SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
LDR551: Building and Leading Security Operations Centers
LDR551Cybersecurity Leadership
- 5 Days (Instructor-Led)
- 30 Hours (Self-Paced)
Course created by:
John Hubbard & Mark Orlando
Course created by:John Hubbard & Mark Orlando
- GIAC Security Operations Manager (GSOM)
- 30 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- 17 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Elevate your SOC's strategic defense capabilities through advanced intelligence-driven training that transforms threat management and aligns cybersecurity with critical business objectives.
Featured Quote
There are so many [organizations] that seem to be trying to reinvent the wheel. All they need to do is invest in this course for real world, actionable information that can put them on a solid path toward building, staffing, and leading their own SOC.
Course Overview
LDR551 is a transformative training program designed for senior security leaders who demand more than traditional Security Operations Center (SOC) management. This executive-level course equips technology leaders with advanced intelligence-driven methodologies to proactively defend against sophisticated threat landscapes. Navigate complex cyber environments with a strategic approach that aligns security operations directly with high-stakes organizational objectives.
Key executive outcomes include designing resilient defense strategies tailored to your enterprise's unique risk profile and transforming SOC capabilities from reactive to predictive. Additionally, you'll integrate cyber leadership principles with tactical threat management, while gaining hands-on experience through 17 immersive labs and the Cyber42 leadership simulation game.
What You’ll Learn
- Establish mission-driven SOC foundation aligned with organizational goals
- Develop advanced threat intelligence and detection capabilities
- Build and empower high-performance security teams
- Create robust incident response and threat hunting strategies
- Implement critical metrics for continuous SOC improvement
- Master team development, retention, and performance optimization
- Execute comprehensive security assessment through advanced testing methodologies
Business Takeaways
- Implement strategies for aligning cyber defense to organizational goals
- Decrease risk profile due to improved security validation tools and techniques
- Apply methodologies for recruiting, hiring, training, and retaining talented cyber defenders
- Streamline effective cross-team coordination and collaboration
- Employ immediate security optimization improvements using current assets
- Reduce financial spend due to smoother cyber security operations
Meet Your Authors
- Slide 1 of 2
John Hubbard
Senior InstructorJohn redefined modern SOC operations by engineering globally adopted blue team strategies and co-creating the GSOC cert. Through the Blueprint podcast and SANS leadership, he’s unified thousands of defenders around real-world detection tactics.
Read more about John Hubbard - Slide 2 of 2
Mark Orlando
Certified InstructorMark Orlando brings extensive cybersecurity leadership experience from the Pentagon, White House, and Fortune 500 sectors. As Bionic Cyber's CEO, he's a respected security operations expert with military and academic credentials.
Read more about Mark Orlando
Slide 1 of 0
(1/0)
Course Syllabus
Explore the course syllabus below to view the full range of topics covered in LDR551: Building and Leading Security Operations Centers.
Section 1SOC Design and Operational Planning
Section 1 introduces the core mission and foundational models of a modern SOC, establishing the strategic and operational context for effective leadership.
Topics covered
- Cyber Defense Industry Overview
- SOC Planning Essentials
- SOC Functional Mapping
Labs
- Creating a SOC Mission and Charter
- Critical Asset Mapping
- Defining SOC Roles
Section 2SOC Telemetry and Analysis
Section 2 of LDR551 focuses on expanding our understanding of attacker tactics, techniques, and procedures and how we might identify them in our environment.
Topics covered
- Cyber Defense Theory and Mental Models
- Critical SOC Tools and Technologies
- SOC Data Collection
Labs
- Threat Actor Assessment
- Cyber Attack Threat Modeling and Data Source Assessments
- ATT&CK Navigator for Technique Prioritization
Section 3Attack Detection, Hunting, and Triage
Section 3 of LDR551 is all about building and improving your threat detection capability.
Topics covered
- Analytic Frameworks and Tools
- Threat Detection and Analytic Design
- The Keys to Efficient Alert Triage
Labs
- Detection Rule Management and Visualization
- Use Case Documentation and Structuring
- Threat Hunting Planning and Execution
Section 4Incident Response
From toolsets to proven frameworks to tips and tricks learned in countless real-world scenarios, section four covers the full response cycle, from preparation to identification to containment, eradication, and recovery, for operations managers.
Topics covered
- Planning and Preparation for Incident Response
- Identification and Categorization of Incidents
- Coordination During Incident Discovery
Labs
- Incident Response Goals and Teamwork
- SOC Playbook Development and Implementation
- Investigation Quality Review
Section 5Metrics, Automation, and Continuous Improvement
The fifth and final section of LDR551 is all about measuring and improving security operations.
