Get an 11" iPad Pro, Surface Go 2, or $300 Off with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

When a Plan Comes Together: Building a SOC “A-Team”

  • Tuesday, February 18, 2020 at 10:30 AM EST (2020-02-18 15:30:00 UTC)
  • Mark Orlando

You can now attend the webcast using your mobile device!



When facing a wide range of threats and finite resources with which to combat them, you must find innovative ways of finding the right talent, hiring them, training them, and creating a team that is as effective as it is inventive.

Addressing this challenge goes far beyond writing a good job description and sourcing candidates. This talk will begin by examining the disparity between available talent and a growing demand for experienced personnel, even for relatively junior positions. We'll discuss ways to create not only an effective technical environment, but one that is conducive to positive morale and professional growth for people of all skill levels and backgrounds. Well walk through some real world challenges, roles and skill types, and unique approaches to recruiting and skill evaluation. Finally, I'll close with some personal anecdotes and "dos and don'ts" based on my experience building and running security operations teams.

Speaker Bio

Mark Orlando

Mark started his security career in 2001 as a SOC Analyst, and since then has been both fighting for blue team resources and trying to automate them out of a job. He has built, assessed, and managed security teams at the Pentagon, the White House, the Department of Energy, global Managed Security Service Providers, and numerous Fortune 500 clients. 

Mark’s passion is finding new and innovative ways to help defenders scale through the right application of foundational knowledge and assistive technology, and helping people in leadership and non-technical roles navigate the many challenges of information security. In 2012, he designed and launched a Managed Detection and Response (MDR) service offering and helped to invent an automated cyber threat hunting technology, both of which were later acquired. 

Mark has presented on security operations and assessment at DefCon’s Blue Team Village, the Institute for Applied Network Security (IANS) Forum, BSidesDC, and the RSA Conference and has been quoted in the New York Times, the Washington Post, Forbes, CNBC, SC Magazine, and many other publications. He holds a Bachelor’s Degree in Advanced Information Technology from George Mason University and served in the US Marine Corps as an Artillery Non-Commissioned Officer. In his spare time, Mark enjoys reading, going to rock shows, and sneaking in the occasional Netflix binge.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.