Prove Skill Mastery with GIAC Certs - Free Cert Attempt Included with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

20/20 Vision for Implementing a Security Operations Center A SANS Whitepaper

  • Wednesday, November 18, 2020 at 3:30 PM EST (2020-11-18 20:30:00 UTC)
  • Chris Crowley


  • CrowdStrike, Inc.
  • Splunk
  • Vectra Networks Inc.

You can now attend the webcast using your mobile device!



Organizations want to transform the Security Operations Center (SOC) with automation and orchestration. Threat intelligence needs to be ingested, defense expenditures need to be optimized based on attacker tactics and techniques, new technology needs to be implemented, cloud resources and other external resources are taking the place of traditional on-premises systems, and skilled staff are scarce.

To accomplish this modernization in stream with existing operations, a clear strategy for the capabilities and implementation is needed. How will you develop this strategic vision? Most organizations will look to the industry standards and reference implementations to determine a strategy before proceeding.

This paper and webcast will help you explore what those models are. It will identify and discuss several models of what a SOC is. The relative merits and shortcomings will be identified, and value propositions will be offered. Your strategic outlook and your implementation will be substantially improved as a result.

Register today to be among the first to receive the associated product review written by security expert Chris Crowley!

Speaker Bio

Chris Crowley

Christopher Crowley is the course author for SANS Management 517 - Managing Security Operations and SANS Management 535 - Incident Response Team Management. Chris holds several industry certifications including the GSEC, GCIA, GCIH (gold), GCFA, GPEN, GMOB, GASF, GREM, GXPN, and CISSP. His teaching experience includes FOR585, MGT517, MGT535, SEC401, SEC503, SEC504, SEC560, SEC575, and SEC580; Apache web server administration and configuration; and shell programming. He was awarded the SANS 2009 Local Mentor of the year award. "The Mentor of the Year Award is given to SANS Mentors who excel in leading SANS Mentor Training classes in their local communities." Mr. Crowley spends his spare time mountain biking, rock climbing and savoring epicurean treats.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.