SANSFIRE is right around the corner June 13-20 - Live Online, Register today!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right.Once you register, you can download the presentaion slides below.

Use Case Development for Security Operations

  • Wednesday, January 17, 2018 at 10:00 PM EST (2018-01-18 03:00:00 UTC)
  • Christopher Crowley

You can now attend the webcast using your mobile device!



This talk will discuss the task most critical to improving SOC capability: development of appropriate scenarios of inspection. This is typically referred to as a use case. To be successful It must blend: technical knowledge of deployed systems, knowledge of threat capability and common behavior, understanding of the organizations information assets, and data collection.

As a background for this use case discussion, the functional areas required for a SOC will be identified. Since people are necessary to be effective at analysis which produces use cases, a discussion of analysis and developing strategies for ongoing development will also be presented.

Speaker Bio

Christopher Crowley

Mr. Crowley has 15 years of industry experience managing and securing networks. He currently works as an independent consultant in the Washington, DC area focusing on effective computer network defense. His work experience includes penetration testing, security operations, incident response, and forensic analysis.

Mr. Crowley is the course author for for SANS Management 517 - Managing Security Operations and SANS Management 535 - Incident Response Team Management. He holds the GSEC, GCIA, GCIH (gold), GCFA, GPEN, GMOB, GASF, GREM, GXPN and CISSP certifications. His teaching experience includes FOR585, MGT517, MGT535, SEC401, SEC503, SEC504, SEC560, SEC575, and SEC580; Apache web server administration and configuration; and shell programming.

He was awarded the SANS 2009 Local Mentor of the year award. "The Mentor of the Year Award is given to SANS Mentors who excel in leading SANS Mentor Training classes in their local communities."

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.