This course provides a comprehensive picture of a Cyber Security Operations Center (CSOC or SOC). Discussion on the technology needed to run a SOC are handled in a vendor agnostic way. In addition, technology is addressed in a way that attempts to address both minimal budgets as well as budgets with global scope. Staff roles needed are enumerated. Informing and training staff through internal training and information sharing is addressed. The interaction between functional areas and data exchanged is detailed. Processes to coordinate the technology, the SOC staff, and the business are enumerated.
After attending this class, the participant will have a roadmap (and Gantt chart) for what needs to be done in the organization seeking to implement security operations. Ideally, attendees will be SOC managers, team leads in security specializations or lead technical staff, security architects. CIO, CISO or CSO (Chief Security Officer) is the highest level in the organization appropriate to attend.
The inclusion of all functional areas of security operations is intended to develop a standardized program for an organization and express all necessary capabilities. Admittedly ambitious, the intention of the class is to provide a unified picture of coordination among teams with different skillsets to help the business prevent loss due to poor security practices. I have encountered detrimental compartmentalization in most organizations. There is a tendency for a specialist to look only at her piece of the problem, without understanding the larger scope of information security within an organization. Organizations are likely to perceive a security operations center as a tool, and not the unification of people, processes, and technologies.
This class is not technical in nature, but someone without knowledge of IT common practices and Information Security fundamentals (such as the Confidentiality, Integrity, and Availability triad) will be lost very quickly. This is not a class to send SOC analysts, but is great for the technical lead and manager.
- Guidance on business orientation, use case development, hunting techniques
- Reference model for all functions of a SOC: monitoring, response, intelligence, metrics
- Guidance on developing internal capability and strategic outsourcing
- Detailed discussion of technology, process, and analytical staff relations and optimization
- Sequence of actions for building a SOC, or cross reference an established SOC’s maturity
TRAINER & AUTHOR
Christopher Crowley has 20 years of industry experience managing and securing networks, his first job in the field was as an Ultrix and VMS systems administrator at 15 years old. He is a Senior Instructor for the SANS Institute, the course author for SOC-Class.com. He holds a multitude of cyber security industry certifications. He currently works as an independent consultant in the Washington, DC area focusing on effective computer network defense via Montance® LLC: providing cybersecurity assessment, and framework development services enabling clients to create a new SOC, or improve existing security operations, in order to provide optimum security protection for digital assets. Montance® LLC has provided services to organizations large and small in the financial, industrial, energy, medical, and defense industries. It is a one-person consulting firm providing a vehicle for direct and efficient engagement.