Sign up for our free Threat Hunting Summit June 17 Register Here

SOC Class

Course Authored by .

SOC Class

This course provides a comprehensive picture of a Cyber Security Operations Center (CSOC or SOC). Discussion on the technology needed to run a SOC are handled in a vendor agnostic way.

Course Length: 16 Hours

Includes a Certificate of Completion



Enroll Now

Next scheduled date: WWHF Mile High 2027 - Link at bottom.

Description

This course provides a comprehensive picture of a Cyber Security Operations Center (CSOC or SOC). Discussion on the technology needed to run a SOC are handled in a vendor agnostic way. In addition, technology is addressed in a way that attempts to address both minimal budgets as well as budgets with global scope. Staff roles needed are enumerated. Informing and training staff through internal training and information sharing is addressed. The interaction between functional areas and data exchanged is detailed. Processes to coordinate the technology, the SOC staff, and the business are enumerated.

After attending this class, the participant will have a roadmap (and Gantt chart) for what needs to be done in the organization seeking to implement security operations. Ideally, attendees will be SOC managers, team leaders in security specializations or lead technical staff, security architects. CIO, CISO or CSO (Chief Security Officer) is the highest level in the organization appropriate to attend.

  • System requirements
    • Not required for attendance. Many support documents will be provided that are in MS Office format but can be used in Google Docs. PDFs are provided for universal compatibility in most cases, especially Gantt (.proj) and Visio (.vxdx) file types.
  • VM / Lab / Student information
    • Not required

Syllabus

Class Orientation

  • A Story About Telling Stories
  • First Principles and Terminology

Business Alignment

  • Steering Committee – Phase 1: Design
  • Requirements
  • Impact
  • Charter

SOC Design

  • Functional Components
  • Presumed Organizational Support Functions
  • Functional Arrangements
  • Operational and Architectural Considerations
  • SOC Organizational Position
  • Multi SOC Models
  • SOC and IT Relations
  • Size and Maturity
  • Size: What Does It Look Like?
  • Outsourcing Advice

Overall Program of Operations

  • Intro
  • Command Center
  • Network Security Monitoring
  • Threat Intelligence
  • Incident Response
  • Forensics
  • Self-Assessment

Business Alignment (2)

  • Defensive Topology
  • Steering Committee: Phase 2: Build

SOC Design

  • Functional Area Work Products
  • Technology Selection
  • Physical SOC Build
  • Technology Selection
  • Cultural and Organizational Influence on SOC Requirements and Performance
  • Orchestration and Automation

Analysis

  • Analytical Methodology for the SOC
  • Applied
  • Available Frameworks for Analysis
  • Analytical Methodology: Wrap Up

Staff

  • Roles
  • Hiring
  • Onboarding
  • Training
  • Meetings
  • Retention

Operations

  • Tempo
  • Pre-Forensics
  • Threat Hunting
  • Use Case Development

Metrics

  • Introduction
  • Appropriate Audience
  • Reported
  • Steering Committee: Phase 3: Operations
  • Service Level Objectives
  • SOC Internal Health and Performance

Maturity

  • Introduction
  • SOC-CMM Walkthrough

Processes

  • Process list
  • Sequence Walk Through

Case Study

  • Phin Phisher
  • Insiders
  • Equifax

FAQ

Who Should Take This Course

This class is not technical in nature, but someone without knowledge of IT common practices and Information Security fundamentals (such as the Confidentiality, Integrity, and Availability triad) will be lost very quickly. This is not a class to send SOC analysts to, but is great for the technical lead and manager.

Audience Skill Level

Intermediate – Advanced. Not a class for junior analysts

Prerequisites

This class is not technical in nature, but someone without knowledge of IT common practices and Information Security fundamentals (such as the Confidentiality, Integrity, and Availability triad) will be lost very quickly.

Key Takeaways

The class provides the following:

  • Guidance on business orientation, use case development, hunting techniques
  • Reference model for all functions of a SOC: monitoring, response, intelligence, metrics
  • Guidance on developing internal capability and strategic outsourcing
  • Detailed discussion of technology, process, and analytical staff relations and optimization

·       Sequence of actions for building a SOC, or cross reference an established SOC’s maturity

About the Instructor

Pixel splash background
"InfoSec Ops Generalist: NSM, IR, Mobile, PenTest, Forensics, AI/ML. SOC-Class Author. (http://soc-class.com). SANS Senior Instructor. #infoseclatteart"
Bio

Christopher Crowley has trained thousands of students globally with focus on Overall security operations, monitoring capability, incident response, pen testing, and overall operational program development. His consulting company, Montance® LLC has provided services to organizations large and small in the financial, industrial, energy, medical, and defense industries around the globe.

This class is being taught at Wild West Hackin’ Fest – Mile High 2027.

For more information about our conferences, visit Wild West Hackin’ Fest!

REGISTER HERE

Clicking on the button above will take you to our registration page

Related products

Shopping Cart

No products in the cart.