Demonstrate readiness to lead a capable Security Operations Center, using advanced frameworks and tools and the leadership skills to implement them effectively.
The GIAC Security Operations Manager (GSOM) certification validates a practitioner's ability to field an effective Security Operations Center (SOC). GSOM certification holders are qualified to manage a technical team and strategically operate an SOC in alignment with an organization's business goals and security requirements.
Areas Covered
- Designing, planning, and managing an effective SOC program
- Prioritization and collection of logs, development of alert use cases, and response playbook generation
- Selecting metrics, analytics, and long-term strategies to assess and continuously improve SOC operations
Who is GSOM for?
- Security Operations Center Managers or Leads
- Security Directors
- New Security Operations Team Members
- Lead/Senior SOC Analysts
- Technical CISOs and Security Directors
Instructor Testimonial
“Instructor Testimonial
Security team leaders play a vital role in aligning security operations with business functions and keeping our defenders engaged. The GIAC Security Operations Manager (GSOM) certification is an important step in formalizing and recognizing the unique combination of management skills, leadership traits, process frameworks, and tools required to field an effective security operations team. Obtaining the GSOM demonstrates a practical understanding of how a truly advanced security team operates and how to prioritize security operations tasks to stop today’s advanced cyber threats.”
Exam Format
- 1 proctored exam
- 2 hours
- Minimum passing score of 66%
- 75 questions
Note: GIAC periodically reviews and may update certification specifications to ensure fairness, validity, and reliability. Using a psychometric standard-setting study, GIAC has set the passing score for the GSOM exam at 66% for all candidates who receive the exam version released on or after June 29th, 2024.
To confirm the exam format and passing score that apply to your specific attempt, please refer to the Certification Information section of your GIAC account: https://exams.giac.org/pages/attempts.
Certification Delivery
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.
NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.
Exam Certification Objectives & Outcome Statements
- Continuous ImprovementThe candidate will demonstrate an understanding of using post-incident data along with automation, analytic testing, and adversarial emulation to optimize SOC operations and ensure future growth.
- Cyber Defense Theory, Threat Intel, and Defensible ArchitectureThe candidate will demonstrate an understanding of fundamental cyber defense theory, cyber threat intelligence, and defensible security architecture concepts.
- Data Source Assessment and CollectionThe candidate will demonstrate an understanding of utilizing business operations knowledge, organizational specific use cases, and industry frameworks to plan, prioritize, and orchestrate secure and efficient data collection and enrichment to support SOC monitoring operations.
- Managing Alert Creation and ProcessingThe candidate will demonstrate knowledge of alert creation, prioritization, and classification to support efficient SOC triage efforts. The candidate will demonstrate an understanding of implementing best practices to ensure timely and manageable SOC alert response.
- Managing Incident Response ExecutionThe candidate will demonstrate knowledge of techniques for performing effective investigations and methods to support the success of each phase of the incident response cycle.
- Preparing for Incident ResponseThe candidate will demonstrate an understanding of the preparation requirements for successful incident response, fundamental knowledge of the incident response cycle, and the role that incident response plays in the overall SOC operations.
- Proactive Detection and AnalysisThe candidate will demonstrate familiarity with the threat hunting process, active defense techniques, and how community sourced resources can be utilized to supplement gaps in the SOC detection capabilities.
- SOC Analytics and MetricsThe candidate will demonstrate knowledge of using metrics, goals, and analytics to measure the progress and effectiveness of SOC operations to generate and implement a strategic plan that guides continuous maturity of the SOC.
- SOC Design and PlanningThe candidate will demonstrate an understanding of how to assess the business goals, operational requirements, relevant threats, potential attack paths, and risk profile of an organization to design and staff an effective SOC program.
- SOC Tools and TechnologyThe candidate will demonstrate knowledge of common SOC tools and technology, how they are utilized to support SOC operations, and the proper implementation practices to secure these resources.
Practice Tests
- Practice exams are a simulation of the real exam, allowing you to become familiar with the test engine and style of questions
- Practice exams can serve as a gauge to determine if your preparation methods are sufficient
- The bank of practice questions is limited, so you may encounter the same question on multiple practice tests
- Practice exams never include actual exam questions
- Purchase a GSOM practice test here
Other Resources
- Training is available in a variety of modalities including live training and OnDemand
- Practical work experience can help ensure that you have mastered the skills necessary for certification
- College level courses or self-paced study through other programs or materials may meet the needs for mastery
- Understand the procedure to contest exam results
- Use this justification letter to share key details of this certification opportunity with your boss