SANS 2021 features 30+ Interactive Courses, Three NetWars Tournaments, Trivia Night, and Bonus Talks. Save $150 thru Tomorrow!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Practical lessons from standing up a greenfield Security Operations Center

  • Thursday, February 25, 2021 at 10:30 AM EST (2021-02-25 15:30:00 UTC)
  • Joost Bijl, Peter Manev, Chris Crowley


  • Stamus Networks, LLC

You can now attend the webcast using your mobile device!



Few organizations have the luxury of building their security technology stack from scratch. But most of us will replace all our controls, tools and systems over the course of the next five years. So, what can we learn from the experiences of a team who just finished building out a brand new security infrastructure and SOC for a managed security services business?

In this webinar, you will hear the key decision points around what to monitor, where to monitor, how to monitor and how to staff the SOC team that went into the creation of growing European managed detection and response (MDR) service provider, Hunt & Hackett. You will learn how you can make data-informed decisions to ensure you dont have detection blind spots.

You will learn the critical role network monitoring plays in their service offering, and understand why they believe the network does not lie. With the specific example of their network detection and response (NDR) infrastructure, you will learn what solutions the team selected and their no-nonsense approach to network monitoring. And you will see a live demonstration of their capabilities using real-world use cases.

Who should attend:

  • Security operations leaders and staff
  • Security analysts
  • Threat hunters
  • Network security practitioners

What attendees can expect:

  • A brief introduction to the mission of a managed detection and response provider
  • To glean practical insight into the architecture and tool selection required to stand up a brand new SOC
  • To learn how data informs infrastructure and process decisions for each client at Hunt & Hackett
  • A brief introduction to the Stamus Networks network detection and response (NDR) system, Scricius Security Platform and its unique mission to achieve the industrys best detection and seamless integration into the broader security tech stack
  • A live demo showing how the Scirius Security Platform is used for both advanced automated detection as well as guided threat hunting

Speaker Bios

Joost Bijl

Joost is a product manager at Hunt & Hackett, a cyber security services start-up based in the Netherlands. He is a techie at heart and fascinated by the ways businesses add value to their customers. Extended experience in cyber security, high-tech marketing and product management. Joost has 20 years of experience in cyber security, specializing in security operations centers and managed security monitoring services.

Peter Manev

Peter Manev is the co-founder and Chief Strategy Officer (CSO) of Stamus Networks, a growing network security company. He is also a member of the executive team at Open Network Security Foundation (OISF).  Peter has over 15 years of experience in the IT industry, including enterprise-level IT security practice. He is a passionate user, developer and explorer of innovative open source security software.  and is responsible for training as well as quality assurance and testing on the development team of Suricata – the open source threat detection engine. Peter is a regular speaker and educator on open source security, threat hunting, and network security.

Chris Crowley

Christopher Crowley is the course author for SANS Management 517 - Managing Security Operations and SANS Management 535 - Incident Response Team Management. Chris holds several industry certifications including the GSEC, GCIA, GCIH (gold), GCFA, GPEN, GMOB, GASF, GREM, GXPN, and CISSP. His teaching experience includes FOR585, MGT517, MGT535, SEC401, SEC503, SEC504, SEC560, SEC575, and SEC580; Apache web server administration and configuration; and shell programming. He was awarded the SANS 2009 Local Mentor of the year award. "The Mentor of the Year Award is given to SANS Mentors who excel in leading SANS Mentor Training classes in their local communities." Mr. Crowley spends his spare time mountain biking, rock climbing and savoring epicurean treats.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.