LDR551: Building and Leading Security Operations Centers You Will Be Able To • Construct a strong SOC foundation based on a clear mission, charter, and organizational goals • Collect the most important logs and network data • Build, train, and empower a diverse team • Create playbooks and manage detection use cases • Use threat intelligence to focus detection efforts on true priorities • Apply threat hunting process and active defense strategies • Implement efficient alert triage and investigation workflow • Operate effective incident response planning and execution • Choose metrics and long-term strategy to improve the SOC • Employ team member training, retention, and prevention of burnout • Perform SOC assessment through capacity planning, purple team testing, and adversary emulation Business Takeaways • Implement strategies for aligning cyber defense to organizational goals • Decrease risk profile due to improved security validation tools and techniques • Apply methodologies for recruiting, hiring, training, and retaining talented cyber defenders • Streamline effective cross-team coordination and collaboration • Employ immediate security optimization improvements using current assets • Reduce financial spend due to smoother cybersecurity operations • Watch a preview of this course • Discover how to take this course: Online, In-Person sans.org/LDR551 5 Day Program 30 CPEs Laptop Required Prevent – Detect – Respond | People – Process – Technology Information technology is so tightly woven into the fabric of modern business that cyber risk has become business risk. SOC managers must align to their organization and demonstrate real value—a challenge when threats are hard to quantify and stakeholder requirements for the security team are often vague and difficult to translate. How does a SOC communicate their value and focus on operations that enable the organization? LDR551 breaks down security operations into clear and atomic functions that can be measured and improved. We then tie these core SOC activities to high-level organizational goals for easy communication with the SOCs constituency. Common questions SOC managers face are: • How do we know our security teams are aligned to the unique threats facing our organization? • How do we get consistent results and prove that we can identify and respond to threats in time to minimize business impact? • How can we build a SOC team that is empowered and continuously improving, where analysts are empowered to solve problems while focusing on the mission at hand? Whether you are looking to build a new SOC or take your current team to the next level, LDR551 will super-charge your people, tools, and processes. Each section of LDR551 is packed with hands-on labs that demonstrate key SOC capabilities, and each day concludes with “Cyber42” SOC leadership simulation exercises. Students will learn how to combine SOC staff, processes, and technology in a way that promotes measurable results and covers all manner of infrastructure and organizational requirements. Attackers are always improving, so a SOC that sits still is losing ground. LDR551 will give SOC managers and leaders the tools and mindset required to build the team, process, workflow, and metrics to defend against modern attackers by building the processes for continuously growing, evolving, and improving the SOC team over time. What is a SOC Manager? A SOC Manager leads an organization’s cybersecurity operations team by developing and guiding implementation of a cyber defense strategy that can minimize the impact of cybersecurity incidents. Leading a SOC is a complex role that requires merging technical and business sensibilities, and the skills to monitor performance, communicate requirements, and demonstrate results up and down the chain of command. Hands-On SOC Manager Training While LDR551 is focused on management and leadership, it is by no means limited to non-technical processes and theory. The course uses the Cyber42 interactive leadership simulation game to put you in real-world scenarios that spur discussion and critical thinking of situations that you will encounter at work. Throughout the five days of instruction, students will work on seventeen hands-on exercises covering everything from playbook implementation to use case database creation, attack and detection capability prioritization and visualization, purple team planning, threat hunting, and reporting. Attendees will leave with a framework for understanding where a SOC manager should be focusing efforts, how to track and organize defensive capabilities, and how to drive, verify, and communicate SOC improvements. “ There are so many [organizations] that seem to be trying to reinvent the wheel. All they need to do is invest in this course for real-world, actionable information that can put them on a solid path toward building, staffing, and leading their own SOC.” —Brandi Loveday-Chesley GSOM Security Operations Manager giac.org/gsom