Season 0 is completely free

Your first week was supposed to be easy.

Your first week on the team. Ed promised you'd have time to settle in - that lasted about an hour. A routine phishing report just escalated into something bigger. Work alongside a real SOC team, investigate real evidence, and think like an analyst — not a test-taker.

5 Episodes
15 Challenges
2-3 hours
Season Zero: Fundamentals

Five episodes. One incident that keeps getting worse.

Over 2-3 hours, go from watching the team work to working alongside them — learning SOC fundamentals through a single incident from first alert to containment.

First Day
Episode 1
25-30 min

First Day

Monday, 8:47 AM. Welcome to the team. Meet the crew, tour the SOC, and learn the tools. Ed says you picked a quiet week. He's wrong.

Email Analysis
Inbox Zero
Episode 2
30-40 min

Inbox Zero

Tuesday, 10:15 AM. A Finance analyst reports a suspicious invoice. Tess calls it a 'teaching moment.' Then Eli checks his feeds.

Email Analysis
Threat Intelligence
Log/SIEM Analysis
Follow the Thread
Episode 3
35-45 min

Follow the Thread

Tuesday, 3:30 PM. One email. Six recipients. One of them clicked. Now you need to figure out what happened next.

Log/SIEM Analysis
Lateral
Episode 4
40-50 min

Lateral

Wednesday, 9:00 AM. They're already inside. Stolen credentials are being used across the network. Find out where and how far they went.

Email Analysis
Log/SIEM Analysis
Endpoint Investigation
Containment
Episode 5
40-50 min

Containment

Thursday, 7:30 AM. Time to end this. Isolate the threat, find the persistence, and close out your first real incident.

Log/SIEM Analysis
Endpoint Investigation
Threat Intelligence

Meet the team you're joining

Ed Mercer

Ed Mercer

@epiclead

SOC Lead

15-year security veteran who started at help desk and worked his way up. Leads by example, not ego. When Ed says 'we've got this,' everyone believes it.

Mara Vance

Mara Vance

@techstack

Tech Lead

10-year SOC veteran and technical mastermind. She architects the detection logic and knows every tool in the stack inside out.

Tess Harrow

Tess Harrow

@spfhardfail

Email Specialist

Former email admin turned security analyst. She can spot a spoofed header from a mile away.

Eli Navarro

Eli Navarro

@campaigntrail

Threat Intel

Always has the latest threat feeds at his fingertips. His contextual intel often breaks cases wide open.

What you'll actually learn

Navigate a SOC environment and understand team roles
Analyze phishing emails and extract IOCs
Correlate SIEM logs to build attack timelines
Identify lateral movement through authentication logs
Investigate endpoints for persistence mechanisms
Participate in incident containment and documentation

How it works

1. Briefing

Get looped in on what happened, from the people who caught it.

2. Investigate

Analyze real evidence — emails, logs, endpoints, threat intel — and make the calls a real analyst would.

3. Debrief

See how your read on the incident compares, and what happens next.

No setup, no VMs, nothing to install. 5 episodes, 25–50 minutes each.

Ready to start your first investigation?

Season 0 is free, no credit card required. See what it's like to think like a SOC analyst.

SOC Analyst Training Adventures | Learn by Investigating Real Incidents | EpicDetect