Talk With an Expert

LDR551: Building and Leading Security Operations Centers

LDR551Cybersecurity Leadership
  • 5 Days (Instructor-Led)
  • 30 Hours (Self-Paced)
Course created by:
John HubbardMark Orlando
John Hubbard & Mark Orlando
LDR551: Building and Leading Security Operations Centers
Course created by:
John HubbardMark Orlando
John Hubbard & Mark Orlando
  • GIAC Security Operations Manager (GSOM)
  • 30 CPEs

    Apply your credits to renew your certifications

  • In-Person, Virtual or Self-Paced

    Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months

  • 17 Hands-On Lab(s)

    Apply what you learn with hands-on exercises and labs

Elevate your SOC's strategic defense capabilities through advanced intelligence-driven training that transforms threat management and aligns cybersecurity with critical business objectives.

Course Overview

LDR551 is a transformative training program designed for senior security leaders who demand more than traditional Security Operations Center (SOC) management. This executive-level course equips technology leaders with advanced intelligence-driven methodologies to proactively defend against sophisticated threat landscapes. Navigate complex cyber environments with a strategic approach that aligns security operations directly with high-stakes organizational objectives.

Key executive outcomes include designing resilient defense strategies tailored to your enterprise's unique risk profile and transforming SOC capabilities from reactive to predictive. Additionally, you'll integrate cyber leadership principles with tactical threat management, while gaining hands-on experience through 17 immersive labs and the Cyber42 leadership simulation game. 

What You’ll Learn

  • Establish mission-driven SOC foundation aligned with organizational goals
  • Develop advanced threat intelligence and detection capabilities
  • Build and empower high-performance security teams
  • Create robust incident response and threat hunting strategies
  • Implement critical metrics for continuous SOC improvement
  • Master team development, retention, and performance optimization
  • Execute comprehensive security assessment through advanced testing methodologies

Business Takeaways

  • Implement strategies for aligning cyber defense to organizational goals
  • Decrease risk profile due to improved security validation tools and techniques
  • Apply methodologies for recruiting, hiring, training, and retaining talented cyber defenders
  • Streamline effective cross-team coordination and collaboration
  • Employ immediate security optimization improvements using current assets
  • Reduce financial spend due to smoother cyber security operations

Course Syllabus

Explore the course syllabus below to view the full range of topics covered in LDR551: Building and Leading Security Operations Centers.

Section 1SOC Design and Operational Planning

Section 1 introduces the core mission and foundational models of a modern SOC, establishing the strategic and operational context for effective leadership.

Topics covered

  • Cyber Defense Industry Overview
  • SOC Planning Essentials
  • SOC Functional Mapping

Labs

  • Creating a SOC Mission and Charter
  • Critical Asset Mapping
  • Defining SOC Roles

Section 2SOC Telemetry and Analysis

Section 2 of LDR551 focuses on expanding our understanding of attacker tactics, techniques, and procedures and how we might identify them in our environment.

Topics covered

  • Cyber Defense Theory and Mental Models
  • Critical SOC Tools and Technologies
  • SOC Data Collection

Labs

  • Threat Actor Assessment
  • Cyber Attack Threat Modeling and Data Source Assessments
  • ATT&CK Navigator for Technique Prioritization

Section 3Attack Detection, Hunting, and Triage

Section 3 of LDR551 is all about building and improving your threat detection capability.

Topics covered

  • Analytic Frameworks and Tools
  • Threat Detection and Analytic Design
  • The Keys to Efficient Alert Triage

Labs

  • Detection Rule Management and Visualization
  • Use Case Documentation and Structuring
  • Threat Hunting Planning and Execution

Section 4Incident Response

From toolsets to proven frameworks to tips and tricks learned in countless real-world scenarios, section four covers the full response cycle, from preparation to identification to containment, eradication, and recovery, for operations managers.

