Soc Specialist Path
Specialists in Cyber Defense:
Trained by experts

 

Access a practical path to becoming an internationally recognized SOC Specialist.

Obtain Official Certification and
Increase Your Market Value

Image

The Certified Professional SOC Specialist (CPSS)* adheres to international standards and is recognised worldwide.

Fata Informatica is a Personnel Certification Body accredited under international ISO 17024:2012 standard.

Image
02250
  • University
    professors
  • 24/7 access to the course
  • Tests and assessment exercises 
  • Downloadable material
  • Final examination and certification
Image
Our courses have been integrated by E-Campus University!
 
Our courses have been assimilated into the prestigious Computer Engineering degree programme at e-Campus University. Not only will you access cutting-edge content delivered by distinguished lecturers, but you can also earn up to 30 academic credits !
Image

SOC Specialist Path

Our Soc Specialist Path is designed to offer a tailored learning experience with a modular and flexible approach, designed to adapt to your needs and pace. Thanks to the structure of our courses, you can start with the Basic Course to build a solid foundation, and continue with the Advanced Course to acquire advanced skills in the field of cybersecurity and obtain the most prestigious certifications.

CPSS certification is issued only if the requirements of the standard are met and after passing an official exam.

If the requirements are not met, it will be possible to take the exam to obtain CTSS certification (non-accredited certification).

Image

Why participate in our cybersecurity courses?

From Zero to Expert quickly and easily


Start with the basic course to learn the fundamentals of security operations management and progress to the advanced course, where you will acquire in-depth threat hunting techniques and advanced monitoring skills, including on mobile devices.

Realistic Simulation Laboratories


You will have access to sophisticated simulation labs designed to replicate complex cybersecurity scenarios. This controlled environment is ideal for experimenting and honing your skills without the risks of the real world.

Acquiring the Secrets of Incident Monitoring and Response

You will learn the correct methods for monitoring networks and responding to security incidents, a critical skill for preventing and mitigating threats. This skill is essential for maintaining the integrity and security of your IT infrastructure.

You will receive constant support from the teacher


Our instructor Andrea Tassotti will guide you through the platform and answer all your questions.

Unlimited Access to Content and Resources


Study without time constraints with content accessible online 24/7, allowing you to organize your studies around your other commitments. You will have all the material you need to prepare for the final exam, ensuring flexible training at your own pace.

You will obtain prestigious certifications

This path will lead you to obtain the Certified Associate SOC Specialist and Certified Professional SOC Specialist (*) certifications, which are internationally recognized and will increase your career opportunities.

(*) To obtain this certification, you must meet the prerequisites, which can be found on the website certificazioni.fatainformatica.it.

Teaching approach

The course integrates theory and practice, offering hands-on experience with cybersecurity tools and real-world case studies. Students learn how to detect, analyse and mitigate cyber threats, fully understanding their scope and potential impact on organisations.

The Teachers

Image
Andrea Tassotti is an Ethical Hacker and System Engineer with over 30 years of experience. He works for leading clients such as the Presidency of the Council of Ministers, the Ministry of Foreign Affairs and agencies belonging to the Ministry of Defence on projects of national strategic interest.
Image
Antonio Capobianco, CEO of Fata Informatica, parent company of the CybersecurityUP brand and leader for over 30 years in the field of IT security.
He has an extensive background in academia, spanning Italy’s most elite institutions and currently lectures in Ethical Hacking and Malware Analysis at e-Campus University.
He is the author of the podcast ‘Cybersecurity & Cybercrime’.

The Company

Image
We were founded in 1994 with the aim of providing IT security services to Italian companies and public administrations.
We are the only Italian company to have been included by Gartner in its ‘Marketing Guide for IT monitoring tools’ thanks to our Sentinet3 product, developed in 2004 and now recognised as the leader in the Italian market.
We have created a business unit specialising in cybersecurity services, called CybersecurityUP, with the aim of providing vertical cybersecurity services to our customers, primarily the defence sector and companies of national strategic interest.

Course details

BASIC course

Course objectives


The Security Operation Center (SOC) is the hub of corporate IT operations, with the goal of ensuring infrastructure security through the definition of internal security and incident response actions against current or potential attacks. This course aims to develop specific technical skills to operate independently in a SOC. SOC specialists are in high demand on the market, with a significant shortage of available skills. The course covers TCP/IP networks, firewall configuration, IDS/IPS, SIEM, Packet Analyzer, and includes lessons on the basics of IT security such as Kill Chain, Malware, typical attacks, Social Engineering, etc.


