Contact Us

Contact Us

TSOC / Training Security Operations Centre

A working SOC, built for teaching.

Real telemetry. Real detection scenarios. Real analyst workflows — across blue, red, and purple team environments. TSOC gives universities and TAFEs the closest thing to a production Security Operations Centre, without building one from scratch.

Scalable

To hundreds of students

3

Team zones

E2E

SOC workflow

● Live telemetry · sample

5 events

HIGH

endpoint-07

endpoint-07

· credential dumping tool detected

· credential dumping tool detected

14:22:08

HIGH

firewall-01

firewall-01

· outbound c2 beacon pattern

· outbound c2 beacon pattern

14:22:11

LOW

linux-web03

linux-web03

· suspicious shell exec T1059

· suspicious shell exec T1059

14:22:14

LOW

auth-proxy

auth-proxy

· 47 failed auth attempts / 5min

· 47 failed auth attempts / 5min

14:22:16

HIGH

windows-dc01

windows-dc01

· privilege escalation detected

· privilege escalation detected

14:22:19

01 — Workflow

4 phases

How a TSOC session unfolds

Students move through the same workflow a junior analyst runs every shift.

01 / INGEST

Telemetry streams

Windows, Linux, network, web, and auth logs flow into the SIEM in real time.

02 / DETECT

Alerts fire

Sigma and KQL rules trigger on malware, privilege escalation, brute force, and exploitation.

03 / TRIAGE

Investigate

Correlate events, query logs, and build an incident timeline using real analyst dashboards.

04 / REPORT

Document

Write the incident narrative — the same deliverable a SOC analyst produces.

02 — Platform

What we ship

Everything you'd otherwise have to build

A complete SOC environment delivered as a turnkey training platform — so your team focuses on teaching, not infrastructure.

Multi-zone architecture

SOC topology

✓

Segmented blue, red, and purple team environments with VLAN isolation and access control

SIEM + log pipeline

Detection layer

✓

Pre-configured ingestion from Windows, Linux, network, web, and auth sources with dashboards and alerting

Detection content

Sigma + KQL

✓

Curated rule sets covering malware, privilege escalation, brute force, and web exploitation scenarios

Attack simulation

Realistic signals

✓

Traffic generation and attack scenarios that produce authentic SOC artifacts for students to investigate

Threat intelligence

Live feeds

✓

TI feeds, enrichment pipelines, and IOC correlation integrated into the analyst workflow

Lab environments

Per-cohort

✓

Golden image frameworks with snapshot and restore — consistent, repeatable labs across every cohort

Instructor enablement

Train-the-trainer

✓

Operational walkthroughs, instructional content, user guides, and ongoing scenario development

03 — Curriculum fit

3 program tiers

Where TSOC slots into your program

Deployed at increasing depth across qualification levels — from foundational SOC literacy to advanced detection engineering.

Tier 1 / TAFE

Certificate III, IV & Diploma

SOC analyst pathway

SOC L1 workflow training

Alert triage fundamentals

Blue team exercises

Aligned to MITRE ATT&CK & NICE

Tier 2 / Bachelor's

Cyber security degree

Applied SOC operations

End-to-end incident response

Malware analysis and correlation

Detection engineering basics

Capstone SOC assignments

Tier 3 / Master's

Advanced & research

Red, blue, purple team

Advanced detection engineering

Threat hunting and intelligence

Red vs blue simulation weeks

Research-grade lab environments

04 — Deployment

Procurement-ready

What it takes to get up and running

TSOC is delivered as a managed engagement — we handle the build, your team focuses on teaching.

Engagement scope

✓

Discovery and curriculum alignment workshop

✓

Architecture design and infrastructure provisioning

✓

SIEM, tooling, and detection content deployment

✓

Train-the-trainer program for teaching staff

✓

Ongoing scenario development and platform updates

✓

Backup, monitoring, and disaster recovery built in

Deployment options

On-prem · Cloud · Hybrid

Hosted in your environment or ours — your call.

Timeline

Contact us for details

Timeline depends on your infrastructure and readiness.

05 — Proof

Case study

Built and operating at Holmesglen

See how we designed and deployed a purpose-built CSOC — delivered under a government grant — now training hundreds of students a year with real-world capability.

📄 PDF · 6 pages

Building a world-class Cyber Security Operations Centre

The challenge, the solution architecture, and the outcomes — including the multi-zone topology, instructor enablement, and student outcomes from a live TSOC deployment.

Hundreds

students / year

5

challenges solved

Govt

funded

Get the case study

We'll email you the PDF. No spam.

06 — Pair with Cyber Range

Add-on

TSOC + Cyber Range

The most comprehensive cyber learning ecosystem available.

Combine TSOC's full SOC environment with the Cyber Range's per-student cloud-hosted virtual machines. Students move from individual lab exercises into a working SOC — building skills progressively across an entire program.

✓

A machine for every student

Dedicated lab environment for every student via Cyber Range.

✓

Shared SOC floor

Whole-class SOC simulations and team-based exercises in TSOC.

✓

Progressive learning

Individual labs to whole-of-cohort SOC operations in one platform.

✓

Unified analytics

Track student progression across both platforms in one dashboard.

● Now booking demos

See TSOC running live.

15-minute walkthrough — detection scenarios, SIEM dashboards, multi-zone architecture, and incident workflows in your own session.

Book a demo →