LDR551: Building and Leading Security Operations Centers
14In a world where IT environments and threat actors evolve faster than many teams can track, position your SOC to defend against highly motivated threat actors. Highly dynamic modern environments require a cyber defense capability that is forward-looking, fast-paced, and intelligence-driven. This SOC manager training course will guide you through these critical activities from start to finish and teach you how to design defenses with your organization's unique risk profile in mind. If you are a SOC manager or leader looking to unlock the power of proactive, intelligence-informed cyber defense, then LDR551 is the perfect course for you! Walk away with the ability to align your SOC activities with organizational goals. 17 hands-on exercises + Cyber42 interactive leadership simulations.
Prevent - Detect - Respond | People - Process - Technology
ORGANIZATIONAL BENEFITS
- Implement strategies for aligning cyber defense to organizational goals
- Decrease risk profile due to improved security validation tools and techniques
- Apply methodologies for recruiting, hiring, training, and retaining talented cyber defenders
- Streamline effective cross-team coordination and collaboration
- Employ immediate security optimization improvements using current assets
- Reduce financial spend due to smoother cyber security operations
SKILLS LEARNED
- Construct a strong SOC foundation based on a clear mission, charter, and organizational goals
- Collect the most important logs and network data
- Build, train, and empower a diverse team
- Create playbooks and manage detection use cases
- Use threat intelligence to focus detection efforts on true priorities
- Apply threat hunting process and active defense strategies
- Implement efficient alert triage and investigation workflow
- Operate effective incident response planning and execution
- Choose metrics and long-term strategy to improve the SOC
- Employ team member training, retention, and prevention of burnout
- Perform SOC assessment through capacity planning, purple team testing, and adversary emulation
SYLLABUS SUMMARY
- Section 1: Critical elements necessary to build your Security Operations Center
- Section 2: Building a threat model, defensive theory, and mental models
- Section 3: Threat detection and threat modeling
- Section 4: The full incident response cycle for operations managers
- Section 5: Measuring and improving security operations
About the Authors:
John Hubbard
John is a Security Operations Center (SOC) consultant and speaker, a Senior SANS instructor, and the course author of two SANS courses, SEC450: Blue Team Fundamentals - Security Operations and Analysis and LDR551: Building and Leading Security Operations Centers. John also teaches additional SANS Blue Team courses such as SEC511: Continuous Monitoring and Security Operations, and SEC555: SIEM with Tactical Analytics. Through his years of experience as a Lead Cyber Security Analyst and SOC Manager for a major pharmaceutical company with over 100,000 employees and global operations, John has developed real-world, first-hand knowledge of what it takes to defend an organization against advanced cyber-attacks. Read more about John at https://www.sans.org/profiles/john-hubbard/
Mark Orlando
Mark Orlando is a SANS Certified Instructor, co-author MGT551: Building and Leading Security Operations Centers, instructor for SEC450: Blue Team Fundamentals: Security Operations and Analysis, and the Co-Founder and CEO of Bionic Cyber. Prior to Bionic, Mark built, assessed, and managed security teams at the Pentagon, the White House, the Department of Energy, and numerous Fortune 500 clients. Mark has presented on security operations and assessment at DefCon's Blue Team Village, the Institute for Applied Network Security (IANS) Forum, BSidesDC, and the RSA Conference and has been quoted in the New York Times, the Washington Post, Forbes, and many other publications. He holds a Bachelor's Degree in Advanced Information Technology from George Mason University and served in the US Marine Corps as an Artillery Non-Commissioned Officer. Read more about Mark at https://www.sans.org/profiles/mark-orlando/
SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.