Course Programme
1. Introduction to Cybersecurity
Programme Details
  1. Cyber Security
    1. What is a Cyber Attack
    2. Incident Response process
    3. CIA Triad
    4. Types of Hacker
    5. Cyber Theft Ring
    6. How much our personal dat is worth on the Dark Web
    7. Main actors
    8. Main attacks
    9. Techniques used
    10. Preferred vectors
  1. The Kill Chain
    1. Phases
    2. Targeting
    3. Reconnaissance
    4. Weaponization
    5. Delivery
    6. Exploitation
    7. Installation
    8. Command & Control
    9. Example of an attack: Action
    10. Attack on the target
2. Networks
Programme Details
    1. TCP/IP protocols
      1. Packets
        1. ISO/OSI models
        2. TCP/IP models
        3. Levels
        4. Encapsulation
      2. Headers
        1. TCP
        2. IP
        3. Ethernet
      3. Internet Protocol 
        1. Addresses
        2. Classful Network
        3. Netmasks
        4. IPv6
      4. IP routing
        1. Routing tables
        2. Autonomous system
        3. Routing protocols
          1. IGP protocols
          2. EGP protocols
        4. Distance Vector
        5. RIP
        6. Link State
        7. Path vector
      5. Data Link level
        1. MAC Addresses
        2. MAC Table
        3. Switches
        4. ARP protocol
      6. TCP and UDP
        1. Ports
        2. Headers
        3. Netstat commands
        4. Three way handshake
      7. DNS
        1. Structure
        2. Resolution
      8. DHCP protocol
        1. Phase
        2. DHCP discover
        3. DHCP offer
        4. DHCP request
        5. DHCP hack
        6. renewal
      9. Other protocols
        1. SNMP
        2. ICMP
        3. FTP
        4. SMTP
        5. IMAP
        6. POP3
    2. WEB Applications
      1. HTTP protocol
      2. HTTP request
      3. HTTP response
      4. HTTPs
      5. Cookies
      6. HTTP sessions

