3 minute read
ARE SOCS THE NEW BLACK?
by Nigel Phair , Chair, Australasian
In cybersecurity, a security operations centre (SOC) is still a relatively new concept with multiple definitions and scope. What a SOC should and should not do is a matter for debate, but working in one—particularly for aspiring cyber professionals—is becoming a specific career path.
A quick search on Seek and LinkedIn reveals a multitude of SOC jobs ranging in seniority and technical ability. At face value, working in a SOC would seem a solid career path.
A SOC is staffed by a team created to protect organisations from cybersecurity breaches by identifying, analysing and responding to threats. SOC teams comprise managers, security analysts and security engineers. The best SOC team members have an enquiring mind, use a broad range of tools and observations to make assessments and enjoy the team environment. Like all cybersecurity environments, having team members with diversity in background and thinking will boost the team’s capabilities and produce better decisions that will ultimately make an organisation more resilient. To create such an environment SOC managers should liaise closely with an organisation’s business and IT operations teams.
Council, at CREST International
An Soc Is Crucial
A SOC is responsible for an organisation’s overarching cybersecurity practices, which can include prevention and incident response. By its very nature, a SOC forms a crucial part of an organisation’s compliance and risk management strategy. It is focused on people, processes and technology and on managing and enhancing an organisation’s security posture.
Organisations may consider setting up a SOC when: they start handling more sensitive data; the threat landscape has changed, or become more concerning and requires improved security; when the organisation (and therefore the attack surface) has grown larger.
Ideally a SOC should have a holistic view of the organisational threat landscape, of the endpoints, servers and software used, and of any third-party services and traffic flowing between assets. To increase agility and ensure peak efficiency a SOC should keep detailed records and maintain full understanding of the cybersecurity measures currently enabled, along with all the workflows used.
A SOC is usually overseen by a SOC manager, but may also contain security analysts as the first line of defence, and security engineers who may be software or hardware specialists charged with maintaining and updating the SOC’s tools and systems. A set of tiered roles is needed to provide the range of skills and qualifications required. Individuals are placed in the appropriate tier based on their skills, qualifications and experience.
It is at this point that various Seek and LinkedIn job advertisements often become a little confusing. Depending on where you are in your cybersecurity career, spending time in a SOC would be a worthwhile endeavour.
Soc Variants
Some organisations create their own SOC. Some outsource those functions to a dedicated provider whilst some adopt a hybrid model (often using a tiered approach). Each of these models has different benefits, but it is important for organisations, and for aspiring job candidates, to fully understand the scope, role and positioning of a SOC.
Similarly, organisations must measure SOC team performance to continuously improve their processes and demonstrate return on investment. It is important to have metrics on the scale of activity in the SOC and how effectively analysts are handling the workload.
A quick internet search reveals many SOC providers with different service offerings, pricing models and management policies. For organisations dipping their toe into the SOC water, outsourcing to a trusted external provider should result in cost saving, access to experienced professionals and fast response times.
Soc Guidance
Choosing the right level and style of managed SOC is crucial, and it is worth taking the time to do your due diligence. Look for recognised, reputable industry players that offer high levels of customer service, certified technicians and round-the-clock support.
CREST, the global not-for-profit community of cybersecurity businesses and professionals working to keep information safe in a digital world, has recently released guidance on SOCs. It covers: what a SOC is and why you need one; when and how to create one; the functions, activities and advantages of a SOC; the different types of SOC; the types of people required to work in a SOC.
It is important not only to understand what a SOC is, but, when choosing an outsourced provider to know they have been independently evaluated. CREST accredits, certifies and quality assures 300 member companies worldwide, some of which have attained SOC accreditation www.linkedin.com/in/nigelphair
GINA MIHAJLOVSKA
