Live, interactive cybersecurity training available through SANS Live Online. View upcoming events.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Designing and Building a SOC: In-house vs. Out-Sourcing

  • Monday, October 17, 2016 at 1:00 PM EDT (2016-10-17 17:00:00 UTC)
  • Chris Crowley

You can now attend the webcast using your mobile device!



What critical functional components of a SOC make the most sense to out-source? Most organizations face budgetary constraints and limited resource when trying to stand up a SOC. Selecting key competencies and skills to develop and maintained in-house takes vision and thorough understanding of the organization. Deciding what critical functions to out-source could have a major impact on how effective the SOC will be in detecting, monitoring, and responding to incidents over the long haul. Carefully leveraging outsourced partners to cover gaps can realize substantial payback. Your reputation as a tactical and strategic thinker will be well deserved if you employ the available resources wisely. Using those resources poorly will probably drain the organization of valuable intellectual capital and put it at a long term disadvantage.

In this webcast, SANS Instructor and SOC expert, Chris Crowley, will discuss the pros and cons of the functional components that can be out-sourced to enhance SOC capabilities. Critical components to consider when building a SOC are:

  1. SOC Command Center
  2. Network Security Monitoring
  3. Threat Intelligence
  4. Incident Response
  5. Forensic Analysis
  6. Self-Assessment

**Note: We will have 20 minutes of extended Q&A to answer all your questions.

Content is based on the new SANS MGT517 course entitled "Managing Security Operations: Detection, Response, and Intelligence." The course covers the design, build, and operation of security operations centers with a deep dive into managing incident response.

Speaker Bio

Chris Crowley

Christopher Crowley, a SANS Senior Instructor, has 15 years of industry experience managing and securing networks. He currently works as an independent consultant in the Washington, DC area focusing on effective computer network defense. His work experience includes penetration testing, security operations, incident response, and forensic analysis. "The Mentor of the Year Award is given to SANS Mentors who excel in leading SANS Mentor Training classes in their local communities."

"Chris really knew his stuff and presented ideas that made me change my mind on some policies and configs we employ ." - William Jeskey, Tarrant County College
"Chris was one of the best instructors I have ever had in any training environment in almost 24 years of service." - Anonymous

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.