homepage
Open menu
2340x500_Security_Operations_Center.jpg

Security Operations Center Training

Equipping Blue Teamers with the right training and resources to safeguard their organizations.
General Training CoursesFocused Specialty CoursesResourcesReviews
470x382_Classroom_General24.jpg

SOC Training & Resources

SANS offers training certification and resources for SIEM, Elastic Stack, and modern detection techniques to help equip Blue Teamers with the right knowledge and know-how that is needed to safeguard their organizations and drive security operations with actionable intelligence.

General Training Courses

Blue Team Operations
SEC450: Blue Team Fundamentals: Security Operations and Analysis
SEC450 provides students with technical knowledge and key concepts essential for security operation center (SOC) analysts and new cyber defense team members. By providing a detailed explanation of the mission and mindset of a modern cyber defense operation, this course will jumpstart and empower...
Certification:

  • GSOC

Course Details
Blue Team Operations
SEC511: Continuous Monitoring and Security Operations
This course assesses the current state of security architecture and continuous monitoring, and provides a new approach to security architecture that can be easily understood and defended. When students finish, they have a list of action items in hand for making their organization one of the most...
Certification:

  • GMON

Course Details
new
Security Management, Legal, and Audit
MGT551: Building and Leading Security Operations Centers
Managing a security operations center (SOC) requires a unique combination of technical knowledge, management skills, and leadership ability. Whether you are looking to build a new SOC or take your current team to the next level, MGT551 provides the right balance of these elements to super-charge...
Course Details

    Focused Specialty Courses

    Blue Team Operations
    SEC503: Intrusion Detection In-Depth
    SEC503: Intrusion Detection In-Depth delivers the technical knowledge, insight, and hands-on training you need to defend your network with confidence. You will learn about the underlying theory of TCP/IP and the most used application protocols, such as HTTP, so that you can intelligently examine...
    Certification:

    • GCIA

    Course Details
    Blue Team Operations
    SEC555: SIEM with Tactical Analytics
    Many organizations have logging capabilities but lack the people and processes to analyze them. In addition, logging systems collect vast amounts of data from a variety of data sources which require an understanding of the sources for proper analysis. This class is designed to provide training,...
    Certification:

    • GCDA

    Course Details
    beta
    Blue Team Operations
    SEC586: Blue Team Operations: Defensive PowerShell
    Are you a Blue Teamer who has been asked to do more with less? Do you wish you could detect and respond at the same pace as your adversaries who are breaking into and moving within the network? SEC586: Blue Team Operations: Defensive PowerShell teaches deep automation and defensive capabilities...
    Course Details

      SOC Resources

      400x460_Security_Operations_Center_SecOps_Poster.jpg
      Poster
      Guide to Security Operations
      This guide is a collection of some of the most useful information and models for those working in cybersecurity operations centers, as well as pointers to some incredibly powerful free tools, book references, and more to help build your team, skills, and defensive capabilities.
      Download Guide
      340x340_BTO_Shield.png 340x340_BTO_Shield.png
      SANS Blue Team Operations
      The most trusted source of cyber defense and blue team training, certification, and research.
      Learn More

      Reviews

      Read what others have to say about SANS courses.
      The immediate value of the course material is unlike any course or training I've received. A++.
      David Savercool
      - Dart Container
      SEC555 has covered major issues we've encountered.
      Troy Barnhart
      - Regional Health
      Thank you for a very informative week! SEC555 has totally changed what I think about SIEM!
      Ben Curry
      - F&M Bank
      This course is as practical and real-world as it gets. SEC555 provides numerous quick wins and really stimulates thinking about relative value of numerous ways to defend your organization.
      Mikhale Vitebskiy
      - Lexington Partners
      SEC555 justifies what we have been doing in my company but gives a ton of new ideas to implement for better detection of bad stuff. It's a class I would highly recommend to the rest of my team!
      Choy Kok Ming
      - ExxonMobil
      Instant value! Sent my team 5 improvement action items driven by todays content. Plus, we now have a plan to implement network log collection that will likely save me more than $250k in expenses for our current budget cycle.
      Rob Conn
      - EchoStar
      I came to SEC555 to be introduced to high impact investigative techniques that will net the greatest return on investment for my SOC, and SANS delivered.
      Conrad Bovell
      - CMS