CURRICULUM: Cyber Defense GSOC Security Operations giac.org/gsoc 6 Day Program 36 CPEs 22 Labs You Will Be Able To ▐ Make the most of security telemetry including endpoint, network, application, and cloud-based data ▐ Identify the best opportunities to make your team more efficient, utilizing scripts, SOAR, and AI agents ▐ Keep your security operations tempo on track with in-depth discussions on what a SOC or security operations team should be doing at every step from security monitoring to detection, triage, analysis, and beyond ▐ Quickly identify the separate typical commodity attack alerts from high-risk, high-impact advanced attacks, and how to do careful, thorough, and cognitive-bias free security incident analysis ▐ Give detailed explanations, processes, and techniques to reduce false positives to a minimum ▐ Demonstrate how to collect, organize, and use relevant threat data in a threat intelligence platform (TIP); principles of success for endpoint security data collection whether you use a SIEM, EDR, NDR, or XDR; how to quickly and accurately triage security incidents; crafting generative AI- powered automation workflows for common SOC activities; and how to best use case management systems to effectively analyze, document, track, and extract critical metrics from your security incidents Who Should Attend ▐ Security analysts ▐ Incident investigators ▐ Security engineers and architects ▐ Technical security managers ▐ SOC managers looking to gain additional technical perspective on how to improve analysis quality, reduce turnover, and run an efficient SOC ▐ Anyone looking to start their career on the blue team NICE Framework Work Roles ▐ Cyber Defense Analyst (OPM 511) ▐ Cyber Defense Infrastructure Support Specialist (OPM 521) SEC450™ is a SOC Analyst training course ideal for those working in cyber defense operations or building and improving a SOC. It offers six days of training, hands-on labs, and a Capstone competition, covering the mission, mindset, and techniques needed for modern cyber defense. The course, paired with the GIAC GSOC certification, provides essential skills for detecting and halting advanced cyberattacks, making it the gold standard in security operations training. Business Takeaways ▐ Stop Missing Real Threats—Your analysts will master advanced detection techniques that catch sophisticated attacks others miss, including network-based hunting, malware analysis, and structured investigation methods that quickly and accurately identify compromise. ▐ Eliminate Alert Fatigue—Learn proven detection engineering and tuning strategies that dramatically reduce false positives while maintaining security coverage, allowing your team to focus on actual threats. ▐ Maximize Your Security Technology Investment—Get full value from your SIEM, XDR, EDR, and threat intelligence platforms through proper integration, advanced query techniques, and workflow optimization that most organizations never achieve. ▐ Accelerate Incident Response—Implement structured triage processes, quality investigation frameworks, and AI-powered automation that cut response times and improve accuracy under pressure. ▐ Build Sustainable Operations—Develop your team’s expertise in the advanced skills that prevent burnout, reduce turnover, and create the high-performing SOC analysts every organization struggles to find and retain. Syllabus Summary SECTION 1: Blue Team Tools and Operations SECTION 2: Understanding Your Network SECTION 3: Understanding Endpoints, Logs, and Files SECTION 4: Triage and Analysis SECTION 5: Continuous Improvement, Analytics, and Automation SECTION 6: Capstone: Defend the Flag SEC450: SOC Analyst Training – Applied Skills for Cyber Defense Operations™ MAJOR UPDATE “ So far, SEC450 not only meets but goes beyond my expectations. One year ago, I became a SOC team lead and this course adds to my knowledge and puts a more structured approach on what a SOC I am running should look like.” —Radek Ochrymowicz, Frontex John Hubbard Course Author For detailed course description, visit SANS.ORG/SEC450 WAYS TO TAKE SEC450 Live Online In-Person OnDemand
