CURRICULUM: Cyber Defense GSOC Security Operations giac.org/gsoc 6 Day Program 36 CPEs 21+ Labs You Will Be Able To ▐ Make the most of security telemetry including endpoint, network, and cloud-based sensors ▐ Identify the best opportunities for SOAR platform and other script-based automation ▐ Keep your security operations tempo on track with in-depth discussions on what a SOC or Security Operations team should be doing at every step from data generation to detection, triage, analysis, and incident response ▐ Quickly identify and separate typical commodity attack alerts from high-risk, high- impact advanced attacks, and how to carefully and thoroughly conduct security incident analysis free of cognitive bias ▐ Give detailed explanations of processes and techniques to reduce false positives to a minimum ▐ Quickly and accurately triage security incidents, using clever data correlation and enrichment techniques that will immediately surface and sort true positives from false positives ▐ Craft automation workflows for common SOC activities, relieving analysts of boring tasks and freeing up time for better threat hunting and detection engineering Who Should Attend ▐ Security analysts ▐ Incident investigators ▐ Security engineers and architects ▐ Technical security managers ▐ SOC managers looking to gain additional technical perspective on how to improve analysis quality, reduce turnover, and run an efficient SOC ▐ Anyone looking to start their career on the blue team NICE Framework Work Roles ▐ Cyber Defense Analyst (OPM 511) ▐ Cyber Defense Infrastructure Support Specialist (OPM 521) The Blueprint for SOC Analyst Excellence SEC450 is a course designed from the ground up to be the most comprehensive SOC analyst training course available. If you are working in cyber defense operations, building a SOC, or want to improve the SOC you already with better data, workflow, and analysis technique, SEC450 is the course for you! By providing a detailed explanation of the mission and mindset of a modern cyber defense operation, this course will jumpstart and empower those on their way to becoming the next generation of blue team members. With six days of training, six course books, twenty hands-on labs, and an all-day Defend the Flag Capstone competition, there is simply no other offering on the market as complete as SEC450 for SOC and security analyst training. Business Takeaways ▐ A turn-key solution for SOC analyst training needs - giving analysts the skills they need to understand the tools, data, and defensive priorities required to defend your network from high-impact cyber attacks ▐ How to derive clear strategic priorities for your security operations team ▐ Show you how to make the most of security telemetry including endpoint, network, and cloud-based sensors ▐ A battle-tested method to reduce false positives to the lowest possible level ▐ The techniques for quick and accurate security incident triage ▐ The methods to improve the effectiveness, efficiency, and impact of your SOC Syllabus Summary SECTION 1: Security Operations Teams, Tools, And Mission Overview SECTION 2: Network Traffic Analysis SECTION 3: Endpoint Defense, Security Logging, and Malware Identification Overview SECTION 4: Efficient Alert Triage and Email Analysis SECTION 5: Continuous Improvement, Analytics, and Automation SECTION 6: Capstone: Defend the Flag SEC450: Blue Team Fundamentals: Security Operations and Analysis™ “ So far, SEC450 not only meets but goes beyond my expectations. One year ago, I became a SOC team lead and this course adds to my knowledge and puts a more structured approach on what a SOC I am running should look like.” —Radek Ochrymowicz, Frontex John Hubbard Course Author For detailed course description, visit SANS.ORG/SEC450 WAYS TO TAKE SEC450 Live Online In-Person OnDemand
