GIAC Security Operations (SOC) Certification

Areas Covered

SOC monitoring and incident response using incident management systems, threat intelligence platforms, and SIEMs
Analysis and defense against the most common enterprise-targeted attacks
Designing, automating, and enriching security operations to increase efficiency

Who is GSOC for?

Security Analysts
Incident Investigators
Security Engineers and Architects
Technical Security Managers
SOC Managers looking to gain additional technical perspective on how to improve analysis quality, reduce turnover, and run an efficient SOC
Anyone looking to start their career on the blue team

Exam Format

1 proctored exam
75 questions
2 hours
Minimum passing score of 67%

Delivery

NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.

GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.

Exam Certification Objectives & Outcome Statements

Analytic Design and Tuning
The candidate will understand how to design, enrich, test, share, and improve analytics.
Blue Team Defense Concepts
The candidate will be able to explain the purpose of a SOC / Blue Team, its role in organizational risk, and common SOC monitoring and incident response methods.
Endpoint Defense
The candidate will be familiar with common endpoint attacks, how to defend against them, and how endpoints log events.
HTTP(S) Analysis and Attacks
The candidate will understand how to identify common attacks against HTTP(S) traffic, and how to defend against them.
Interpreting Events
The candidate will be familiar with common events in Windows and Linux, how those events are represented and located in logs, and how to extract information from potentially malicious files.
Intrusion Triage and Analysis
The candidate will understand how to prioritize incidents, and how to include organizational factors in analysis and response.
Network Traffic Analysis
The candidate will have a high-level understanding of the architecture and monitoring of enterprise networks, how to review network traffic, and identify and protect against DNS attacks.
Operational Improvement
The candidate will understand how to improve Blue Team operational efficiency through automation of tasks, orchestration of response, and training.
Protocol Attacks and Analysis
The candidate will understand the purpose of common network protocols (such as SMTP, SMB, DHCP, ICMP, FTP, and SSH), common attack tactics, how to defend against them.
SOC Management Systems
The candidate will be familiar with the role and function of common Incident Management Systems, Threat Intelligence Platforms, and SIEMs.

Other Resources

Training is available in a variety of modalities including live conference training, online, and self-study.
Practical work experience can help ensure that you have mastered the skills necessary for certification
College level courses or study through another program may meet the needs for mastery.
Get information about the procedure to contest exam results.
*No specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering computer information security. Another option is any relevant courses from training providers.

Practice Tests

These tests are a simulation of the real exam allowing you to become familiar with the test engine and style of questions.
Practice exams are a gauge to determine if your preparation methods are sufficient.
The practice bank questions are limited so you may encounter the same question on practice tests when multiple practice tests are purchased.
Practice exams never include actual exam questions.
Purchase a GSOC practice test here.
GIAC recommends leveraging additional study methods for test preparation.

Find Affiliate Training

Prepare for your GIAC exam with affiliate training.

Learn More

"The GIAC Security Operations Certified (GSOC) is a comprehensive certification covering the conceptual and practical skills for working on a modern cyber defense team. It is a certification that helps defenders differentiate themselves as someone who not only understands security operations but can also continuously improve and lift up any team they are a part of. Holders of the GSOC can proudly demonstrate their dedication to gaining a deep understanding of the mental models, processes, tools, and data required to excel in a modern security operations role. I'm incredibly excited for the availability of the GSOC and view it as an important step towards standardization of security operations team training for the information security industry." - John Hubbard, SANS SEC450 Course Author