IBM - Certified SOC Analyst | Exams CS0-002 & C1000-026



Only 7 Days



Classroom / Online / Hybrid

Next date

Next date:

28/6/2021 (Monday)


Achieve the IBM Certified SOC Analyst certification through this 7-day accelerated combined course. This programme includes the following courses:

  • CompTIA Cybersecurity Analyst CySA+
  • IBM's Security QRadar SIEM Administrator

Through CompTIA's CySA+, you'll learn best practices to secure and protect your business’ applications and systems by:

  • Configuring and using threat detection tools
  • Learning how to perform data analysis to identify vulnerabilities, threats and risks
  • Focusing on network behaviour – both internal and external threats

Through the IBM Security QRadar SIEM Administrator course, you’ll build knowledge on how to support IBM’s Security QRadar SIEM V7.3.3 by:

  • Implementing and managing a IBM Security QRadar SIEM V7.3.2 solution
  • Becoming familiar with the product’s functionality and security policies
  • Deploying, migrating and troubleshooting the IBM Security QRadar SIEM V7.3.2 software

At the end of your course you’ll sit exams CS0-001 and C1000-026, and get your IBM Certified SOC Analyst certification.

Authorised Partner of CompTIA

You’ll get access to official courseware and learn from certified instructors as Firebrand is an Authorised Partner of CompTIA.

Train through Firebrand’s Lecture | Lab | Review methodology and you’ll certify at twice the speed in a distraction-free environment.

Firebrand also offer the CompTIA Cybersecurity Analyst (CySA+) as an individual course and certification.


If you’re an analyst interested in building your technical knowledge and skills in CompTIA and IBM software, this course is ideal for you.

Seven reasons why you should sit your course with Firebrand Training

  1. Two options of training. Choose between residential classroom-based, or online courses
  2. You'll be certified in just 7 days. With us, you’ll be trained in record time
  3. Our course is all-inclusive. A one-off fee covers all course materials, exams, accommodation and meals. No hidden extras
  4. Pass first time or train again for free. This is our guarantee. We’re confident you’ll pass your course first time. But if not, come back within a year and only pay for accommodation, exams and incidental costs
  5. You’ll learn more. A day with a traditional training provider generally runs from 9am – 5pm, with a nice long break for lunch. With Firebrand Training you’ll get at least 12 hours/day quality learning time, with your instructor
  6. You’ll learn faster. Chances are, you’ll have a different learning style to those around you. We combine visual, auditory and tactile styles to deliver the material in a way that ensures you will learn faster and more easily
  7. You’ll be studying with the best. We’ve been named in Training Industry’s “Top 20 IT Training Companies of the Year” every year since 2010. As well as winning many more awards, we’ve trained and certified 103,262 professionals, and we’re partners with all of the big names in the business


Benefits of Training with Firebrand

  • Two options of training - Residential classroom-based, or online courses
  • A purpose-built training centre – get access to dedicated Pearson VUE Select facilities
  • Certification Guarantee – pass first time or train again free (just pay for accommodation, exams and incidental costs)
  • Everything you need to certify – you’ll sit your exam at the earliest available opportunity after the course - either immediately after your classroom course, or as soon as there are slots available, if you've taken it online
  • No hidden extras – one cost covers everything you need to certify


CompTIA CySa+ (Cybersecurity Analyst)

Section 1: Threat Management

  • Module 1: Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes
  • Module 2: Given a scenario, analyse the results of a network reconnaissance
  • Module 3: Given a network-based threat, implement or recommend the appropriate response and countermeasure
  • Module 4: Explain the purpose of practices used to secure a corporate environment

Section 2: Vulnerability Management

  • Module 1: Given a scenario, implement an information security vulnerability management process
  • Module 2: Given a scenario, analyse the output resulting from a vulnerability scan
  • Module 3: Compare and contrast common vulnerabilities found in the following targets

Section 3: Cyber Incident Response

  • Module 1: Given a scenario, distinguish threat data or behaviour to determine the impact of an incident
  • Module 2: Given a scenario, prepare a toolkit and use appropriate forensic tools during an investigation
  • Module 3: Explain the importance of communication during the incident response process
  • Module 4: Given a scenario, analyse common symptoms to select the best course of action to support incident response
  • Module 5: Summarise the incident recovery and post-incident response process

Section 4: Security Architecture and Tool Sets

  • Module 1: Explain the relationship between frameworks, common policies, controls, and procedures
  • Module 2: Given a scenario, use data to recommend remediation of security issues related to identity and access management
  • Module 3: Given a scenario, review security architecture and make recommendations to implement compensating controls
  • Module 4: Given a scenario, use application security best practices while participating in the Software Development Life Cycle (SDLC)
  • Module 5: Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies

IBM Security QRadar SIEM V7.3.3 Fundamental Administration

Section 1: Implementing

  • Module 1: Plan and design QRadar deployment
  • Module 2: Implement and install QRadar
  • Module 3: Add Managed Hosts

Section 2: Migrating and upgrading

  • Module 1: Plan QRadar upgrade and migration
  • Module 2: Review documentation and release notes
  • Module 3: Perform QRadar updates, patches and upgrades
  • Module 4: Perform migration (e.g., backup and restore, import and export content)

