SECOPS

 

WEEK 1 – Foundation Refresh (ITSM Core + SIR Basics)

Goal: strengthen ITSM and understand how SecOps fits in.

DayTopicKey StepsOutput
1ITSM OverviewReview Incident, Problem, Change, Request, Knowledge.Summary doc of each module.
2Incident Life-cycleConfigure sample incidents. Test states & assignment rules.5 demo incidents.
3Problem & ChangeLink Incident→Problem→Change.2 linked records.
4Catalog & Flow DesignerBuild one catalog item (Laptop Request).Working flow.
5ReportingCreate dashboards for open incidents.1 dashboard.
6SIR IntroductionRead SIR module structure, incident types, phases.Notes on SIR life-cycle.
7Review + QuizCreate quick quiz sheet & answer.Self-assessment.

WEEK 2 – SIR Configuration & Practice

Goal: learn SIR workflows and data structure.

DayTopicKey StepsOutput
8Security Incident TableStudy sn_si_incident schema. Create sample records.3 test records.
9Detection SourcesConfigure email or manual trigger for SIR.1 detection rule.
10Assignment RulesAuto-assign based on category or severity.Business Rule.
11Workflow AutomationBuild Flow for new Security Incidents.Flow executed.
12Tasks & Child IncidentsLearn task relationship, containment & eradication tasks.Linked tasks.
13Closure Code & ReportingAdd closure conditions, make a security report.1 report.
14RecapReview all SIR components.Consolidated notes.

WEEK 3 – Integration & Advanced Practice

Goal: simulate realistic security workflows.

DayTopicKey StepsOutput
15Integrations overviewUnderstand connection to tools like Splunk or email.Diagram of flow.
16NotificationsBuild notification on “Security Incident = Critical”.Tested mail.
17SLA / Priority MatrixCreate SLA for critical incidents.SLA working.
18Security TasksAutomate follow-up tasks for analysis & recovery.Task flow.
19Knowledge ArticlesLink RCA and best practice docs.2 KBs.
20Dashboard & PABuild PA widgets for SIR.1 dashboard.
21ReviewMock walk-through of end-to-end case.Documentation.

WEEK 4 – Job Preparation

Goal: make profile and portfolio job-ready.

DayTopicKey StepsOutput
22Resume updateAdd “ServiceNow ITSM + SIR Support Analyst”.Final resume.
23Mini-projectCreate one complete “Phishing Incident” demo.Project summary.
24PortfolioCapture screenshots, write-up steps.PDF portfolio.
25Interview prepPrepare 20 Q&A for ITSM + SIR.Study sheet.
26LinkedInOptimize headline & posts about your lab.Updated profile.
27Mock InterviewPractice scenario answers aloud.Feedback notes.
28ApplySend to ServiceNow partners, support vendors, MSSPs.10 applications/day.

Comments

Post a Comment

Popular posts from this blog

Workflow

Image
  IRM / Policy Exception, Questionnaire, Assessment, Attestation 1. Policy Exception [ Policy Record ] ( grc_policy ) → stores policies ↓ [ Exception Request] ( grc_policy_exception ) → user requests exception ↓ [Review & Approval] → policy owner approves/rejects ↓ [Implementation] → apply approved exception ↓ [Closure] → attach evidence and close request 2. Questionnaire [ Assessment Template ] ( asmt_metric_type ) → defines questionnaire ↓ [ Questions / Metrics ] ( asmt_metric ) → individual questions ↓ [ Assessment Instance ] ( asmt_assessment_instance ) → triggers questionnaire ↓ [ Responses Collected ] ( asmt_assessment_instance_question ) → vendor/user answers ↓ [ Review & Score ] → evaluator reviews and scores responses 3. Assessment [Assessment Record] ( grc_assessment ) → assessment initiated ↓ [Assign Assessor] → responsible person evaluates ↓ [Collect Evidence] → gather supporting docu...
Read more

SCRIPTING BR

  1. Auto-Create Problem When Incident Reaches Certain Priority Q: How to automatically create a problem record when incident priority is Critical (1)? if (current. priority == 1 && current. state == 2 ) { // In Progress var pr = new GlideRecord ( 'problem' ); pr. initialize (); pr. short_description = current. short_description ; pr. incident = current. sys_id ; pr. insert (); } Steps: After Update BR on incident Condition: priority = 1 and state = In Progress Script: above Tables: incident.priority , problem.incident 2. Link Problem to All Related Incidents Q: How to link multiple incidents to a problem automatically? var gr = new GlideRecord ( 'incident' ); gr. addQuery ( 'category' , current. category ); gr. addQuery ( 'state' , '!=' , 7 ); // Not Closed gr. query (); while (gr. next ()){ gr. problem_id = current. sys_id ; // current = problem gr. update (); } Steps: ...
Read more