Certified Information Security Analyst II (CISA-II) Certification Program by Tonex
Designed for mid-career analysts, CISA-II deepens practical expertise across monitoring, SIEM engineering, alert triage, and SOC workflows. Participants learn to refine detection content, operationalize threat intelligence, and standardize incident response with metrics that matter to leadership.
You will structure playbooks, automate routine investigations, and tune pipelines to reduce noise while preserving signal fidelity. This program emphasizes measurable outcomes—lower MTTD/MTTR, higher detection coverage, and consistent post-incident learning.
Stronger cybersecurity posture is a direct result: resilient monitoring architectures, validated controls, and streamlined escalation paths that withstand evolving threats. Your teams gain confidence in response readiness and auditability. Organizations benefit from durable risk reduction and clearer alignment between security operations and business goals.
Learning Objectives:
- Engineer SIEM use cases and correlation rules.
- Build reliable alert pipelines and enrichment.
- Apply threat intel to detections and hunts.
- Standardize incident response with KPIs.
- Communicate findings to technical and executive audiences.
- Elevate organizational cybersecurity by improving detection coverage, response speed, and risk visibility.
Audience:
- Cybersecurity Professionals
- SOC Analysts and Engineers
- Incident Responders
- Threat Hunters
- Security Architects
- IT/Network Operations Leads
Program Modules:
Module 1: SIEM Foundations
- Event collection patterns and schemas
- Normalization and parsing strategies
- Time, context, and identity handling
- Correlation logic and rule lifecycles
- Data quality checks and baselining
- Health monitoring and capacity
Module 2: Detection Engineering
- Hypothesis-driven rule design
- ATT&CK mapping and coverage
- Thresholds, exceptions, and tuning
- Stateful vs. stateless detections
- False positive reduction methods
- Versioning and peer review
Module 3: Threat Intelligence
- Intelligence requirements and gaps
- IOC vs. behavior-based strategies
- Feeds, scoring, and de-duplication
- Context enrichment workflows
- PIRs to detection backlogs
- Feedback and sunset criteria
Module 4: Incident Response
- Triage decision trees and queues
- Playbook structure and ownership
- Containment and eradication steps
- Evidence handling and timelines
- Communication and stakeholder sync
- Metrics: MTTD, MTTR, precision
Module 5: Automation & SOAR
- Trigger design and guardrails
- Enrichment and containment actions
- Human-in-the-loop approvals
- Error handling and rollbacks
- Reusable action libraries
- Measuring automation ROI
Module 6: Assurance & Reporting
- Control validation and attestations
- Continuous monitoring checks
- Purple-team feedback loops
- Post-incident reviews and actions
- Executive and audit reporting
- Risk alignment and roadmaps
Exam Domains:
- Operational Monitoring Strategy
- Detection Content Lifecycle Management
- Threat Intelligence Integration
- Incident Response Orchestration
- Security Automation Governance
- Assurance, Metrics, and Reporting
Course Delivery:
The course is delivered through a combination of lectures, interactive discussions, and project-based learning, facilitated by experts in the field of Certified Information Security Analyst II (CISA-II). Participants will have access to online resources, including readings, case studies, and tools for practical exercises.
Assessment and Certification:
Participants will be assessed through quizzes, assignments, and a capstone project. Upon successful completion of the course, participants will receive a certificate in Certified Information Security Analyst II (CISA-II).
Question Types:
- Multiple Choice Questions (MCQs)
- Scenario-based Questions
Passing Criteria:
To pass the Certified Information Security Analyst II (CISA-II) Certification Training exam, candidates must achieve a score of 70% or higher.
Ready to advance your SOC impact? Enroll in CISA-II by Tonex and level up your detection, response, and assurance capabilities today.