Christopher Crowley

Christopher Crowley, a SANS Senior Instructor, has 15 years of industry experience managing and securing networks. He has authored numerous courses and is considered a leading expert in building an effective SOC. He currently works as an independent consultant in the Washington, DC area focusing on effective computer network defense. His work experience includes penetration testing, security operations, incident response, and forensic analysis.

More About Christopher

Upcoming Courses


Christopher Crowley is the course author for SANS Management 517 - Managing Security Operations and SANS Management 535 - Incident Response Team Management.

Chris holds several industry certifications including the GSEC, GCIA, GCIH (gold), GCFA, GPEN, GMOB, GASF, GREM, GXPN, and CISSP.

His teaching experience includes FOR585, MGT517, MGT535, SEC401, SEC503, SEC504, SEC560, SEC575, and SEC580; Apache web server administration and configuration; and shell programming. He was awarded the SANS 2009 Local Mentor of the year award. "The Mentor of the Year Award is given to SANS Mentors who excel in leading SANS Mentor Training classes in their local communities." He is also a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition. Mr. Crowley spends his spare time mountain biking, rock climbing and savoring epicurean treats.

Hear Christopher teach about Threat Hunting in Security Operation here.

“I'm simply amazed at the instructor’s vast knowledge and experience. But most importantly, his expert ability to articulate the material across the spectrum – from simple to complex – in what appears to be effortless for him. My favorite Einstein quote is, "If you can't explain it simply, then you don't know it well enough." The instructor, Christopher Crowley, obviously knows how to explain ANY topic simply. The result was enabling me to focus on what was being presented and to absorb the enormous volume of information in a short period of time. His warm demeanor and wit was also much appreciated. He is truly a consummate professional who is unquestionably dedicated to his students. Thank you for an incredible experience!” - Former Student



Paul's Security Weekly #529 - Mobile Application Assessment with Chris Crowley

Excellent Architecture - Avoid Common Mistakes in Security Operations with Chris Crowley

Vampirism and the Donut Economy by Chris Crowley

Preventing Runtime Exploits: The SANS Implementation Guide for RunSafe Security’s Alkemist, August 2020

Force Multiplier: How we use SOAR to maximize our own SOC analyst efficiency while minimizing fatigue and burnout, July 2020

The Essential Top SOAR use cases, July 2020

Mobile Assessments: Attack Surface and Frameworks, May 2020

Empower Your Security Team with Approachable Threat Intelligence, March 2020

Threat Actor Analysis and Strategic Security Investments, February 2020

SANS Automation & Orchestration Solutions Forum, January 2020

Hiring and retaining for the SOC: Recruit, Train, and Retain Talented and Dedicated Staff, November 2019

Common and Best Practices for Security Operations Centers: Panel Discussion, July 2019

How To Increase MITRE ATT&CK Coverage with Network Traffic Analysis, June 2019

SANS Automation & Integration Security Briefing: SOARing to New Heights - Using Orchestration & Automation Tools in the Way They're Intended, February 2019

An Evaluator's Guide to Next-Generation SIEM, December 2018

SANS Security Operations Center Briefing: Knowledge Retention, Staff Training, Automation & Operationalization 2018, November 2018

How Network Traffic Analytics Eliminates Darkspace for the SOC, August 2018

Fundamentals of Security Operations, July 2018

Walk, Run, Fly: Key Characteristics of Attaining an Advanced SOC Best practice tips on how to enter the advanced SOC dimension, February 2018

Use Case Development for Security Operations, January 2018


What Your SecOps Team Can (and Should) Do


Chris Crowley's Youtube channel

Christopher's Contributions