Topics covered

  • Planning and Preparation for Incident Response
  • Identification and Categorization of Incidents
  • Coordination During Incident Discovery

Labs

  • Incident Response Goals and Teamwork
  • SOC Playbook Development and Implementation
  • Investigation Quality Review

Section 5Metrics, Automation, and Continuous Improvement

The fifth and final section of LDR551 is all about measuring and improving security operations.

Topics covered

  • Staff Retention and Burnout Mitigation
  • Building Your SOC Culture
  • Metrics, Goals, and Effective Execution

Labs

  • Metric Creation, Classification, and Communication
  • Purple Team Assessment Planning and Execution
  • Improving Quality and Resilience

Things You Need To Know

Relevant Job Roles

Operational Leader

Cybersecurity Leadership

Operate from the point of view of an adversary in order to protect you most sensitive assets.

Explore learning path

Technology Research and Development (OPM 661)

NICE: Design and Development

Responsible for conducting software and systems engineering and software systems research to develop new capabilities with fully integrated cybersecurity. Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems.

Explore learning path

Security Manager

Cybersecurity Leadership

Daily focus is on the leadership of technical teams. Includes titles such as Technical Director, Manager, and Team Lead.

Explore learning path

Blue Teamer - All Around Defender

Cyber Defense

This job, which may have varying titles depending on the organization, is often characterized by the breadth of tasks and knowledge required. The all-around defender and Blue Teamer is the person who may be a primary security contact for a small organization, and must deal with engineering and architecture, incident triage and response, security tool administration and more.

Explore learning path

SOC Manager

Cyber Defense

Security Operations Center (SOC) managers bridge the gap between business processes and the highly technical work that goes on in the SOC. They direct SOC operations and are responsible for hiring and training, creating and executing cybersecurity strategy, and leading the company’s response to major security threats.

Explore learning path

Enterprise Architecture (OPM 651)

NICE: Design and Development

Responsible for developing and maintaining business, systems, and information processes to support enterprise mission needs. Develops technology rules and requirements that describe baseline and target architectures.

Explore learning path

Secure Systems Development (OPM 631)

NICE: Design and Development

Responsible for the secure design, development, and testing of systems and the evaluation of system security throughout the systems development life cycle.

Explore learning path

Chief Information Security Officer (CISO)

European Cybersecurity Skills Framework

Manages an organisation’s cybersecurity strategy and its implementation to ensure that digital systems, services and assets are adequately secure and protected.

Explore learning path

Course Schedule & Pricing

Looking for Group Purchase Options?Contact Us
Filter by:
  • Location & instructor

    Virtual (OnDemand)

    Instructed by John Hubbard
    Date & Time
    OnDemand (Anytime)Self-Paced, 4 months access
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Riyadh, SA & Virtual (live)

    Instructed by Maxim Deweerdt
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,375 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Virginia Beach, VA, US & Virtual (live)

    Instructed by Mark Orlando
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Amsterdam, NL & Virtual (live)

    Instructed by Mark Orlando
    Date & Time
    Fetching schedule..View event details
    Course price
    €7,715 EUR*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Las Vegas, NV, US & Virtual (live)

    Instructed by John Hubbard
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Amsterdam, NL & Virtual (live)

    Instructed by Michael Lamb
    Date & Time
    Fetching schedule..View event details
    Course price
    €7,715 EUR*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    London, GB & Virtual (live)

    Instructed by Mark Orlando
    Date & Time
    Fetching schedule..View event details
    Course price
    £6,715 GBP*Prices exclude applicable taxes | EUR price available during checkout
    Registration Options
  • Location & instructor

    Dubai, AE & Virtual (live)

    Instructed by John Hubbard
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,375 USD*Prices exclude applicable local taxes
    Registration Options
Showing 8 of 12

Benefits of Learning with SANS

Instructor teaching to a class

Get feedback from the world’s best cybersecurity experts and instructors

OnDemand Mobile App

Choose how you want to learn - online, on demand, or at our live in-person training events

Resources

Get access to our range of industry-leading courses and resources