Section 3: Configuring and administering tasks

  • Module 1: Configure event flow sources and custom properties
  • Module 2: Maintain configuration and data backups
  • Module 3: Create and administer users, user roles, and security profiles
  • Module 4: Manage the license per allocation
  • Module 5: Create, review and modify rules, building blocks and reference sets
  • Module 6: Configure and manage retention policies (i.e., data and assets)
  • Module 7: Create and manage saved searches, index, global views, dashboards and reports
  • Module 8: Deploy and manage applications and content packages
  • Module 9: Configure global system notifications
  • Module 10: Configure and apply network hierarchy
  • Module 11: Configure and manage domain and tenants
  • Module 12: Use the asset database
  • Module 13: Schedule and run a VA scan

Section 4: Monitoring

  • Module 1: Monitor QRadar Notifications and error messages
  • Module 2: Review and interpret system monitoring dashboards
  • Module 3: Verify QRadar processes and services
  • Module 4: Monitor QRadar performance
  • Module 5: Use apps and tools for monitoring (e.g., QDI, assistant app, incident overview, DrQ)
  • Module 6: Check system maintenance and health of appliances
  • Module 7: Monitor offences and detect anomalies

Section 5: Troubleshooting

  • Module 1:  Demonstrate knowledge of key commands to interpret QRadar services and processes
  • Module 2: Explain error messages and notifications
  • Module 3: Interpret the basic logs (e.g., qradar.error, qradar.log)
  • Module 4: Use embedded troubleshooting tools and scripts

Exam Track

As part of your accelerated course, you’ll sit the following exams at the Firebrand Training centre, covered by your Certification Guarantee:

CompTIA CySa+ (Cybersecurity Analyst)

  • Exam code: CS0-002
  • Format: Multiple-choice & performance-based
  • Duration: 165 minutes
  • Passing score: 750 (on a scale of 100-900)

IBM Security QRadar SIEM V7.3.3 Fundamental Administration

  • Exam code: C1000-026
  • Duration: 90 minutes
  • Passing score: 40/60 (66.7%)
  • Domains:
    1. Implementing (8%)
    2. Migrating and upgrading (12%)
    3. Configuring and administering tasks (42%)
    4. Monitoring (25%0
    5. Troubleshooting (13%)

What's Included

Your accelerated course includes:

  • Accommodation *
  • Meals, unlimited snacks, beverages, tea and coffee *
  • On-site exams **
  • Exam vouchers **
  • Practice tests **
  • Certification Guarantee ***
  • Courseware
  • Up-to 12 hours of instructor-led training each day
  • 24-hour lab access
  • Digital courseware **
  • * For residential training only. Doesn't apply for online courses
  • ** Some exceptions apply. Please refer to the Exam Track or speak with our experts
  • *** Pass first time or train again free (just pay for accommodation, exams and incidental costs)


Before attending this accelerated course, CompTIA CySa+ and IBM Security QRadar SIEM V7.3.3 Fundamental Administration have individual prerequisites you'll need in order to get certified:

CompTIA CySa+ (Cybersecurity Analyst)

  • Network+, Security+ or equivalent knowledge
  • Minimum of 3-4 years of information security or related experience

IBM QRadar SIEM V7.3.2 Fundamental Administration

You'll need basic knowledge of:

  • RedHat
  • Networking
  • Basic Query Language
  • Regular Expressions
  • System architecture design
  • Security platform

Unsure whether you meet the prerequisites? Don’t worry. Your training consultant will discuss your background with you to understand if this course is right for you.


Here's the Firebrand Training review section. Since 2001 we've trained exactly 103,262 students and asked them all to review our Accelerated Learning. Currently, 96.67% have said Firebrand exceeded their expectations.

Read reviews from recent accelerated courses below or visit Firebrand Stories for written and video interviews from our alumni.

"A new course from Microsoft that was delivered by an experienced trainer who really knew the topic in-depth."
Paul Wilson. (3/5/2021 (Monday) to 5/5/2021 (Wednesday))

"Thank you for the course, I appreciate I was part of the 1st group of users to ever for this new SC-300 course. All materials were new, labs etc newly setup and i understand there was either limited details or unclear information, however the trainer leading the course was entirely honest and provided alot more information, demo and experience to the course. Highly recommend attending course led by trainer as not only reading text book paragraphes and slides to understand the concepts, instructor led will provide live demos and own experience in live environments."
W.C.. (3/5/2021 (Monday) to 5/5/2021 (Wednesday))

"Firebrand are well organised and their facilities, accommodation and training rooms are more than fit for purpose. The all-inclusive course represents good value and I would not hesitate to recommend to a friend or colleague, and have already done so!"
P.J., EDF Energy. (26/4/2021 (Monday) to 30/4/2021 (Friday))

"A great way to learn to enable you to entirely focus on your goal. The facilities are more than comfortable with access to everything you need, even with Covid restrictions in place. The Firebrand guys are friendly, helpful and knowledgeable and I would certainly recommend this method of training. Thanks Firebrand."
Laura Palmer. (25/4/2021 (Sunday) to 30/4/2021 (Friday))

"Excellent training facility, 24 hour access, tea coffee facilities, on site testing center, lovely hotel right next door, it's the perfect place to dedicate yourself to the training in hand. Instructions and staff were brilliant."
Mike Leighton, Betsi Cadwaladr University Health Board. (25/4/2021 (Sunday) to 30/4/2021 (Friday))

Course Dates





Book now

22/2/2021 (Monday)

28/2/2021 (Sunday)

Finished - Leave feedback



28/6/2021 (Monday)

4/7/2021 (Sunday)

Wait list



9/8/2021 (Monday)

15/8/2021 (Sunday)

Limited availability



20/9/2021 (Monday)

26/9/2021 (Sunday)




1/11/2021 (Monday)

7/11/2021 (Sunday)




13/12/2021 (Monday)

19/12/2021 (Sunday)




Latest Reviews from our students