The entry credential for the SOC career path — alert triage, log analysis, threat hunting, incident response and SIEM operations on real tooling. Built for hiring into Tier 1 and Tier 2 roles.
⏱Duration: 3 days / 24 hrs
💻Format: Instructor-Led + SOC Range
🌐Delivery: On-site · Virtual · Hybrid
✅Pass rate: 95%
📅Next intake: 19 May 2026
📡
SIEM operations
Splunk, Elastic and Microsoft Sentinel — know your way around all three
🔎
Alert triage
Read alerts in 60 seconds. Decide containment in 5 minutes. Document forever.
🕵️
Threat hunting
Hypothesis-driven hunts using MITRE ATT&CK and lateral-movement indicators
📝
Incident response
From detection to handoff. With clean documentation that holds up at audit.
What this course is
Where the SOC stops being a black box.
CSA is EC-Council's entry credential to the Security Operations Centre career path. It validates that you can triage alerts, hunt threats, respond to incidents and operate the modern SIEM stack at Tier 1 / Tier 2 level.
At Nexperts, CSA is delivered on our SOC Range — a real working SOC environment with Splunk Enterprise, Elastic, Microsoft Sentinel and a curated stream of attack-and-defence telemetry. By day 3 you've handled 30+ alerts and led an incident from detection to closure.
The job market for SOC analysts in Malaysia is hot. The bar to enter it is hands-on experience, not certificates. CSA gives you both — if it's taught right.
The 2026 CSA objectives sharpened the focus on cloud SIEM, behavioural analytics, automated triage and the analyst-to-engineer career bridge. We cover all four with hands-on labs.
Who should take this course
🌟
SOC analyst aspirants
Wanting to enter the SOC profession. CSA is the strongest hands-on entry credential.
🎓
Cybersecurity students
Final year or recent graduate. CSA gives you what coursework rarely does — hours on a real SIEM.
🔄
Helpdesk / NOC staff
Looking to pivot into security. CSA is the most accessible bridge with real hiring impact.
🔐
Security+ holders
Holding the foundation cert and looking for hands-on SOC depth before moving deeper.
📚
IT generalists
Wearing the security hat alongside other duties. CSA sharpens the SOC dimension.
💼
SOC managers
Wanting your team trained on a consistent baseline. CSA is the standard.
Prerequisites
✓ Basic understanding of networking (TCP/IP, ports, common protocols)
✓ Basic understanding of operating systems (Windows, Linux)
✓ Awareness of cybersecurity fundamentals (helpful, not required)
✓ Comfortable reading logs and using a search interface
→ No prior security experience required. CSA is built as the entry credential to the SOC profession.
Course Curriculum
Five domains. One SOC analyst toolkit.
CSA is structured into SOC Operations, Network Defence, Endpoint Defence, SIEM & Threat Hunting, and Incident Response. We deliver in shift-flow order — you take your first alert in module 1.
Hands-On SOC Range
9 SOC scenarios. Real telemetry.
The Nexperts SOC Range is a working SOC environment with Splunk, Elastic and Microsoft Sentinel, fed by curated attack-and-defence telemetry. You don't read about SOC work — you do SOC work.
01
First Shift Drill
30 minutes. 10 alerts. Triage, escalate or close. Score on accuracy and time.
Triage
02
Pcap Hunt
Receive a 2-day pcap. Identify the initial-access TTP and the affected host within 60 minutes.
Hunt
03
Splunk SPL Sprint
Build 8 detections in Splunk SPL under timer. Validate against a hold-out set.
SIEM
04
Elastic / Sentinel Cross-Build
Take the same 5 detections. Build them in Elastic and Sentinel. Compare results.
SIEM
05
Hypothesis-Driven Hunt
Run a 2-hour hunt for credential-dump activity using ATT&CK technique mapping.
Hunt
06
Phishing IR Drill
An employee clicks. Triage, contain, eradicate. Document chain of custody.
