Final Week: Get an iPad (32 G), Galaxy Tab A, or Take $250 Off OnDemand Training - Ends Jan 27


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

SOC Capabilities and Usefulness: Part II of the SANS SOC Survey Results Webcast

  • Thursday, August 16, 2018 at 1:00 PM EDT (2018-08-16 17:00:00 UTC)
  • Christopher Crowley, Gary Golomb, Lital Grossman, John Moran, John Pescatore


  • Authentic8
  • Awake Security
  • CYBERBIT Commercial Solutions
  • DFLabs
  • ExtraHop
  • LogRhythm

You can now attend the webcast using your mobile device!



As the network perimeter melts away, SOCs have no choice but to evolve. The use of cloud, mobile, personal and Industrial IoT are but a few of the technology innovations forcing this evolution. In this webcast, learn the tools and technologies SOCs are deploying to integrate and manage all their security, operational and response data for better protection, detection and response.

In this webcast, SANS Principal Instructor Chris Crowley will discuss the results of the SANS 2018 SOC Survey, including:

  • Differences between SOCs that identify as MSSPs and SOCs that do not identify as MSSPs
  • Tools and technologies used to prevent, detect and respond to attacks
  • SOCs' likelihood to address IoT and non-traditional IT
  • Integration between tools for needed data sharing before, during and after events
  • Automated and manual actions taken and the value of both
  • Challenges holding organizations back from fully realizing SOC usefulness

Register for Part I of this webcast, "No Single Definition of a SOC," here.

Attend this webcast and be among the first to receive access to the associated survey whitepaper developed by Chris Crowley and SANS Director John Pescatore.

Learn how to bring your SOC to the next level at the upcoming SANS Security Operations Summit:

View the associated survey here.

Speaker Bios

Christopher Crowley

Christopher Crowley, a senior SANS instructor and course author for SANS courses in Managing Security Operations and MGT535 Incident Response Team Management, holds multiple certifications. He received the SANS 2009 Local Mentor of the Year award for excellence in providing mentor classes to his local community. Chris is a consultant based in Washington, D.C., who has more than 15 years of experience in managing and securing networks. His areas of expertise include network and mobile penetration testing, mobile device deployments, security operations, incident response and forensic analysis.

Gary Golomb

Chief Scientist & Co-Founder, Awake Security; heads up security research at Awake. He has nearly two decades of experience in threat analysis and has led investigations and containment efforts in a number of notable cases. With this experience - and a track record of researching and teaching state-of-the art detection and response methodologies - Gary is focused on helping Awake improve security craft as the company's chief research officer. Prior to Awake, Gary was one of the first employees at Cylance. He was also a co-founder of Proventsure, which was acquired by NetWitness and ultimately by RSA. He served in the United States Marines 2nd Force Reconnaissance Company.

Lital Grossman

Cyberbit Director of Product Marketing Lital Grossman is an experienced cyber security professional, with more than 15 years of track record in cyber product management, product strategy and business development. In previous roles, Lital led cyber business strategy and product definition while exploring market needs and constructing business partnerships. In her current role, Lital leads market analysis efforts, messaging, collaterals delivery, sales enablement and strategic planning. Lital served in the Israel Defense Forces intelligence corps, and holds a BSc in electrical engineering from Tel Aviv University.

John Moran

John Moran is a Product Management, Security Operations and Incident Response expert and currently holds the position of Senior Product Manager at DFLabs where he is responsible for shaping the product roadmap, strategic planning, technology partnerships and customer success.  He has served as a Senior Incident Response Analyst for NTT Security, Computer Forensic Analyst for the Maine State Police Computer Crimes Unit and Task Force Officer for the US Department of Homeland Security's Human Trafficking Task Force. John currently holds a Bachelor's Degree in Computer Forensics and a Master's Degree in Information Assurance as well as PMC-III, GCFA, CFCE, EnCE, CEH, and CHFI certifications

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013 after more than 13 years as lead security analyst for Gartner, running consulting groups at Trusted Information Systems and Entrust, 11 years with GTE, and service with both the National Security Agency, where he designed secure voice systems, and the U.S. Secret Service, where he developed secure communications and surveillance systems and "the occasional ballistic armor installation." John has testified before Congress about cybersecurity, was named one of the 15 most-influential people in security in 2008 and is an NSA-certified cryptologic engineer.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.