SOC Class Build Course Description

The class is intended to walk through a reference model for a SOC. It addresses Design, Build, and Operational concerns. It starts with business alignment, and gets into details such as: processes, technology to use, and how to hire and manage people. The class is not technical in nature, however, it is deeply grounded in technical details. Those details will be elaborated to explain the rationale between choices. This class is more about equiping you on how to make decisions for your SOC, and less about telling you the specific way to do something. It acknowledges the broadly diverse organizational requirements and abstracts these into a general form that's intended to be universally applicable.

SOC Class Detailed List

A Story About Telling Stories

  • First Principles and Terminology

Steering Committee – Phase 1: Design

  • Requirements
  • Impact
  • Charter

Functional Components

  • Presumed Organizational Support Functions
  • Functional Arrangements
  • Operational and Architectural Considerations
  • SOC Organizational Position
  • Multi SOC Models
  • SOC and IT Relations
  • Size and Maturity
  • Size: What Does It Look Like?
  • Outsourcing Advice


  • Command Center
  • Network Security Monitoring
  • Threat Intelligence
  • Incident Response
  • Forensics
  • Self Assessment
  • Defensive Topology
  • Steering Committee: Phase 2: Build

Functional Area Work Products

  • Technology Selection
  • Physical SOC Build
  • Technology Selection
  • Cultural and Organizational Influence on SOC Requirements and Performance
  • Forensics
  • Orchestration and Automation

Analytical Methodology for the SOC

  • Applied ACH
  • Available Frameworks for Analysis
  • Analytical Methodology: Wrap Up
  • Roles
  • Hiring
  • Onboarding
  • Training
  • Meetings
  • Retention

Steering Committee: Phase 2: Build

  • Tempo
  • Pre-Forensics
  • Threat Hunting
  • Use Case Development
  • Introduction
  • Appropriate Audience
  • Reported
  • Steering Committee: Phase 3: Operations
  • Service Level Objectives
  • SOC Internal Health and Performance
  • Introduction
  • SOC-CMM Walkthrough
  • Process list
  • Sequence Walk Through
  • Phin Phisher
  • Insiders
  • Equifax

Contact us

Get in touch with me for any queries or requests regarding the course

Thank you!

I have received your message and I shall get back to you shortly.