NIGEL PHAIR
ARE SOCS THE NEW BLACK? by Nigel Phair, Chair, Australasian Council, at CREST International
In cybersecurity, a security operations centre (SOC) is
AN SOC IS CRUCIAL
still a relatively new concept with multiple definitions
A SOC is responsible for an organisation’s overarching
and scope. What a SOC should and should not do is a
cybersecurity practices, which can include prevention
matter for debate, but working in one—particularly for
and incident response. By its very nature, a SOC forms
aspiring cyber professionals—is becoming a specific
a crucial part of an organisation’s compliance and
career path.
risk management strategy. It is focused on people, processes and technology and on managing and
A quick search on Seek and LinkedIn reveals a
enhancing an organisation’s security posture.
multitude of SOC jobs ranging in seniority and technical ability. At face value, working in a SOC
Organisations may consider setting up a SOC when:
would seem a solid career path.
they start handling more sensitive data; the threat landscape has changed, or become more concerning
A SOC is staffed by a team created to protect
and requires improved security; when the organisation
organisations from cybersecurity breaches by
(and therefore the attack surface) has grown larger.
identifying, analysing and responding to threats. SOC teams comprise managers, security analysts and
Ideally a SOC should have a holistic view of the
security engineers. The best SOC team members
organisational threat landscape, of the endpoints,
have an enquiring mind, use a broad range of
servers and software used, and of any third-party
tools and observations to make assessments and
services and traffic flowing between assets. To
enjoy the team environment. Like all cybersecurity
increase agility and ensure peak efficiency a SOC
environments, having team members with diversity
should keep detailed records and maintain full
in background and thinking will boost the team’s
understanding of the cybersecurity measures
capabilities and produce better decisions that will
currently enabled, along with all the workflows used.
ultimately make an organisation more resilient. To
86
create such an environment SOC managers should
A SOC is usually overseen by a SOC manager, but
liaise closely with an organisation’s business and IT
may also contain security analysts as the first line of
operations teams.
defence, and security engineers who may be software
W O M E N I N S E C U R I T Y M A G A Z I N E
M A R C H • A P R I L 2023