Digital Guardian interviewed a panel of experts on How to Build a Security Operations Center with a focus on People, Process and Technology. Our very own Managing Director of Technology, Mark Snodgrass was among the interviewees.
Here's what Digital Guardian learned and published from the interview with Mark:
The nucleus of an organization’s capability and business critical to prevent, detect, and respond to attacks. Building out a SOC requires strong senior management sponsorship, well-defined measurable objectives, and a targeted SOC capability maturity level. A roadmap must establish a phased-approach to build out capabilities across a range of areas (monitoring, malware analysis, threat identification, etc.) that will handle a wide spectrum of threats from cyber to physical.
The types of skillsets (intrusion detection, cloud security, etc.), staffing model, and training programs needed are among the people considerations. The right blend of contingent vs employee talent is important to keep overhead cost down while also retaining intellectual capital in-house. Communication skills are as essential as technical skills. SOC personnel must communicate effectively with business stakeholders and senior management to escalate and convey threatening risks and issues during business-as-usual and state of emergencies to produce the right business decisions.
Selecting the right mix of technologies is important. There is no single silver bullet. Companies need a suite of tools to address their risks and those technologies must integrate and have interoperability. Technologies vary significantly, from the ability to aggregate forensic data from multiple systems, to the ability to perform analytics to detect an attack. A critical tool is real-time alerting and reporting, as timely detection is paramount to responding quickly during an attack. Selection of technologies must balance achieving objectives, ROI and minimizing risks.
Process standards and documentation are important to prevent costly operational errors that occur because of the “fog of war” during emergency situations. Processes should be consistent with industry standards (i.e. ISO ISO27001:2013) but adapted to the organization’s needs. Standard Operating Procedures, Incident Response Plans, etc. should address, at minimum, medium to high risk and severity scenarios.
To view the original article and learn about additional insights, go to
For more information about how to build a security operations center (SOC), email firstname.lastname@example.org