A lot of you have reached out saying you want to get into cybersecurity as a SOC analyst but can’t afford my paid community right now. I hear you. So I built a free community.
Inside you will find 4 modules that will give you a good starting point once completed and you’ll be surrounded with others that have similar goals.
It’s called the MYDFIR SOC Community and it’s completely free.
Quick note if you’ve heard that name before, the paid community has been renamed to MYDFIR Forge. Same content, same everything, just a new name.
Most companies don’t have EDR. No SIEM. No centralized logging.
I’ve responded to more incidents than I can count where the environment was basically flying blind.
Default audit policies. No one knew what their retentions were.
And guess what? The investigation still had to happen.
That’s the reality nobody talks about in SOC training. Everyone practices on perfectly configured labs with clean logs and full telemetry. Then they hit a real incident and freeze because the data they were trained to look for doesn’t exist.
So what do you actually do?
That’s exactly what the upcoming DFIR Course covers and will be available exclusively to the MYDFIR SOC Community.
If you’re serious about becoming an analyst who can walk into any environment, day one, and actually provide value, this is where you start.
Just wrapped up Chapter 4 of my next course 👀 This one is going to be all about DFIR.
The full course will have 13 chapters, with a strong mix of theory + hands-on practical work the kind of stuff you actually deal with during real incidents, not just textbook examples.
If you enjoyed my SOC course and you’re thinking “okay… what’s next?” This is it.
I wanted to share a testimonial from one of the members inside the community! It means a lot to me hearing the experience from others and knowing that this community is changing lives.
My 90-Day Journey with the MyDFIR SOC Accelerator Program by Nick Chitsamrerng
I joined the MyDFIR SOC Accelerator program a few months ago, and I’m about to finish my 90 days. Even though I’m still completing the last few labs, this journey has been incredible, and I’ve already learned so much.
When I started, I felt completely lost. The program introduced so many concepts, tools, and exercises that I struggled to connect everything. But that foundation was exactly what I needed. I covered essential cybersecurity concepts like the CIA triad, AAA, threat actors, common threats, IOCs, IOAs, TTPs, Active Directory, cloud fundamentals, and networking basics. I also set up my lab environment with VMs, Splunk, Remnux, and FlareVM. At first, it felt overwhelming, but it made the more advanced topics much easier to understand later on.
When It All Clicked
Once I moved into the “Art of Investigation” portion, everything started to make sense. I learned how to:
- Analyze emails to spot phishing attempts - Investigate user accounts and Active Directory activities - Explore network traffic and endpoints - Perform malware analysis - Conduct threat hunting and correlate logs
Before this, I struggled to connect alerts or know the next step. Now, I have a structured methodology and a clear way of thinking like an analyst. Labs on suspicious network activity and malware were challenging but extremely rewarding, helping me see how all the pieces fit together in a real SOC environment.
Hands-On with Real-World Scenarios
Later in the program, I worked with real-world attack simulations, learning how attackers move through a network, escalate privileges, steal information, and maintain control. I also gained practical experience creating alerts, dashboards, and reports in Splunk and Microsoft Sentinel, which made me feel like I was truly working in a SOC.
Tools and Mindset
The program introduced many tools, including Splunk, Microsoft Sentinel, Wireshark, Zeek, Suricata, and PDF and email analysis utilities. But the biggest takeaway wasn’t just the tools. It was learning how to think like an investigator—asking the right questions, connecting the dots, and seeing the bigger picture. This mindset has been a game-changer for me.
Community and Mentorship
The MyDFIR community and Steven’s teaching style made concepts clear and approachable. Everyone is supportive, and being able to ask questions—even beginner ones—and get detailed guidance has been invaluable. The mentorship helped me not just learn, but gain confidence in applying my knowledge in a practical setting.
Where I’m at Now
Even though I’m finishing my 90 days, I know this is just the beginning. I plan to revisit labs, refine my skills, and continue learning. This program gave me both skills and a mindset that I’ll carry forward as I grow in cybersecurity.
Another win today!!! It feels incredible knowing the content I create is truly making a difference in people’s lives. I’m grateful for the chance to share and for all of you who show up, put in the work, and tune in.
Great news! One of our members just landed a role at CrowdStrike. They showed up consistently, put in the work throughout the 90-Day SOC Accelerator, and pushed themselves through our monthly CTFs. This is exactly what’s possible when you stay committed and trust the process.
I’m confident we’re going to see many more wins like this.
If you’re considering joining, let me know what questions you have. I’m here to help you figure out if it’s the right fit!
