832 · 757 · 9988
EC-Council № 07 of 14 ATC Accredited Blue Team

CSA
SOC Analyst

With new threats emerging at rapid speed, enterprises are battling hackers and organized cybercrime every day. The EC-Council Certified SOC Analyst program fills the gap — better metrics, better detection, better defence.

Enroll Now View Curriculum
3day
Bootcamp Format
6
CSA Modules
1:1
Mentor Pairing
150q
Practice Bank
№ 01 / Overview

The blue team's first credential.

We need constant monitoring to avoid being a victim. Security Operations fills the gap to provide you with better metrics to understand and improve your organization's security posture. CSA is one of the best online cybersecurity courses trying to fulfil that need — and it's the credential that opens the Tier 1 SOC analyst job market.

The program covers SOC fundamentals, cyberthreat intelligence, log management, SIEM deployment, advanced incident detection and the incident response activities Tier 1 and Tier 2 analysts perform every shift. You'll spend half the cohort with hands on a SIEM, writing detection rules, triaging alerts and escalating incidents the way working SOCs do.

Who this is for: Entry-level analysts moving from helpdesk to SOC, IT administrators pivoting into security, military and federal personnel pursuing 8570/8140 IAT compliance, and career-changers who want a defensive role with high market demand.

№ 02 / Outcomes

What you'll walk away with.

  • 01Sit for the EC-Council CSA exam with confidence6 modules of accredited training mapped to the current CSA exam blueprint.
  • 02Triage alerts like a working Tier 1 analystSeverity, fidelity, IOC enrichment, escalation paths — drilled on real SIEM consoles.
  • 03Operate a SIEM end-to-endData ingestion, parsing, correlation rules, dashboards, alert tuning. Hands-on Splunk and ELK labs.
  • 04Apply MITRE ATT&CK to detectionMap adversary techniques to detections, prioritise coverage gaps, write hunting hypotheses.
  • 05Consume and produce threat intelligenceSTIX/TAXII feeds, ISAC sharing, IOC lifecycle, and pivoting from indicators to behaviour.
  • 06Run an incident response shiftDetection through containment, eradication and recovery. Communicate cleanly under pressure.
Network operations centre with monitor walls
Chapter 03 — In the lab
№ 03 / Curriculum

Six modules. One SOC shift.

Curriculum aligned to EC-Council's CSA Exam Blueprint. Each module pairs theory with a guided SIEM lab and a mentor-led tabletop incident.

SOC types (in-house, hybrid, MSSP), tiers and roles, key performance indicators, the workflow from log ingestion through analyst escalation. The shape of the job before you start the job.
The current threat landscape, threat actor categories (nation-state, organised crime, hacktivist, insider), attack lifecycle, the Cyber Kill Chain, and the MITRE ATT&CK framework.
Windows Event Logs, syslog, application logs, firewall logs, IDS alerts. Parsing, normalisation, retention, and the typical log sources every SOC ingests.
SIEM architecture, deployment models, correlation rules, dashboards and use cases. Hands-on labs in Splunk and the ELK stack — write rules, build dashboards, tune false positives.
Tactical, operational and strategic intel. STIX/TAXII, IOC pivoting, sharing communities (ISACs), and integrating intel feeds with your SIEM for context-aware detection.
NIST and SANS incident response lifecycles, playbooks, containment strategies, communication, lessons learned. Includes a full mock CSA exam and a tabletop incident exercise.
№ 04 / Faculty

Practitioners who teach.

Working SOC engineers who triage alerts between cohorts.

Lead Instructor · CSA · GCIA · CISSP
Senior SOC Lead

Fifteen-plus years running and building security operations centers for energy, healthcare and federal clients. Splunk and ELK certified architect.

Mentor · CSA · GCIH
Lead Mentor, Defensive Practice

Mentors students through the SIEM labs and tabletop incident exercises. Focuses on the soft skills — clean handoffs, calm communication, accurate documentation.

№ 05 — From a graduate
"Mac Jason Academy is a great place. The instructor was very knowledgeable and good at communication. The classes were conducted in a professional way."
AR
Azra Rashid
IT & Security Graduate
№ 06 / Questions

The questions we hear most.

Networking fundamentals and Linux/Windows fundamentals. You should be comfortable with TCP/IP, the OSI model, and basic command-line work on both Windows and Linux. If you're rusty, we provide pre-work to get you ready before week one.
Exam voucher options are available — the standard tuition does not include the voucher by default. Speak to admissions about bundled packages and the EC-Council iLearn options we can arrange as an ATC.
Yes. The labs use Splunk Enterprise (free trial), the open-source ELK stack, and AlienVault OSSIM. You'll write correlation rules, build dashboards and tune detection logic in each. The concepts transfer to QRadar, Sentinel and Chronicle.
Sit in on the next cohort free of charge. We'd rather you pass than walk away. CSA rewards practice on real SIEM consoles — most retakes succeed once students spend more time in the lab environment.
Two evening sessions per week (Tuesday and Thursday, 6:30–9:00pm CT), plus a Saturday lab workshop. Three-day bootcamp formats run quarterly for accelerated learners.
Yes — we partner with Mia-Share / Meritize for tuition financing with monthly payment plans. See Financial Aid for full details.
№ 07 — Enroll

Cohort opens in weeks, not months.

Hold your seat with a deposit. Speak to admissions if you'd prefer a quick fit-check first — no high-pressure pitch, just a candid conversation about whether the SOC analyst path is right for you.

Hold My Seat Call Admissions