IR
07
Ransomware IR Lead
Lead a ransomware incident from detection through handoff. Run executive comms.
IR
08
Detection Tuning
Take a noisy detection averaging 50 FPs/day. Tune to under 5 FPs/day without missing TPs.
Tuning
09
Shift Handover
Run a complete shift handover with proper documentation, open cases and risk register.
Operations
+ 14 micro-tasks across SPL, KQL, lucene and Sigma rule writing.
Exam Information
One exam. Heavy on scenarios.
CSA is delivered as a 3-hour exam with 100 questions, including detailed scenarios that mirror real SOC alert decisions. Most candidates fail on time pressure across the long scenarios.
EC-Council CSA Exam
Questions100 (MCQ + scenario-heavy)
Duration3 hours
Passing score70%
FormatECC Exam Center / Pearson VUE
Validity3 years (CE renewal)
Industry avg pass rate~74% first attempt
Nexperts pass rate95% first attempt
Scenario Decomposition Drill
Drill length3-hour structured drill
FormatWhiteboard — you decompose, peers challenge
Items practised20 SOC scenarios
Common gotchasConfusing detection vs response actions
StrategyDecompose into who/what/when/how before answering
OutcomeScenario score uplift averages +18%
WalkthroughPast scenario archive provided
Our 3-Mock Programme
01
Diagnostic Mock
End of day 1. Sets the baseline. Average score: 64%.
02
Scenario-Heavy Mock
Mid-course. 50% scenario decomposition. Average score: 76%.
03
Final Clearance
Full timed simulation. 80%+ before we book. Average score: 87%.
0%
Pass Rate
95% of our CSA candidates pass on first attempt.
The EC-Council global first-attempt rate for CSA sits around 74%. We hit 95% by spending 60% of class time on the SOC Range, drilling scenario decomposition, and gating booking on a clearance mock.
Real SOC rangeMulti-SIEM exposure95% first attemptFree retake voucherBridge to CHFI / CTIA
Why our pass rate is 95%
Industry average: ~74%
Most candidates revise terminology and walk into the exam without ever having taken a real alert under pressure. The scenario items expose them immediately.
Nexperts: 95%
We run a real SOC. You take 30+ alerts. You lead a real IR. By exam day, the scenarios feel routine.
Your SOC Career Path
CSA opens the SOC and beyond.
CSA is the entry. From here, the natural progressions are CTIA (threat intelligence), CHFI (digital forensics), CySA+ (CompTIA SOC track) or SC-200 for the Microsoft-stack SOC.
Before this
Network basics + Security awareness
No prerequisite required. Network+ or Security+ helps but is not mandatory.
Expected salary range after CSA: RM 4,500 – RM 8,000/month for Tier 1 / Tier 2 SOC analyst roles in Malaysian MSSPs and enterprises.
Student Reviews
What our CSA graduates say.
4.8
★★★★★
168 reviews
5★
84%
4★
13%
3★
3%
★★★★★
"Started as a helpdesk technician. Three days at Nexperts and I had a job offer at an MSSP within the month. The SOC Range is the difference — you walk in able to actually do the job."
HM
Hairul Mohamed
SOC Analyst T1 · LGMS
✓ Passed first attempt
★★★★★
"Cybersec final-year student walked in. Walked out with a credential, real SIEM hours, and confidence. Got hired at a bank's SOC three weeks later."
SS
Sara Sundaram
SOC Analyst · Maybank
✓ Passed first attempt
★★★★
"Coming from NOC. CSA was the bridge I needed. Multi-SIEM exposure was the real gold — most of my interviews ask about Splunk and Sentinel."
BC
Brandon Chai
SOC Analyst T2 · NTT MY
✓ Passed first attempt
★★★★★
"Best entry SOC course in MY. The pcap hunt and ransomware IR labs were the highlights. I take Sigma rules to interviews now and people are impressed."
ZB
Zarina Bahari
SOC Analyst · RHB
✓ Passed first attempt
Copy page link
Share this course page with your team or save the URL for later.
