Got GIAC? Free GIAC Cert Attempt Included with OnDemand 5 or 6 Day Training thru July 7


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Future SOCs: Results of the 2017 SANS Survey on Security Operations Centers, Part 2

  • Thursday, May 18, 2017 at 1:00 PM EDT (2017-05-18 17:00:00 UTC)
  • Christopher Crowley, Braden Preston, Jim Wachhaus , Ksenia Coffman


  • Carbon Black
  • Endgame
  • LogRhythm
  • NETSCOUT Systems, Inc.
  • ThreatConnect
  • Tripwire, Inc.

You can now attend the webcast using your mobile device!



Join survey author Christopher Crowley as he co-chairs the SANS SOC Summit June 5-6, 2017.

SOCs need to provide active defense against live, often unknown threats, while measuring their security success with metrics. Just how satisfied are organizations with their SOCs in these areas? Do they experience better service with cloud-based managed providers or are in-house SOCs most effective? And what did respondents to the new SANS SOC survey indicate that they'd like to see in their future SOCs?

These and other questions will be answered in this second part of a two-part webcast releasing the results of the 2017 SANS Survey on Security Operations Centers. Attend this webcast to, learn:

  • Functionality respondents most value in their SOCs
  • Whether or not they are more satisfied with cloud-based SOC services or their in-house SOC teams
  • Who's measuring success of SOC operations and how they are measuring success
  • What's on respondents' wish lists for SOC operations in 2018

Click Here to be among the first to view the associated whitepaper written by Chris Crowley that will release the full results of the survey. Click here to register for Part 1 of our SOC survey webcast: SOCs Grow Up to Protect, Defend, Respond, held on Wednesday, May 17, 2017.

Speaker Bios

Christopher Crowley

Christopher Crowley, a senior SANS instructor and course author for SANS courses in Managing Security Operations and MGT535 Incident Response Team Management, holds multiple certifications. He received the SANS 2009 Local Mentor of the Year award for excellence in providing mentor classes to his local community. Chris is a consultant based in Washington, D.C., who has more than 15 years of experience in managing and securing networks. His areas of expertise include network and mobile penetration testing, mobile device deployments, security operations, incident response and forensic analysis.

Braden Preston

Braden Preston is a principal product manager at Endgame. He is a customer-focused product manager with 9 years of experience in developing customer requirements and leading product development. Braden possesses an excellent ability to listen to customer challenges, derive customer and market requirements and lead cross-functional design teams to bring products to market. He has also served as deputy commissioner and technology workgroup co-lead on the 2011 and 2012 TechAmerica Cloud Commission for State, Local and Federal Government.

Jim Wachhaus

Jim Wachhaus, Director of Technical Product Marketing at CyCognito is passionate about building good cyber-defenses.

He began 20+ years of experience in information system security working on McAfee’s Gauntlet Firewall and held engineering roles at Secure Computing, Symantec, and Tripwire. Jim has extensive experience in management of complex, large enterprise security software deployments. He’s done product and marketing management on cybersecurity products that address the foundational controls of external attack surface management, software and hardware asset management, vulnerability management, secure configuration management, and log management.

Ksenia Coffman

Ksenia Coffman is product marketing manager at NETSCOUT. She is responsible for content development and industry tracking, with a focus on network performance and cybersecurity monitoring.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.