Get unparalleled cyber security training from real-world practitioners in Miami. Save $300 today!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Designing and Building a SOC: In-house vs. Out-Sourcing

  • Monday, October 17th, 2016 at 1:00 PM EDT (17:00:00 UTC)
  • Chris Crowley
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

What critical functional components of a SOC make the most sense to out-source? Most organizations face budgetary constraints and limited resource when trying to stand up a SOC. Selecting key competencies and skills to develop and maintained in-house takes vision and thorough understanding of the organization. Deciding what critical functions to out-source could have a major impact on how effective the SOC will be in detecting, monitoring, and responding to incidents over the long haul. Carefully leveraging outsourced partners to cover gaps can realize substantial payback. Your reputation as a tactical and strategic thinker will be well deserved if you employ the available resources wisely. Using those resources poorly will probably drain the organization of valuable intellectual capital and put it at a long term disadvantage.

In this webcast, SANS Instructor and SOC expert, Chris Crowley, will discuss the pros and cons of the functional components that can be out-sourced to enhance SOC capabilities. Critical components to consider when building a SOC are:

  1. SOC Command Center
  2. Network Security Monitoring
  3. Threat Intelligence
  4. Incident Response
  5. Forensic Analysis
  6. Self-Assessment

**Note: We will have 20 minutes of extended Q&A to answer all your questions.

Content is based on the new SANS MGT517 course entitled "Managing Security Operations: Detection, Response, and Intelligence." The course covers the design, build, and operation of security operations centers with a deep dive into managing incident response.

Speaker Bio

Chris Crowley

Mr. Crowley has 15 years of industry experience managing and securing networks. He currently works as an independent consultant in the Washington, DC area. His work experience includes penetration testing, computer network defense, incident response, and forensic analysis.

Mr. Crowley is the course author for SANS Management 535 - Incident Response Team Management and holds the GSEC, GCIA, GCIH (gold), GCFA, GPEN, GREM, GMOB, and CISSP certifications. His teaching experience includes SEC401, SEC503, SEC504, SEC560, SEC575, SEC580, FOR585, and MGT535; Apache web server administration and configuration; and shell programming. He was awarded the SANS 2009 Local Mentor of the year award. "The Mentor of the Year Award is given to SANS Mentors who excel in leading SANS Mentor Training classes in their local communities."

"Chris really knew his stuff and presented ideas that made me change my mind on some policies and configs we employ ." - William Jeskey, Tarrant County College
"Chris was one of the best instructors I have ever had in any training environment in almost 24 years of service." - Anonymous

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.