Professional Security Operations Engineer (PSOE)
Build real cloud skills with guided labs on AWS and Google Cloud. Practice in live environments with instant access to real cloud resources. No cloud account required.
2 labs available
This lab involves setting up a comprehensive security operations environment within a fictitious enterprise, Technogiants Inc. You will focus on leveraging Google Security Operations (Chronicle) to monitor and respond to incidents. Participants will configure Universal Data Model (UDM) parsers to ingest telemetry from multiple sources, enhance detection capabilities using custom YARA-L rules, and integrate with Google Threat Intelligence (GTI) feeds. By completing this lab, you will gain practical skills in orchestrating a security operations center (SOC) on GCP, implementing automated workflows for incident response, and utilizing Looker Studio for creating insightful dashboards for security visualization. Furthermore, you will automate the security incident response processes using Google Security Operations SOAR. The lab will guide you through creating playbooks and setting up case management for efficient threat containment and resolution. Participants will also learn to analyze telemetry using metric-based alerts and validate configurations through comprehensive simulations to understand potential security gaps and optimizations. This lab is an essential exercise for preparing for real-world scenarios and the Professional Security Operations Engineer exam, where competence in security orchestration and automation is critical. It is engineered to provide insights into the complexities of enterprise-grade security operations setups with a focus on integration, automation, and optimization strategies.
In this lab, you will integrate Google Chronicle SIEM with Security Orchestration, Automation, and Response (SOAR) to automate incident response workflows. This lab will guide you through setting up telemetry ingestion, configuring playbooks for automated responses, and integrating third-party security tools for a cohesive security architecture. The lab demonstrates how to automate detection and response processes to enhance security operations, reduce response times, and increase the effectiveness of your security posture.
2 labs available
In this hands-on lab, you will learn how to design and implement a secure log ingestion pipeline using Google Cloud's Security Operations services. You will configure ingestion pipelines in Google SecOps and Security Command Center (SCC) to handle various security log sources. The lab will cover optimal data collection strategies to enhance performance and manage costs effectively. Additionally, you will modify existing parsers to normalize data and implement entity baseline settings to maintain robust security operations.
In this hands-on lab, you will build a comprehensive log ingestion pipeline utilizing Google Security Operations (Chronicle) and Security Command Center (SCC). You'll learn to configure parsers, normalize data, and enrich logs with threat intelligence. These log streams will be critical for enterprise security postures, helping detect anomalies and responding to threats in real-time. By the end of this lab, you will have a deep understanding of log management, particularly focused on scalability and cost-effectiveness, essential for enterprise-grade environments. You will also practice establishing baselines and identifying anomalies among user and asset context in GCP environments.
1 lab available
In this advanced lab, you'll explore how to leverage Google Cloud Threat Intelligence (GTI) feeds to enhance threat detection and response within a fictitious company, CloudProtect Inc....
1 lab available
This lab focuses on developing sophisticated detection and response mechanisms using Google Security Operations. You'll leverage Google Chronicle SIEM for threat detection and Google Security Operations SOAR for automating response actions. By the end of the lab, you'll have a comprehensive understanding of how to architect and implement detection solutions that benefit from threat intelligence feeds and fine-tune them to minimize false positives in enterprise environments.
1 lab available
In this advanced lab, you will simulate a security incident in a fictional company and perform containment, investigation, and response. You will leverage Google Cloud Security Operations tools such as Security Command Center (SCC), Chronicle SIEM, and SOAR to manage the incident lifecycle. The goal is to reflect real-world scenarios where you need to respond to threats swiftly and efficiently while ensuring compliance and minimal disruption to business operations.
2 labs available
In this lab, you will build a comprehensive security operations solution for a fictitious company that relies heavily on cloud services for daily operations. You will explore the development of dashboards and reports, and configure health monitoring and alerting mechanisms. This lab focuses on creating observable security postures and detecting health anomalies by leveraging Google's Security Operations services.
In this lab, you will explore the creation of detailed dashboards to visualize and monitor security operations using Google Cloud's Security Operations suite. You will learn to integrate several services including Google Security Operations (Chronicle) and Looker Studio to deliver operational insights. As a Security Operations Engineer at a leading tech firm, your task involves designing dashboards that not only provide real-time visibility but also help anticipate security incidents. By crafting these dashboards, you will enhance the organization’s ability to respond swiftly to potential threats, improving resiliency and operational readiness.
