LDR551: SANS London May 2025 New

Provided by

Enquire about this course

What You Will Learn
Prevent - Detect - Respond | People - Process - Technology

Information technology is so tightly woven into the fabric of modern business that cyber risk has become business risk. SOC managers must align to their organization and demonstrate real value - a challenge when threats are hard to quantify and stakeholder requirements for the security team are often vague and difficult to translate. How does a SOC communicate their value and focus on operations that enable the organization? LDR551 breaks down security operations into clear and atomic functions that can be measured and improved. We then tie these core SOC activities to high-level organizational goals for easy communication with the SOCs constituency. Common questions SOC managers face are:
  • How do we know our security teams are aligned to the unique threats facing our organization?
  • How do we get consistent results and prove that we can identify and respond to threats in time to minimize business impact?
  • How can we build a SOC team that is empowered and continuously improving, where analysts are empowered to solve problems while focusing on the mission at hand?
Whether you are looking to build a new SOC or take your current team to the next level, LDR551 will super-charge your people, tools, and processes. Each section of LDR551 is packed with hands-on labs that demonstrate key SOC capabilities, and each day concludes with "Cyber42" SOC leadership simulation exercises. Students will learn how to combine SOC staff, processes, and technology in a way that promotes measurable results and covers all manner of infrastructure and organizational requirements. Attackers are always improving, so a SOC that sits still is losing ground. LDR551 will give SOC managers and leaders the tools and mindset required to build the team, process, workflow, and metrics to defend against modern attackers by building the processes for continuously growing, evolving, and improving the SOC team over time.

"There are so many [organizations] that seem to be trying to reinvent the wheel. All they need to do is invest in this course for real world, actionable information that can put them on a solid path toward building, staffing, and leading their own SOC." - Brandi Loveday-Chelsey
What Is A SOC Manager?

A SOC Manager leads an organization's cyber security operations team by developing and guiding implementation of a cyber defense strategy that can minimize the impact of cyber security incidents. Leading a SOC is a complex role that requires merging technical and business sensibilities, and the skills to monitor performance, communicate requirements, and demonstrate results up and down the chain of command.
Business Takeaways
  • Implement strategies for aligning cyber defense to organizational goals
  • Decrease risk profile due to improved security validation tools and techniques
  • Apply methodologies for recruiting, hiring, training, and retaining talented cyber defenders
  • Streamline effective cross-team coordination and collaboration
  • Employ immediate security optimization improvements using current assets
  • Reduce financial spend due to smoother cyber security operations
Skills Learned
  • Construct a strong SOC foundation based on a clear mission, charter, and organizational goals
  • Collect the most important logs and network data
  • Build, train, and empower a diverse team
  • Create playbooks and manage detection use cases
  • Use threat intelligence to focus detection efforts on true priorities
  • Apply threat hunting process and active defense strategies
  • Implement efficient alert triage and investigation workflow
  • Operate effective incident response planning and execution
  • Choose metrics and long-term strategy to improve the SOC
  • Employ team member training, retention, and prevention of burnout
  • Perform SOC assessment through capacity planning, purple team testing, and adversary emulation
Hands-On SOC Manager Training

While LDR551 is focused on management and leadership, it is by no means limited to non-technical processes and theory. The course uses the Cyber42 interactive leadership simulation game to put you in real-world scenarios that spur discussion and critical thinking of situations that you will encounter at work. Throughout the five days of instruction, students will work on seventeen hands-on exercises covering everything from playbook implementation to use case database creation, attack and detection capability prioritization and visualization, purple team planning, threat hunting, and reporting. Attendees will leave with a framework for understanding where a SOC manager should be focusing efforts, how to track and organize defensive capabilities, and how to drive, verify, and communicate SOC improvements.

Hands-on labs include:
  • Section 1: Creating a SOC Mission and Charter, Critical Asset Mapping, Defining SOC Roles, Priority Intelligence Requirements
  • Section 2: Threat Actor Assessment, Cyber Attack Threat Modeling and Data Source Assessments, ATT&CK Navigator for Attacker Technique Prioritization, SOC Capacity Planning
  • Section 3: Detection Rule Management, Measurement, and Visualization, Structuring, Documenting, and Organizing Use Cases, Planning Threat Hunting
  • Section 4: Incident Response Goals and Teamwork, Developing and Implementing SOC Playbooks, Investigation Quality Review
  • Section 5: Creating, Classifying, and Communicating Your Metrics, Purple Team Assessment Planning, Execution and Tracking, SOC Process Improvement
"The labs are great in walking you through practical activities." - Sean Mitchell, Babcock International

"Great labs - will use these a lot." - Andrew Head, dentsu

"[I] liked the Cyber42 game activities as they enforce the concepts learned during the day." - Ilyas Khan, Ericsson

"The exercises while mostly non-technical triggered the thinking process to ensure that all aspects for the building of a SOC are in place."- Wee Hian Peck, INTfinity Consulting PL
Syllabus Summary
  • Section 1: Critical elements necessary to build your Security Operations Center
  • Section 2: Building a threat model, defensive theory, and mental models
  • Section 3: Threat detection and threat modeling
  • Section 4: The full incident response cycle for operations managers
  • Section 5: Measuring and improving security operations
Additional Free Resources
  • Guide to Security Operations, poster
  • Operational Cybersecurity Executive Triad
  • Rekt Casino Hack Assessment Operational Series Security Operations Center Ill-equipped and Unprepared Part 3 of 4
  • Rekt Casino Hack Assessment Operational Series Putting It All Together Part 4 of 4
What You Will Receive
  • Custom distribution of the Linux Virtual Machine containing free open-source SOC tools
  • MP3 audio files of the complete course lecture
  • Printed and Electronic Courseware
  • A digital download package that includes the above and more
  • Access to the Cyber42 web application
What Comes Next
  • LDR516: Building and Leading Vulnerability Management Programs
  • SEC566: Implementing and Auditing CIS Controls

Enquire

Start date Location / delivery
05 May 2025 London Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...