Topics covered
- Staff Retention and Burnout Mitigation
- Building Your SOC Culture
- Metrics, Goals, and Effective Execution
Labs
- Metric Creation, Classification, and Communication
- Purple Team Assessment Planning and Execution
- Improving Quality and Resilience
Things You Need To Know
Relevant Job Roles
Operational Leader
Cybersecurity LeadershipOperate from the point of view of an adversary in order to protect you most sensitive assets.
Explore learning pathTechnology Research and Development (OPM 661)
NICE: Design and DevelopmentResponsible for conducting software and systems engineering and software systems research to develop new capabilities with fully integrated cybersecurity. Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems.
Explore learning pathSecurity Manager
Cybersecurity LeadershipDaily focus is on the leadership of technical teams. Includes titles such as Technical Director, Manager, and Team Lead.
Explore learning pathBlue Teamer - All Around Defender
Cyber DefenseThis job, which may have varying titles depending on the organization, is often characterized by the breadth of tasks and knowledge required. The all-around defender and Blue Teamer is the person who may be a primary security contact for a small organization, and must deal with engineering and architecture, incident triage and response, security tool administration and more.
Explore learning pathSOC Manager
Cyber DefenseSecurity Operations Center (SOC) managers bridge the gap between business processes and the highly technical work that goes on in the SOC. They direct SOC operations and are responsible for hiring and training, creating and executing cybersecurity strategy, and leading the company’s response to major security threats.
Explore learning pathEnterprise Architecture (OPM 651)
NICE: Design and DevelopmentResponsible for developing and maintaining business, systems, and information processes to support enterprise mission needs. Develops technology rules and requirements that describe baseline and target architectures.
Explore learning pathSecure Systems Development (OPM 631)
NICE: Design and DevelopmentResponsible for the secure design, development, and testing of systems and the evaluation of system security throughout the systems development life cycle.
Explore learning pathChief Information Security Officer (CISO)
European Cybersecurity Skills FrameworkManages an organisation’s cybersecurity strategy and its implementation to ensure that digital systems, services and assets are adequately secure and protected.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchase Options?Contact Us
GIAC Certification Attempt
Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
OnDemand Course Access
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
Filter by:
Location & instructorDate & TimeCourse priceRegistration Options
- Location & instructor
Virtual (OnDemand)
Instructed by John HubbardDate & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price$8,260 USD*Prices exclude applicable local taxesRegistration Options - Location & instructor
Riyadh, SA & Virtual (live)
Instructed by Maxim DeweerdtDate & TimeFetching schedule..View event detailsCourse price$8,375 USD*Prices exclude applicable local taxes - Location & instructor
Virginia Beach, VA, US & Virtual (live)
Instructed by Mark OrlandoDate & TimeFetching schedule..View event detailsCourse price$8,260 USD*Prices exclude applicable local taxes - Location & instructor
Amsterdam, NL & Virtual (live)
Instructed by Mark OrlandoDate & TimeFetching schedule..View event detailsCourse price€7,715 EUR*Prices exclude applicable local taxes - Location & instructor
Las Vegas, NV, US & Virtual (live)
Instructed by John HubbardDate & TimeFetching schedule..View event detailsCourse price$8,260 USD*Prices exclude applicable local taxes - Location & instructor
Amsterdam, NL & Virtual (live)
Instructed by Michael LambDate & TimeFetching schedule..View event detailsCourse price€7,715 EUR*Prices exclude applicable local taxes - Location & instructor
London, GB & Virtual (live)
Instructed by Mark OrlandoDate & TimeFetching schedule..View event detailsCourse price£6,715 GBP*Prices exclude applicable taxes | EUR price available during checkoutRegistration Options - Location & instructor
Dubai, AE & Virtual (live)
Instructed by John HubbardDate & TimeFetching schedule..View event detailsCourse price$8,375 USD*Prices exclude applicable local taxes
Showing 8 of 12
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 4This course immediately expands your toolkit to problem solve in NOSC operations management.
- Slide 2 of 4Great content. Covers a lot of ground and exposed me to a lot of new concepts and ideas, and ties content to current real-world examples.
- Slide 3 of 4It has covered a lot of great information that can be applied anywhere when implementing or improving a SOC.
- Slide 4 of 4I would recommend this course to anyone running a security operations team. I’d further recommend it to more experienced analysts so they can begin to see the bigger picture.
Slide 1 of 0
(1/0)
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources