CS 242 — Advanced Incident Response Operations
Serving as the capstone for the Security Operations program, this course immerses students in the high-stakes environment of advanced incident response and Security Operations Center (SOC) engineering. Moving beyond individual alert triage, students act as Tier 2/Tier 3 responders and incident commanders to orchestrate the defense of a simulated enterprise network under active, multi-stage attack. Synthesizing forensic techniques, threat intelligence, and governance frameworks from previous and concurrent coursework, students will focus on proactive threat hunting, designing automated response playbooks (SOAR), managing war-room communications, and executing complex containment strategies. The course culminates in a multi-day, live-fire simulation where students must seamlessly integrate detection engineering, forensic timeline reconstruction, and executive reporting to stop an advanced persistent threat.