Hello Defender!

Some big updates this week on looking back at SOC100 and how it’s going. You’ll want to read this one if you’re a SOC100 student or interested in CDA thereafter!

Let’s dive in!

Table of Contents

• 1. Brand

  • SOC200?

  • CDA Winter 2025 - Limited Spots

  • SOC100 & CDA Update

    • SOC100

    • CDA Requirements

    • CDA Scholarships

    • A SOC100 Practical? CDCA?

    • Website

  • SOC100-2 Cert & SOC100-3 VSOC (This Sat!)

• 2. Content

  • Elevating Alert Classification: A Sneak Peak into …

  • Home Labs: The Good, The Bad, The Ugly! Recording!

  • SOC100 Class 28 Recording

• 3. Community

• 4. Tools

• 5. Takeaway This Week

1. Brand

SOC200?

The reveal is coming this Friday where we talk about the first course coming after CDA! For those looking for the next step diving deeper into DFIR. This is it. We’re really looking forward to it!

CDA Winter 2025 - Limited Spots

As expected, interest, calls and deposits are picking up 1 month before the start date of March 10th.

If you want to secure your seat for the 14 week immersive Instructor-led version of CDA, make sure to submit your application as soon as you can on the CDA Live page here: https://www.leveleffect.com/cyber-defense-analyst

SOC100 & CDA Update

SOC100

The SOC100 course series was created as an upgraded lighter trio of “Fundamentals” courses that were the original pre-reqs to CDA.

SOC100 has grown and become much more effective than we anticipated in student knowledge retention, goals, and engagement overall.

Students are actually starting to get over-qualified for starting CDA than anticipated by halfway through SOC100-2 😅 (A good problem I suppose!?)

Original structure:

• One single practical exam as SOC100-4

• SOC100-1 through -4 required to start CDA

• “Outcome” focused - wait until a student completed SOC100-1 through -4 entirely before evaluating effectiveness

Then we observed some things:

• Some students getting jobs with just SOC100-1 training

• Students performing Tier 1 triage in SOC100-2 before they even got the experience in the VSOC of SOC100-3

• Very knowledgeable students in the community that frankly are actually ready for CDA as it is right now

To help this make more sense… we used to have CDA students only take about half of what SOC100-1 is, and about 2 modules from SOC100-2. We felt it was a good pre-req amount, but wanted a bit more to it and also solve the industry problems of bootcamps taking advantage of students teaching LESS than what is in our pre-reqs!

That means… students right now after SOC100-1 and a bit into SOC100-2 are actually more qualified to start CDA than any of our students have ever been in the almost 5 years of teaching CDA live. Many graduated just fine, went on to work, and have been in the field now for years. YOU are way more ready for CDA than they were.

We never had students starting work or performing Tier 1 triage in the pre-reqs before. Now, of course that isn’t to say Level Effect is the sole source of this, no, there’s no “silver bullet” as we’ve always said but the outcomes are happening way faster than before. However we’re still seeing outstanding results of SOC100 well ahead of expectations.

We also observed some problems:

• Each individual SOC100 course is too big to compile and test fairly as a single exam

• No checkpoints per course to give yourself feedback by an exam to see how you’re doing

• Hard to stay motivated when you’re just going through months of content without exams or milestone certifications

Needless to say we’re quite pleased and need to adjust delivery and expectations.

This is to make sure your training path is not unnecessarily holding you back, and is also rewarding your time and effort with feedback faster (and earlier).

So.

The new exam structure is:

• SOC100-1 through -5 will all have their own certification exam that tests on practical knowledge.

  • SOC100-1 = Multiple choice questions based on each module in it

  • SOC100-2 = Multiple choice questions based on each module in it

  • SOC100-3 = Awarded after completing the VSOC which is basically a series of DFIR tickets (you will have to enter input-based answers based on triaging the tickets themselves - no ability to guess the answer!)

  • SOC100-4 = Heavy technical scenario questions (not just multiple choice), there won’t be VMs for this but this exam will feel quite hard and worth its weight

  • SOC100-5 = Multiple choice questions based on each module in it

CDA Requirements

This also means we need to update the requirements for CDA to not bottleneck anyone going at their studies.

Hard requirements:

• Complete all of SOC100-1 and pass the exam

• Complete all of SOC100-2 content

Optional:

• Complete SOC100-2 exam

• Complete SOC100-3 VSOC and obtain the certification at the end

• Complete SOC100-4 exam

For the students that want to be thorough or spend time being over-prepared, you may go through all of SOC100 if you’d like before starting CDA or go through it after.

Keep in mind that SOC100-3 and -4 don’t contain “new” things to learn. They’re just experience based content for you to apply yourself more.

SOC100-5 is all different content of where you can go after CDA and is a set of fundamental modules per advanced domain.

CDA Scholarships

A student just needs to complete SOC100-1 and exam to be eligible for scholarships, but MUST still complete the SOC100-2 content before starting CDA (the “hard requirement”).

CDA Winter 2025 Scholarship has been updated to Feb 24th 9AM EST! We’ll then draw the winner that day and reach out!

A SOC100 Practical? CDCA?

We’re still debating this. We are considering making a “CDCA” or “Cyber Defense Certified Associate” or something to that end… basically an exam certification that is a CDCP “light”. More to come on this if there’s interest.

Website

We will be updating the website accordingly and are confident in this adjustment!

SOC100-2 Cert & SOC100-3 VSOC (This Sat!)

On that note - look out for SOC100-2 unlocking next Monday!

We were going to have it ready for this week but made a decision to postpone it to Monday as we wanted to improve the SOC100-3 VSOC a bit more!

We will have some upgraded VSOC features for your experience now that we’re excited for you to see this weekend! It will also allow us to scale it a bit and add some more features to it later that we think you’ll really like from a feedback perspective.

2. Content

Elevating Alert Classification: A Sneak Peak into SOC200

LinkedIn event link: https://www.linkedin.com/events/elevatingalertclassification-as7294764582458245121/

In this session, we’ll get to know our new Instructor on the team, Jonathan Johnson and see what he's been cooking up! He'll introduce SOC200, a new course designed to help SOC analysts improve their ability to classify alerts accurately and efficiently. In this session we will talk about alert classification from a high level.

Alert classification is one of the most challenging and essential tasks in a Security Operations Center—it determines whether an alert is ignored, escalated, or investigated further. We’ll explore the common difficulties analysts face, such as false positives, ambiguous signals, and alert fatigue, and discuss strategies for making better classification decisions.

Get a sneak peek at how SOC200 will equip you with practical techniques to streamline your workflow and reduce noise while catching real threats.

Home Labs: The Good, The Bad, The Ugly! Recording!

SOC100 Class 28 Recording

We’re finally into Cyber Threat Intelligence!

3. Community

A bunch more students knocking out their SOC100-1 certification! good job everyone!

Bearded also took a moment to walk through what he is now doing ON the job and a shoutout to SOC100-2 training. This was a great read to see something modern and relevant and how he’s able to apply what he’s learning!

4. Tools

Some home lab tools including Ludus which was heavily talked about in the Home Lab stream, and here’s another great tool for all you Mac users trying to build out home labs!

5. Takeaway This Week

See you next week!