• Basics of SOC and security solutions like EDR, XDR, SIEM, SOAR
• MITRE Att&ck Framework, Pyramid of Pain
• Use case of APT 41/ Winnti- mapping it to MITRE and Pyramid of Pain

I completed this course a while back. This course is very well designed to give you the crux of the MITRE ATT&CK framework. MITRE is a globally accessible knowledge base of adversary tactics, techniques, and procedures (TTPs):

• Tactics – Tell us WHY an adversary is attacking, i.e., intent and objective.
• Techniques – Deal with HOW an attack works, i.e., methods used in the attack.
• Procedures – Tell about a set of actions performed using a technique to execute an attack.

For example, Reconnaissance (Tactic) → Active Scanning (Technique) → Vulnerability Scanning (Sub-technique).

Christopher Nett shares a lot of practical insight, which makes this course ideal for anyone looking to learn MITRE for real-world defense. It covers both the theoretical and practical aspects through use cases of Winnti/APT 41 (Advanced Persistent Threat). Further, it delves into other frameworks like the Cyber Attack Kill Chain and the Diamond Model of Intrusion. This course is suitable for beginners and experienced professionals who wish to brush up on their fundamentals.

NOTE: A lot of CTI terms trace their origin to military jargon—for example, the Cyber Attack Kill Chain was coined by Lockheed Martin.

• How to set up a lab using VMware Workstation Pro
• Advanced threat hunting scenarios using tools like Splunk as SIEM and BloodHound to map Active Directory
• Essential tools & network analysis using tools like Wireshark, tShark, RITA
• Advanced detection with Suricata/Zeek

As a senior security professional, I have come across incidents where there was a breach without any alerts getting triggered. It’s a nightmare for any security professional, but this can be prevented by focusing on detection over prevention.

This gives rise to a new breed of security analysts, a.k.a “Threat Hunters,” who operate with the mindset that our defense is already breached. That gives us the Golden Rule of Cybersecurity: “Assume breach.”

What I like about the instructor, Vonnie Hudson, is that he doesn’t follow a textbook approach; rather, he hits you with the ground realities of security operations. As modern SOCs require proactive threat hunting, it moves beyond traditional security monitoring. The course focuses on tools like Splunk, which is widely used in the industry.

This course directly addresses the skills hiring managers look for in SOC analysts. It’s ideal for someone looking to transition from a Tier 1 to a Tier 2 SOC analyst role. But if you’re new to cybersecurity, you might feel overwhelmed, so cover foundational courses first.

• CTI fundamentals and 8 phases of threat intelligence
• Profiling and feature extraction to classify threat actors in specific groups
• Clustering and correlation based on behavior/features to understand attack flow
• Tracking and neutralizing threat actors/groups for proactive defense

I remember when I started working on CTI, the mistake that I made—and many others make—is focusing solely on IOCs, i.e., malicious domains, URLs, hash values, etc., not knowing attackers can easily abandon them, making them practically useless beyond a certain time. This course dismantles that false notion within the first few modules.

What attackers can’t abandon easily are their motives and behavior, tactics, and techniques. As systems are logical but people are psychological, this lays the groundwork to track and neutralize threat actors. This course gives a high-level overview of the phases of threat intelligence, which will help build a solid foundation, but experienced professionals might find it surface-level. It offers a bird’s-eye view into CTI, so learners can decide based on their goals.

• Fundamentals of CTI and how to turn raw data into intelligence
• OSINT (Open Source Intelligence), HUMINT, SIGINT, IMINT/MASINT
• How to streamline and automate CTI
• Difference between data vs. information vs. intelligence
• How to write reports for executives vs. operatives, and their formats

This course is offered by IBM and covers the full intelligence lifecycle: planning & direction → collection → data sources → processing → analysis & production → dissemination. The course comprises six modules, assessments, and a shareable certificate backed by IBM.

The course is loaded with concepts, so expect to do some heavy lifting. It’s suitable for beginners and managers alike, so you can avoid imposter syndrome in strategic meetings. Furthermore, it covers topics like reporting, which is crucial as CXOs need to act on those.

Even though it offers great depth in the CTI lifecycle, the course misses out on tools like SIEM, EDR, and XDR.

• Advanced Persistent Threat (APT) fundamentals
• Modern malware techniques: encrypted communication channels, kernel-level rootkits, and sophisticated evasion capabilities
• Cyber Attack Kill Chain and APT lifecycle
• Case studies involving APT1 and Stuxnet

During my academics, I worked on case studies on APTs. I was surprised to find that a lot of APTs are state-sponsored, with hundreds or thousands of hackers working day and night to launch attacks on other states.

This course covers APTs and their real-world use cases. APTs use advanced and sophisticated techniques like zero-day attacks and custom malware like WannaCry to breach security controls. They are persistent—once inside, they maintain a long-term hold, sometimes even 5 to 10 years for long-term intelligence gathering. The course further delves into APTs like APT1, which is attributed to Unit 61398 of China’s People’s Liberation Army (PLA), a state-sponsored group involved in cyber espionage. It targets primarily critical US infrastructure like aerospace, energy, telecommunications, and finance.

Although this course misses out on vulnerabilities and countermeasures, it’s well-suited for aspiring threat intelligence analysts, as APTs pose a significant risk to enterprise security.

• Cyberattacks like malware, ransomware, phishing, and smishing, plus practical ways to defend against them
• Risks associated with business email compromise, botnets, and DDoS attacks
• Zero-day exploits and AI-driven attacks and mitigation
• Threats like deepfakes and insider threats, with tips to recognize and counter them effectively
• Challenges of IoT devices, shadow IT, and supply chains, and how organizations can secure them

In my experience, a lot of organizations treat cybersecurity as a one-time solution. This doesn’t account for emerging threats—as threat actors evolve, so should security measures. The last few years have completely transformed the way we interact with technology: IoT, generative AI, smart devices, etc. This has made life easier but also complicated cybersecurity, as each endpoint is a potential loose end.

What I like about this course is that Marc Menninger not only highlights modern security challenges but also provides practical countermeasures to address them. He brings to the table discussion about the challenges organizations face while securing their critical infrastructure.