Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 in Boston (Sept 6–8, 2025). These new role‑based tracks are designed to support foundational to advanced SOC capabilities, which range from threat detection and response to automated orchestration and architectural design.
A quick look at the tracks
The SOC Analyst track equips early‑career analysts with practical labs in threat investigation, detection, hunting, and response, featuring refreshed essentials and two brand-new courses. SOC Engineers will dive deeper into administering Splunk Enterprise Security and learn to integrate open‑source attack simulation tools to validate detection and response workflows.
For those focused on automation, the Security Automation track combines Splunk SOAR administration and playbook development with hands-on integration of attack simulation tools. Security Architects will tackle deployment design, security data architecture, attack simulation integration, and an immersive look at SOC roles and challenges.
3-, 2-, 1-day tracks
These offerings range from our one‑day course called “Enhancing SOC Operations with Attack Simulations” aimed at experienced professionals to intensive three‑day tracks. And, attendees can use Training Units with .conf25 passes (240 TUs for three‑day, 180 TUs for two‑day, and 100 TUs for the one‑day session).
Splunk University’s Security tracks are designed to empower professionals at every stage – from supporting new security analysts to enabling engineers, developers, and architects – with the intention to prepare you to build a future‑ready SOC. We’re meeting learners where they are and hope to propel them to where they want to be.
Please note that some of these courses require prior training and/or experience with Splunk security products (Enterprise Security and SOAR).
