To attend this webcast, login to your SANS Account or create your Account.

Guide to Selecting and Sourcing a Managed Security Services Provider

  • Friday, October 6th, 2017 at 3:00 PM EST (19:00:00 UTC)
  • Chris Crowley and Cory Mazzola
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


In this webcast, we will discuss strategies and options for staffing our Security Operations Center (SOC) to meet key strategic objectives. We will evaluate the various models, methods and mechanisms to support core SOC capabilities - continuous monitoring, threat detection/response, incident response, threat intelligence, etc. We'll also detail and examine relevant industry best practices, key considerations, legal requirements, standards, grading/scoring methods, cost models and operational frameworks.

Speaker Bios

Cory Mazzola

Mr. Mazzola is an accomplished security executive with over twenty years of experience managing global cyber security centers, building enterprise risk management programs and leading distributed cross-functional security teams. Currently, he teaches security operations management with the SANS Institute and is the executive in charge of global cyber security operations for a multinational Fortune 500 company. His portfolio includes Incident Response, Threat Intelligence, Digital Forensics, eDiscovery, Data Loss Prevention & Investigations, Cybersecurity Engineering as well as multiple Security Operations Centers (SOCs) strategically positioned throughout North America and Asia.

Chris Crowley

Mr. Crowley has 15 years of industry experience managing and securing networks. He currently works as an independent consultant in the Washington, DC area. His work experience includes penetration testing, computer network defense, incident response, and forensic analysis.

Mr. Crowley is the course author for SANS Management 535 - Incident Response Team Management and holds the GSEC, GCIA, GCIH (gold), GCFA, GPEN, GREM, GMOB, and CISSP certifications. His teaching experience includes SEC401, SEC503, SEC504, SEC560, SEC575, SEC580, FOR585, and MGT535; Apache web server administration and configuration; and shell programming. He was awarded the SANS 2009 Local Mentor of the year award. "The Mentor of the Year Award is given to SANS Mentors who excel in leading SANS Mentor Training classes in their local communities."

"Chris really knew his stuff and presented ideas that made me change my mind on some policies and configs we employ ." - William Jeskey, Tarrant County College
"Chris was one of the best instructors I have ever had in any training environment in almost 24 years of service." - Anonymous

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.