Exabeam

Responsibilities:

Tools Used:

Overview

The purpose of this course is to introduce new security analysts to the fundamentals of the Exabeam Security Operations Platform, focusing heavily on the Threat Hunter tool. This tool is a core part of daily operations for security analysts using the tool. It's designed to be comprehensive, meeting analysts at their current career stage and providing hands-on experience with real-world tasks through labs and guided exercises. The course also needs to include instructor-led presentations alongside lab activities for a blended learning experience.

Learning Objectives

• Teach the fundamentals of the platform with a special emphasis on the Threat Hunter tool, which is used daily by analysts.
• Provide hands-on labs for learners to practice tasks in a simulated environment to build confidence in using the platform.
• Target new security analysts while ensuring the course material is comprehensive and digestible, reflecting real-world challenges.

The first step was to deeply understand the target audience: security analysts. To determine their day-to-day activities and required skills, we consulted former analysts and professionals who had experience working in Security Operations Centers (SOC).

After brainstorming and collaborating, we compiled a list of the typical tasks a security analyst might perform, which was filtered, discussed, and categorized into several types of activities.

These tasks were further broken down into levels of knowledge: fundamental, intermediate, advanced, and mastery. For this course, we focused on the fundamental level, targeting beginners and analysts who are new to Exabeam.

We organized the day-to-day information collected from our research into actionable learning goals, separating tasks based on relevance to the course's focus (the Threat Hunter tool and fundamental-level skills).

The results were categorized into modules to ensure learners could progress logically through the material while building confidence with each section.

Taking the information we had from the previous exercise, we worked to connect this information to each other and to courseware we had previously developed. This enabled us to see how categories were related and would allow us to pull from those previous courses to use here if it made sense to save time and effort.

Action mapping allowed us to visualize the flow of the course. By mapping out the content, we identified any gaps and connected the material to previous training efforts to avoid redundancy. This provided a clear framework for course development and a roadmap for any new team members entering the project, allowing them to jump into development without missing important context.

We created a persona for the 'ideal learner', a security analyst who is new to the Exabeam platform. This helped guide the instructional design process, ensuring that the course content stayed focused on solving real-world problems analysts would encounter.

Once the research was complete, the next step was to structure the course into logical modules including the following types:

• Introduction to the Exabeam Platform: An overview of the platform and its capabilities.
• Threat Hunting Basics: Detailed explanations of how the Threat Hunter tool functions and its application in detecting security incidents.
• Hands-on Labs: Interactive labs where learners could practice using the tool in a controlled, simulated environment.
• Final Assessment: A series of activities or tasks that would measure learners' proficiency in using the platform.

The outline underwent multiple revisions based on stakeholder feedback. Each module was assigned to team members who were responsible for creating the corresponding content. After all the content was compiled, we collectively reviewed the outline to ensure consistency, streamlined flow, and accuracy.

Each member of the team developed a portion of the content, conducting deep research to stay up-to-date with the changes implemented in the evolving capabilities of the Exabeam platform. This ensured that the material was accurate and instructionally sound. We then regrouped to review our content, making necessary adjustments and refining the scripts as needed to ensure clarity and relevance.

With the script completed, we transitioned to building the slide decks that would be used by trainers to facilitate the course.

We created two versions of the slides:

• Instructor Version: Includes both instructor and student notes for reference during live training sessions.
• Student Version: A simplified version with only student notes to avoid overwhelming learners with too much detail during the presentation.

Once the slides were finalized, they were imported into Paligo, our content management system, for document publication. This step ensured that trainers could easily reference the material while preparing for their sessions. After receiving final sign-off from trainers, stakeholders, and upper management, the document was exported to a PDF format for distribution via the LMS (Learning Management System).

Alongside the publication, we created lab exercises that allowed learners to interact with the Exabeam platform directly. The labs were designed as walk-throughs of specific tasks analysts would need to perform using the platform, such as conducting threat hunts or investigating potential security incidents. These labs were integrated into the LMS and tested rigorously to ensure that they functioned correctly.