Cyber Security Certification: GSOC

Cyber Security Certification: GSOC

"The GIAC Security Operations Certified (GSOC) is a comprehensive certification covering the conceptual and practical skills for working on a modern cyber defense team. It is a certification that helps defenders differentiate themselves as someone who not only understands security operations but can also continuously improve and lift up any team they are a part of. Holders of the GSOC can proudly demonstrate their dedication to gaining a deep understanding of the mental models, processes, tools, and data required to excel in a modern security operations role. I'm incredibly excited for the availability of the GSOC and view it as an important step towards standardization of security operations team training for the information security industry." - John Hubbard, SANS SEC450 Course Author

The GSOC certification validates a practitioner's ability to defend an enterprise using essential blue team incident response tools and techniques. GSOC-certified professionals are well-versed in the technical knowledge and key concepts needed to run a security operations center (SOC).

Areas Covered

Who is GSOC for?



NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.

GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.

Exam Certification Objectives & Outcome Statements

The topic areas for each exam part follow:

Analytic Design and Tuning
The candidate will understand how to design, enrich, test, share, and improve analytics.
Blue Team Defense Concepts
The candidate will be able to explain the purpose of a SOC / Blue Team, its role in organizational risk, and common SOC monitoring and incident response methods.
Endpoint Defense
The candidate will be familiar with common endpoint attacks, how to defend against them, and how endpoints log events.
HTTP(S) Analysis and Attacks
The candidate will understand how to identify common attacks against HTTP(S) traffic, and how to defend against them.
Interpreting Events
The candidate will be familiar with common events in Windows and Linux, how those events are represented and located in logs, and how to extract information from potentially malicious files.
Intrusion Triage and Analysis
The candidate will understand how to prioritize incidents, and how to include organizational factors in analysis and response.
Network Traffic Analysis
The candidate will have a high-level understanding of the architecture and monitoring of enterprise networks, how to review network traffic, and identify and protect against DNS attacks.
Operational Improvement
The candiate will understand how to improve Blue Team operational efficiency through automation of tasks, orchestration of response, and training.
Protocol Attacks and Analysis
The candidate will understand the purpose of common network protocols (such as SMTP, SMB, DHCP, ICMP, FTP, and SSH), common attack tactics, how to defend against them.
SOC Management Systems
The candidate will be familar with the role and function of common Incident Management Systems, Threat Intelligence Platforms, and SIEMs.

*No Specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. Another option is any relevant courses from training providers, including SANS.*

Other Resources