- Designing, planning, and managing an effective SOC program
- Prioritization and collection of logs, development of alert use cases, and response playbook generation
- Selecting metrics, analytics, and long-term strategy to assess and continuously improve SOC operations
Who is GSOM for?
- Security Operations Center Managers or Leads
- Security Directors
- New Security Operations Team Members
- Lead / Senior SOC Analysts
- Technical CISOs and Security Directors
- 1 proctored exam
- 75 questions
- 2 hours
- Minimum passing score of 66%
NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.
Exam Certification Objectives & Outcome Statements
- Continuous Improvement The candidate will demonstrate an understanding of using post-incident data along with automation, analytic testing, and adversarial emulation to optimize SOC operations and ensure future growth.
- Cyber Defense Theory, Threat Intel, and Defensible Architecture The candidate will demonstrate an understanding of fundamental cyber defense theory, cyber threat intelligence, and defensible security architecture concepts.
- Data Source Assessment and Collection The candidate will demonstrate an understanding of utilizing business operations knowledge, organizational specific use cases, and industry frameworks to plan, prioritize, and orchestrate secure and efficient data collection and enrichment to support SOC monitoring operations.
- Managing Alert Creation and Processing The candidate will demonstrate knowledge of alert creation, prioritization, and classification to support efficient SOC triage efforts. The candidate will demonstrate an understanding of implementing best practices to ensure timely and manageable SOC alert response.
- Managing Incident Response Execution The candidate will demonstrate knowledge of techniques for performing effective investigations and methods to support the success of each phase of the incident response cycle.
- Preparing for Incident Response The candidate will demonstrate an understanding of the preparation requirements for successful incident response, fundamental knowledge of the incident response cycle, and the role that incident response plays in the overall SOC operations.
- Proactive Detection and Analysis The candidate will demonstrate familiarity with the threat hunting process, active defense techniques, and how community sourced resources can be utilized to supplement gaps in the SOC detection capabilities.
- SOC Analytics and Metrics The candidate will demonstrate knowledge of using metrics, goals, and analytics to measure the progress and effectiveness of SOC operations to generate and implement a strategic plan that guides continuous maturity of the SOC.
- SOC Design and Planning The candidate will demonstrate an understanding of how to assess the business goals, operational requirements, relevant threats, potential attack paths, and risk profile of an organization to design and staff an effective SOC program.
- SOC Tools and Technology The candidate will demonstrate knowledge of common SOC tools and technology, how they are utilized to support SOC operations, and the proper implementation practices to secure these resources.
- Training is available in a variety of modalities including live conference training, online, and self-study.
- Practical work experience can help ensure that you have mastered the skills necessary for certification
- College-level courses or study through another program may meet the needs for mastery.
- The procedure to contest exam results can be found at https://www.giac.org/policies/feedback.
- These tests are a simulation of the real exam allowing you to become familiar with the test engine and style of questions.
- Practice exams are a gauge to determine if your preparation methods are sufficient.
- The practice bank questions are limited so you may encounter the same question on practice tests when multiple practice tests are purchased.
- Practice exams never include actual exam questions.
- GIAC recommends leveraging additional study methods for test preparation.