Top Instructors Share Their Expertise ONLINE at SANS - Special Offers Available NOW!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

3 Critical Concepts That New SOC Analysts Must Master

  • Monday, December 02, 2019 at 1:00 PM EST (2019-12-02 18:00:00 UTC)
  • John Hubbard

You can now attend the webcast using your mobile device!



New to the SOC? As the first order of business, building a thorough understanding of your data collection pipeline, formats, and analysis tools is one of the key actions to orienting yourself to the wealth of data at your fingers, but where to start? Modern Security Operations Centers are a cornucopia of logs and network data strewn across multiple tools, all of which analysts must understand and use on a daily basis. Seeing the big picture on how it all fits together, however, can be confusing as a newcomer.

In this webcast, John will break down both host and network data types and formats, the most common tools used in the SOC, and draw the big picture on how everything fits together to form your complete security monitoring operation. If you've ever wondered how logs get from endpoints to your SIEM, from network taps to logs, or how all your devices work together to produce a robust, integrated monitoring system, this webcast is for you!

Speaker Bio

John Hubbard

John is a Security Operations Center (SOC) consultant and speaker, a Certified SANS instructor, and the course author of 3 SANS courses: SEC450: Blue Team Fundamentals - Security Operations and Analysis, MGT551: Building and Leading Security Operations Centers, and SEC455: SIEM Design & Implementation. John also teaches additional SANS Blue Team courses such as SEC511: Continuous Monitoring and Security Operations, and SEC555: SIEM with Tactical Analytics. Through his years of experience as a Lead Cyber Security Analyst and SOC Manager for a major pharmaceutical company with over 100,000 employees and global operations, John has developed real-world, first-hand knowledge of what it takes to defend an organization against advanced cyber-attacks. Read more about John here.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.