
  • The importance of Incident Response Plan.
  • Seven key phases of an Incident Response Plan.
  • Computer Forensics (Cyber Forensics).
  • Cyber Incident Management Framework.
  • Incident Management and Categorization.
  • The role of Service Desk in Incident Management.
  • Challenges associated with Incident Categorization.
  • Incident categories, subcategories, and categorizing incidents.
  • Incident Response Planning and Severity of Incident.
  • Timeline from Security incident to Business Continuity.
  • Critical Incident Recovery Plan and Cyber Attack Quick Response.
  • Preparing for a Security Breach. 
  • Important consideration from Data Recovery point of view.
  • Zero-day and your Security Strategy.
  • Mitigating the effects of a Zero-day attack – Recommendations.
  • Unit 4 Assessment. 



Following are the customers who have attended this workshop.




Group Photographs of students attended our "Building and Effective SOC Framework" Workshops


Bank AL-Habib Ltd, Bank of Punjab and MCB Bank Ltd has attended a two day online
workshop on "Building an Effective Security Operations Center Framework
on April 12 - 13, 2021.

Habib Bank Limited, Telenor Microfinance Bank Ltd, and ZIL Limited has attended 
a two day online workshop on "Building an Effective Security Operations Center Framework
on February 15 - 16, 2023.


Securities and Exchange Commission of Pakistan and NRSP Microfinance Bank Limited 
has attended a two day online workshop on "Building an Effective Security Operations
Center Framework
" on February 22 - 23, 2023.


List of IBM AIX Operating System 
Standard Courses

AIX 7 Basics

Power Systems for AIX II - AIX Systems Administration

Power Systems for AIX III - Advanced Administration and Problem Determination

Introduction to AIX Korn Shell Scripting - AIX 7,1, AIX 6.1, AIX 5.3 and Linux

AIX 7 Jumpstart for UNIX Professionals

Security for Power Systems AIX

IBM POWER Virtualization Technologies

AIX Disk Storage Management and Recovery Procedures

AIX Performance Monitoring and Management

Introduction to IT Infrastructure Technologies

Understanding the Role of Storage Technologies and Big Data

Linux Basics for Users


List of IBM AIX Operating System 
Short-Term Courses

AIX System Configuration Devices & AIX System Storage Overview

AIX Disk Storage Management & Recovery Procedures

AIX Performance Monitoring & Management

Understanding & Managing AIX ODM (Object Data Manager)

Security for Power Systems AIX

AIX Software Installation Maintenance & Backup & Restotore

Working with Logical Volume Manager & File System Administration

AIX Error Monitoring & System Dump Facility & AIX Scheduling

AIX Security & User Administration