  1. The systems to protect the network
    1. Proxy
    2. Firewalls
    3. Honeypots
    4. VPNs
    5. IDS/IPS systems
    6. DLP systems
3. Attacks and Vulnerabilities
Programme Details
  1. Web Application Vulnerabilities
    1. What is OWASP
    2. How a web application is composed
    3. The OWASP Top Ten
      1. Injection
      2. Broken Authentication
      3. Sensitive Data Exposure
      4. XML External Entities (XXE)
      5. Broken Access Control
      6. Security Misconfiguration
      7. Cross-Site Scripting (XSS)
      8. Insecure Deserialization
      9. Using Components with Known Vulnerabilities
      10. Insufficient Logging and Monitoring
  2. The Attacks
    1. What is a Zero-day
      1. DoS, DDoS and DRDoS
        1. Smurf
        2. Xmas Scan Attack
      2. Man-in-the-Middle
      3. Man-in-the-Browser
      4. Buffer Overflow
      5. Privilege Escalation
      6. ARP Poisoning
      7. DNS Poisoning
      8. Domain Hijacking
      9. Clickjacking
      10. Session Hijacking
      11. Spoofing
        1. MAC
        2. Email
        3. Phone
      12. Downgrade Attack
      13. Wi-Fi Attacks
        1. Wi-Fi Protocols
        2. Replay Attack
        3. Rogue AP
        4. Evil Twin
        5. WPS Attacks
      14. Bluetooth Attacks
        1. Bluejacking
        2. Bluesnarfing
        3. Bluebugging
      15. Cryptographic Attacks
      16. Hash Functions
      17. Pass the Hash
      18. Password Attacks
        1. Rainbow Tables
        2. Salt
        3. Dictionary Attacks
        4. Hybrid Attacks
        5. Online Attacks
        6. Brute Force
        7. Birthday Attack
  3. Social Engineering
      1. What is social engineering
      2. Scenarios
      3. Phishing
      4. Spear Phishing
      5. Lateral Phishing
      6. BEC Scams
      7. Smishing
      8. Vishing
      9. Tailgating
      10. Impersonation
      11. Dumpster Diving
      12. Shoulder Surfing
      13. Watering Hole
      14. Basic principles of social engineering
      15. An attack example
      16. The Social Engineering Attack Framework
4. Malware
  1. The PE Format
  2. DLLs
  3. Kernel Mode vs User Mode
  4. Protection Rings
  5. APIs
  6. Switching from User Mode to Kernel Mode
  7. How infection occurs
  8. Signatures
  9. Obfuscation & Mutation
  10. Polymorphic Malware
  11. Metamorphic Malware
  12. Mutation Engines
  13. Persistence
    1. System Registry
    2. DLL Hijacking
    3. DLL Load Order Hijacking
    4. Trojanized System Binaries
  14. Types of Malware
    1. Viruses
    2. Backdoors
    3. Adware
    4. Spyware
    5. Keyloggers
    6. Trojans
    7. RATs
    8. Cryptojacking
  15. Rootkits
    1. User mode
    2. Kernel mode
    3. IAT Hooking
    4. Bootkits
  16. Hybrid Malware
    1. Conficker
  17. Ransomware
    1. Stages of a Ransomware Attack
    2. WannaCry
    3. How to react
  18. Macro Viruses
  19. Scareware
  20. Fileless Malware
  21. Exploit Kits
    1. Angler
    2. Zeus Builder
  22. Crime as a Service
    1. Grand Crab
4. The SOC Specialist
Programme Details
  1. The SOC Specialist
  1. The Role and Responsibilities
  2. Preparation and Experience
5. IncidentResponse process
Programme Details
  1. Preparation
  2. Detection & Analysis
  3. Containment
  4. Eradication
  5. Recovery
  6. Post-Incident Activities
6. Network Diagnostics
Programme Details
  1. Tools for different ISO/OSI layers
    1. ARP scanning
    2. ICMP scanning
    3. Traceroute/tracepath
    4. Port probing
    5. Netcat
    6. Nslookup/dig
    7. Curl/wget
  2. Automatic detection of network objects and services
    1. Nmap
    2. Sweeping
7. The Packet Inspection
Programme Details
  1. Introduction
  2. Use case
  3. Tcpdump
  4. Tshark
  5. Introduction to Wireshark
    1. Filters utilization
8. The firewall opensource
Programme Details
  1. Linux Netfilter/Iptables
    1. Architecture
    2. Defense Model
    3. Rules
    4. Administration
    5. Old School
    6. firewalld
    7. ufw and other interfaces
  2. BSD pf
    1. Architecture
    2. Defense Model
    3. Rules
    4. Administration
9. Commercial firewalls and endpoint-protection 
Dettagli Programma
  1. Check Point Firewall
    1. Architettura
    2. Modello di difesa
    3. WebUI e Clish
    4. Smart console
    5. Gestione politiche di sicurezza
10. Gli IDS/IPS
Programme Details
  1. Snort
    1. Introduction
    2. Getting Started
    3. The Detection Engine and Rules
    4. Snort in pfSense
    5. Rule Management
    6. Alert and Log Management
    7. Tcpdump in pfSense
11. SIEMs
Programme Details
  1. IBM QRadar
    1. Introduction
    2. Architecture
    3. Event and Flow Collection
    4. Alert Management
    5. Rule Construction
    6. Use Case
Final certification
Image

ADVANCED Course

Course objectives


The course trains personnel specialized in hunting cyber threats on a local network, identifying their presence and actions, thus enabling SOC specialists to evolve in their profession. This allows for more effective defense against current threats and prevention of future ones, thanks to an understanding of their behavior. The course develops skills in packet analysis techniques, tools, and procedures for hunting threats on TCP/IP networks. Investigation techniques will be introduced at different levels of the ISO/OSI stack to counter threats in all forms. The course culminates with an analysis of the network behavior of current real threats (malware). 

