StratoZen and SANS discuss how StratoZen took a new approach to SOC challenges by building SOAR tools for SANS with DevOps principles to make SOC analysts more efficient and increase performance. StratoZen developed SANS’ SOAR tools based on observations of SOC analyst behavior, analysis of over 20 billion logs per day, and a vast inventory of logged repetitive actions.

With the new tools and practices, SANS has achieved over 50% increase in individual SOC analyst efficiency, no voluntary turnover in over a year, and an analyst-to-device ratio of well over 1:10,000.

This session is not a product demonstration. Rather, it focuses on showcasing the practices and philosophies used to create these efficiencies to share our experience with the larger cybersecurity community. These principles can be implemented by any organization.

Watch to learn more:

Webinar Speakers
Chris Gebhardt
Chris Gebhardt is the Vice President of Cybersecurity Operations for StratoZen in Draper, UT. Chris was exposed to technology early in life growing up in New York. His career focused on the use of technology and security for government and corporate entities including the FBI, DOJ, BJS, eBay,, and numerous private equity firms. Chris is a dynamic speaker often challenging the widely held beliefs of the cybersecurity community. He is experienced with SOC 2, SOX, HIPAA, GDPR, ISO, and other compliance frameworks.

Chris Crowley
Christopher Crowley, a SANS Senior Instructor, has 15 years of industry experience managing and securing networks. He currently works as an independent consultant in the Washington, DC area focusing on effective computer network defense. His work experience includes penetration testing, security operations, incident response, and forensic analysis. “The Mentor of the Year Award is given to SANS Mentors who excel in leading SANS Mentor Training classes in their local communities.”