Best Offers of the Year Ends Tomorrow - Don't Miss Out! Get an iPad Air with Smart Keyboard or Pixel 4a Smartphone!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Designing and Building a SOC: Management Fundamentals

  • Friday, August 05, 2016 at 1:00 PM EDT (2016-08-05 17:00:00 UTC)
  • Christopher Crowley

You can now attend the webcast using your mobile device!



Designing and building an effective security operation center requires security managers and leaders to fit capabilities to both an organizations culture and business requirements.

Learn the distinct functional areas that every SOC should have. These areas allow organizations to create an architecture for the high-level components of security operations: command center; network security monitoring functionality; threat intelligence; incident response; forensic analysis; and ongoing self-assessment of the attack surface of the organization.

With these functional areas in place and aligned with the business, you will be better positioned to thwart modern, motivated threats to your information assets.

Content is based on the new SANS MGT517 course entitled "Managing Security Operations: Detection, Response, and Intelligence." The course covers the design, build, and operation of security operations centers with a deep dive into managing incident response.

Speaker Bio

Christopher Crowley

Mr. Crowley has 15 years of industry experience managing and securing networks. He currently works as an independent consultant in the Washington, DC area focusing on effective computer network defense. His work experience includes penetration testing, security operations, incident response, and forensic analysis.

Mr. Crowley is the course author for for SANS Management 517 - Managing Security Operations and SANS Management 535 - Incident Response Team Management. He holds the GSEC, GCIA, GCIH (gold), GCFA, GPEN, GMOB, GASF, GREM, GXPN and CISSP certifications. His teaching experience includes FOR585, MGT517, MGT535, SEC401, SEC503, SEC504, SEC560, SEC575, and SEC580; Apache web server administration and configuration; and shell programming.

He was awarded the SANS 2009 Local Mentor of the year award. "The Mentor of the Year Award is given to SANS Mentors who excel in leading SANS Mentor Training classes in their local communities."

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.