Course Programme
Module 1:  Threat research
Programme Details
  1. Introduction
  2. What is Threat Hunting
  3. Type of Strategy
  4. Tools
  5. Objectives
  6. Threat Hunting within the Incident Response process
  7. Threat Hunting and the Risk Management process
  8. The Phases of the Hunt
  9. Threat Intelligence and Forensic Analysis
  10. The Boundaries of the Hunt
  11. Intelligence Information: IoC
Module 2:  Models and methods
Programme Details
  1. Reference Models
  2. Pyramid of Pain
  3. The Kill Chain and Countermeasures
  4. The Diamond Model
  5. How to Explore the Hunting Ground
  6. From Hypothesis to Report: The Hunting Process
  7. The Structure of a Report
Module 3: Network hunting
Programme Details
  1. From Intelligence to Infrastructure
  2. The Role of the Hunter
  3. The Origin of the Hunt: Anomalous Traffic
  4. Packet Inspection
    1. Live or Recorded
    2. Defense Strategies and Plans
    3. Defense Tools
    4. Investigation Points
    5. Ways to Intercept Network Traffic: Insertion Points
  5. Tools for Packet Inspection
  6. Libpcap and Derived Tools
    1. Tcpdump
    2. TShark
  7. An Agile Tool: Wireshark
    1. Using Filters
    2. User and Host Identification
    3. Exporting Pcap Streams
Module 4: Threat Hunting across the ISO/OSI Stack
Programme Details
  1. Detection of Attacks at the Physical Layer
    1. Anatomy of the ARP Protocol
    2. Exploitation of the ARP Protocol
    3. ARP Pinging
    4. ARP and Vendors
    5. Security Criteria and New Approaches
    6. Normal and Anomalous Traffic
  2. Detection of Attacks at the IP Layer
    1. Anatomy of the ICMP Protocol
    2. Exploitation of the ICMP Protocol
    3. Ping Sweep
    4. Malicious ICMP: Data Exfiltration
    5. Normal and Anomalous Traffic
  3. Detection of Attacks at the Transport Layer: TCP
    1. The TCP Protocol and the 3-Way Handshake
    2. Wireshark and TCP Counters
    3. Normal and Anomalous Traffic
  4. Specific Activities at the Transport Layer: Scanning
    1. Analyzing the activity of one of the most widespread scanning tools: Nmap
      1. Host Discovery
      2. Port Sweep
    2. Different Scanning Modes
      1. TCP SYN Scan / Stealth
      2. TCP Connect Scan
      3. FIN Scan
      4. NULL Scan
      5. XMAS Scan
    3. Detection of Attacks at the Transport Layer: UDP
      1. The UDP Protocol
      2. Normal and Anomalous Traffic
      3. Analyzing UDP Scanning Activity
    4. Detection of Attacks at the Application Layer
      1. The DHCP Protocol
        1. Anatomy of the DHCP Protocol
        2. Wireshark Specifics
        3. Normal and Anomalous Traffic
      2. The DNS Protocol
        1. Anatomy of the DNS Protocol
        2. Exploitation of the DNS Protocol
        3. Normal and Anomalous Traffic
      3. The HTTP Protocol
        1. Anatomy of the HTTP Protocol
        2. Normal and Anomalous Traffic
        3. Wireshark Tools Dedicated to the HTTP Protocol
        4. The Secure HTTPS Protocol
        5. Analyzing HTTPS
        6. Decrypting HTTPS
Module 5: Analysis of supsicious flows
Programme Details
  1. Attack Detection via Flow Analysis
  2. Unknown Traffic
  3. Examination of Flows Linked to Known Malware
    1. Examining an Ursnif Infection
    2. Examining a Qakbot Infection
Final certification

BASIC course certifications
+
Image

*CPSS certification is issued only if the requirements of the standard are met and after passing an official exam.

Would you like to learn more about our courses and find out if there are any current promotions?

Fill in the form and one of our experts will get back to you as soon as possible.

Cyber Security UP

CybersecurityUP is a BU of Fata Informatica.
Since 1994, we have been providing IT security services to large civil and military organizations.
  • Ethical Hacking
  • Red Teaming
  • Penetration Testing
  • Security Code Review
  • SOC 24x7
  • Specialized Training
Image
Image
Image
Via Tiburtina 912,
CAP 00156,
ROMA

Monday-Friday
09:00 - 13:00
14:00 - 18:00

+39 06 4080 0490
amministrazione@fatainformatica.com

Contact us

Do you need our cybersecurity services?

Privacy policy

We invite you to read our
privacy policy for the protection of your personal data.
Disclaimer
Some of the photos on Cybersecurityup.it may have been taken from the Internet and therefore considered to be in the public domain. If the subjects or authors have any objections to their publication, they can report this by email to the editorial staff, who will promptly remove the images used.
© 2026 Fata Informatica. All rights reserved.