Differentiate your skill as a blue team leader, ready to design, automate, and improve SOC operations under real-world pressure.
The GIAC Security Operations Certified (GSOC) certification validates a practitioner's ability to defend an enterprise using essential blue team incident response tools and techniques. GSOC certification holders are prepared to run a security operations center (SOC) equipped with the practical technical knowledge and key advanced concepts essential for operating a modern, effective cyber defense team.
Areas Covered
- SOC monitoring and incident response using incident management systems, threat intelligence platforms, and SIEMs
- Analysis and defense against the most common enterprise-targeted attacks
- Designing, automating, and enriching security operations to increase efficiency
Who is GSOC for?
- Security analysts
- Incident investigators
- Security engineers and architects
- Technical security managers
- SOC managers seeking additional technical perspective on how to improve analysis quality, reduce turnover, and run an efficient SOC
- Anyone looking to start their career on the blue team
Instructor Testimonial
“Instructor Testimonial
Security team leaders play a vital role in aligning security operations with business functions and keeping our defenders engaged. The GIAC Security Operations Manager (GSOM) certification is an important step in formalizing and recognizing the unique combination of management skills, leadership traits, process frameworks, and tools required to field an effective security operations team. Obtaining the GSOM demonstrates a practical understanding of how a truly advanced security team operates and how to prioritize security operations tasks to stop today’s advanced cyber threats.”
Exam Format
- 1 proctored exam
- 2 hours
- Minimum passing score of 67%
- 75 questions
Note: GIAC periodically reviews and may update certification specifications to ensure fairness, validity, and reliability. Using a psychometric standard-setting study, GIAC has set the passing score for the GSOC exam at 67% for all candidates who receive the exam version released on or after August 23, 2025.
To confirm the exam format and passing score that apply to your specific attempt, please refer to the Certification Information section of your GIAC account: https://exams.giac.org/pages/attempts.
Certification Delivery
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.
NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.
Exam Certification Objectives & Outcome Statements
- Analytic Design and TuningThe candidate will understand how to design, enrich, test, share, and improve analytics.
- Blue Team Defense ConceptsThe candidate will be able to explain the purpose of a SOC / Blue Team, its role in organizational risk, and common SOC monitoring and incident response methods.
- Endpoint DefenseThe candidate will be familiar with common endpoint attacks, how to defend against them, and how endpoints log events.
- HTTP(S) Analysis and AttacksThe candidate will understand how to identify common attacks against HTTP(S) traffic, and how to defend against them.
- Interpreting EventsThe candidate will be familiar with common events in Windows and Linux, how those events are represented and located in logs, and how to extract information from potentially malicious files.
- Intrusion Triage and AnalysisThe candidate will understand how to prioritize incidents, and how to include organizational factors in analysis and response.
- Network Traffic AnalysisThe candidate will have a high-level understanding of the architecture and monitoring of enterprise networks, how to review network traffic, and identify and protect against DNS attacks.
- Operational ImprovementThe candidate will understand how to improve Blue Team operational efficiency through automation of tasks, orchestration of response, and training.
- Protocol Attacks and AnalysisThe candidate will understand the purpose of common network protocols (such as SMTP, SMB, DHCP, ICMP, FTP, and SSH), common attack tactics, how to defend against them.
- SOC Management SystemsThe candidate will be familiar with the role and function of common Incident Management Systems, Threat Intelligence Platforms, and SIEMs.
Practice Tests
- Practice exams are a simulation of the real exam, allowing you to become familiar with the test engine and style of questions
- Practice exams can serve as a gauge to determine if your preparation methods are sufficient
- The bank of practice questions is limited, so you may encounter the same question on multiple practice tests
- Practice exams never include actual exam questions
- Purchase a GSOC practice test here
Other Resources
- Training is available in a variety of modalities including live training and OnDemand
- Practical work experience can help ensure that you have mastered the skills necessary for certification
- College level courses or self-paced study through other programs or materials may meet the needs for mastery
- Understand the procedure to contest exam results
- Use this justification letter to share key details of this certification opportunity with your boss