I wanted to share one of our member’s experiences in the MYDFIR SOC community. Hearing from members like this truly means a lot as it makes all the late nights creating structured content worthwhile, knowing it’s helping people grow into amazing SOC Analysts.
In case the image is hard to read "I want to thank you for bringing this community together. I have been following you on You tube for a couple of years, when I first decided to switch career paths to Cybersecurity. When you started your SOC course I was already invested in a 7 month Cybersecurity boot camp program. Which I am grateful for but I which I could’ve took your coarse first. Being in this community has def built my confidence and kept me grounded and not feeling overwhelmed."
Additionally, I just received an email from a student who landed a role with a well-known company in the aviation industry. What makes it even better is that they transitioned from a sales and marketing background into cybersecurity.
Seeing their success...man what a wonderful feeling.
This is why I do what I do.
Check out the link if you want to learn more about the community: skool.com/mydfir
In preparation for our next client inside the SOC Simulator, I’m releasing a brand-new Splunk 101 primer course exclusively for community members.
This means you’ll soon get hands-on experience with both Microsoft Sentinel and Splunk, two of the most in-demand SIEM tools in the industry.
But here’s the catch:
There’s a hard seating limit for Splunk access.
If you’ve been thinking about joining the community, the best time to start is now. Tackle the 90-Day SOC Accelerator and request Splunk access once you’re ready.
If you become an intern, you’ll be able to list Splunk and Microsoft Sentinel/XDR as professional work experience, backed by the same alerts, investigations, and reports we handle in real SOC environments.
MyDFIR
A lot of you have reached out saying you want to get into cybersecurity as a SOC analyst but can’t afford my paid community right now. I hear you. So I built a free community.
Inside you will find 4 modules that will give you a good starting point once completed and you’ll be surrounded with others that have similar goals.
It’s called the MYDFIR SOC Community and it’s completely free.
Quick note if you’ve heard that name before, the paid community has been renamed to MYDFIR Forge. Same content, same everything, just a new name.
Join the free community here - skool.com/mydfir-community/about
1 day ago | [YT] | 66
View 17 replies
MyDFIR
Most companies don’t have EDR. No SIEM. No centralized logging.
I’ve responded to more incidents than I can count where the environment was basically flying blind.
Default audit policies. No one knew what their retentions were.
And guess what? The investigation still had to happen.
That’s the reality nobody talks about in SOC training. Everyone practices on perfectly configured labs with clean logs and full telemetry. Then they hit a real incident and freeze because the data they were trained to look for doesn’t exist.
So what do you actually do?
That’s exactly what the upcoming DFIR Course covers and will be available exclusively to the MYDFIR SOC Community.
If you’re serious about becoming an analyst who can walk into any environment, day one, and actually provide value, this is where you start.
1 week ago | [YT] | 100
View 8 replies
MyDFIR
Just wrapped up Chapter 4 of my next course 👀
This one is going to be all about DFIR.
The full course will have 13 chapters, with a strong mix of theory + hands-on practical work the kind of stuff you actually deal with during real incidents, not just textbook examples.
If you enjoyed my SOC course and you’re thinking
“okay… what’s next?”
This is it.
More details soon. Stay tuned!!!
4 weeks ago | [YT] | 63
View 8 replies
MyDFIR
I wanted to share a testimonial from one of the members inside the community! It means a lot to me hearing the experience from others and knowing that this community is changing lives.
My 90-Day Journey with the MyDFIR SOC Accelerator Program by Nick Chitsamrerng
I joined the MyDFIR SOC Accelerator program a few months ago, and I’m about to finish my 90 days. Even though I’m still completing the last few labs, this journey has been incredible, and I’ve already learned so much.
When I started, I felt completely lost. The program introduced so many concepts, tools, and exercises that I struggled to connect everything. But that foundation was exactly what I needed. I covered essential cybersecurity concepts like the CIA triad, AAA, threat actors, common threats, IOCs, IOAs, TTPs, Active Directory, cloud fundamentals, and networking basics. I also set up my lab environment with VMs, Splunk, Remnux, and FlareVM. At first, it felt overwhelming, but it made the more advanced topics much easier to understand later on.
When It All Clicked
Once I moved into the “Art of Investigation” portion, everything started to make sense. I learned how to:
- Analyze emails to spot phishing attempts
- Investigate user accounts and Active Directory activities
- Explore network traffic and endpoints
- Perform malware analysis
- Conduct threat hunting and correlate logs
Before this, I struggled to connect alerts or know the next step. Now, I have a structured methodology and a clear way of thinking like an analyst. Labs on suspicious network activity and malware were challenging but extremely rewarding, helping me see how all the pieces fit together in a real SOC environment.
