If you're looking for cyber analyst training for either technical or leadership roles, here is the list of the content I've produced on the subject.
SANS SOC Training
My premiere SOC Analyst training (SEC450) and SOC Management training (MGT551) course offerings are available through the SANS Institute at the links below. Courses are offered at in person events, through virtual live presentation, and on your own schedule through the SANS OnDemand format.
If you'd like to see the schedule for all courses I'm teaching, click here.
For SOC Analyst Training and SOC Automation
- Course Syllabus and Info: SANS SEC450: Blue Team Fundamentals - Security Operations and Analysis
- Certification: GIAC GSOC
SEC450 is a technical course meant to jumpstart the career of SOC analysts and anyone working closely with a security operations team (architects, engineers, managers). The class includes numerous hands-on exercises with all common SOC tools such as a SIEM, threat intelligence platform, incident management and ticketing systems, full packet capture tools, intrusion detection systems, and more. It explains not just a list of important things to do, but why they are important, enabling students to walk away not just with a list of tricks, but with a mindset for cyber defense. As the proverb says "If you give a person a fish, you feed them for a day. If you teach a person to fish, you feed them for a lifetime." This class uses the "teach you to fish" approach in which you will learn to differentiate good from bad network traffic and logs, and the reasoning, strategy, and analysis techniques behind success in cyber defense, not just one-off examples.
If you're a manager looking to train your SOC team, this is the course for you, in fact, as a past SOC manager, that's exactly why I wrote it! SEC450 is your one stop shop for all the necessary SOC skills! Check out the free demo!
For SOC Management and SOC Leadership Training
- Course Syllabus and Info: SANS MGT551: Building and Leading Security Operations Centers
- Certification: GIAC GSOM
MGT551 is a SOC leadership and management training course that covers how to both build a SOC and drive continuous improvement with a data driven approach. Aimed at managers, directors and leadership, this course covers the goals, metrics, and strategies for setting up a successful security operations team. Focused on driving effective execution of battle tested security strategies, MGT551 will help you understand how to organize, measure, and optimize your security operations team through hands on exercises of multiple types. In this course we use - group discussions, process mapping and optimization, defensive strategy and data source planning, and hands-on exercises with security tools to send students back to their workplaces with a broad spectrum of what it takes to defend a modern organization. Check out the free demo!
Free Guide to Security Operations
Here's a link to a PDF digital book I wrote with some of the core ideas from the above classes: SANS Guide to Security Operations
I've started up a YouTube channel where I post tips and instructional videos for anyone working in cyber defense. Check it and subscribe to get notified when I publish a new video!
The Blueprint Podcast
I've started a seasonal podcast called Blueprint where I interview leading minds in cyber defense - all with a goal of jumping right in and driving an action-oriented conversation to teach and inform busy professionals, students, and anyone interested in cybersecurity. Available on all popular podcast aggregators and platforms.