Hands-On with Real-World Scenarios
Later in the program, I worked with real-world attack simulations, learning how attackers move through a network, escalate privileges, steal information, and maintain control. I also gained practical experience creating alerts, dashboards, and reports in Splunk and Microsoft Sentinel, which made me feel like I was truly working in a SOC.
Tools and Mindset
The program introduced many tools, including Splunk, Microsoft Sentinel, Wireshark, Zeek, Suricata, and PDF and email analysis utilities. But the biggest takeaway wasn’t just the tools. It was learning how to think like an investigator—asking the right questions, connecting the dots, and seeing the bigger picture. This mindset has been a game-changer for me.
Community and Mentorship
The MyDFIR community and Steven’s teaching style made concepts clear and approachable. Everyone is supportive, and being able to ask questions—even beginner ones—and get detailed guidance has been invaluable. The mentorship helped me not just learn, but gain confidence in applying my knowledge in a practical setting.
Where I’m at Now
Even though I’m finishing my 90 days, I know this is just the beginning. I plan to revisit labs, refine my skills, and continue learning. This program gave me both skills and a mindset that I’ll carry forward as I grow in cybersecurity.
If anyone is interested - skool.com/mydfir
4 weeks ago | [YT] | 56
View 9 replies
MyDFIR
PSA: Please be on the lookout for fake emails that look like it is sourcing from myself. A member received this the other day.
When receiving emails, always remember to check the sender address and look for any urgency, typos and be cautious of links.
Use tools like virustotal, urlscan.io, or even browserling to open it up in a sandbox.
Stay safe folks!
1 month ago | [YT] | 72
View 13 replies
MyDFIR
Another win today!!! It feels incredible knowing the content I create is truly making a difference in people’s lives. I’m grateful for the chance to share and for all of you who show up, put in the work, and tune in.
Thank you.
3 months ago | [YT] | 228
View 18 replies
MyDFIR
Hmmmmm what project should I do next? 👀 any requests?
3 months ago | [YT] | 21
View 14 replies
MyDFIR
Great news! One of our members just landed a role at CrowdStrike. They showed up consistently, put in the work throughout the 90-Day SOC Accelerator, and pushed themselves through our monthly CTFs. This is exactly what’s possible when you stay committed and trust the process.
I’m confident we’re going to see many more wins like this.
If you’re considering joining, let me know what questions you have. I’m here to help you figure out if it’s the right fit!
skool.com/mydfir
3 months ago | [YT] | 242
View 22 replies
MyDFIR
I wanted to share one of our member’s experiences in the MYDFIR SOC community. Hearing from members like this truly means a lot as it makes all the late nights creating structured content worthwhile, knowing it’s helping people grow into amazing SOC Analysts.
In case the image is hard to read "I want to thank you for bringing this community together. I have been following you on You tube for a couple of years, when I first decided to switch career paths to Cybersecurity. When you started your SOC course I was already invested in a 7 month Cybersecurity boot camp program. Which I am grateful for but I which I could’ve took your coarse first. Being in this community has def built my confidence and kept me grounded and not feeling overwhelmed."
Additionally, I just received an email from a student who landed a role with a well-known company in the aviation industry. What makes it even better is that they transitioned from a sales and marketing background into cybersecurity.
Seeing their success...man what a wonderful feeling.
This is why I do what I do.
Check out the link if you want to learn more about the community: skool.com/mydfir
4 months ago | [YT] | 55
View 0 replies
MyDFIR
👀 COMING SOON: Splunk 101
In preparation for our next client inside the SOC Simulator, I’m releasing a brand-new Splunk 101 primer course exclusively for community members.
This means you’ll soon get hands-on experience with both Microsoft Sentinel and Splunk, two of the most in-demand SIEM tools in the industry.
But here’s the catch:
There’s a hard seating limit for Splunk access.
If you’ve been thinking about joining the community, the best time to start is now. Tackle the 90-Day SOC Accelerator and request Splunk access once you’re ready.
If you become an intern, you’ll be able to list Splunk and Microsoft Sentinel/XDR as professional work experience, backed by the same alerts, investigations, and reports we handle in real SOC environments.
MYDFIR SOC Community👇
Site: skool.com/mydfir
4 months ago | [YT] | 162
View 5 replies
Load more