The Changing Role of the Modern SOC
Security Operation Centers (SOCs) aren’t what they used to be — basements crowded with network traffic analysts who rarely saw the light of day. Remote and hybrid work patterns, the diffusion of office locations and advancements made in remote monitoring and management tools have forever changed the face of the SOC.
Further, the demand to keep operations working around the clock with less staff means teams SOC must be more efficient than ever. And they must be more involved with the business and what it is trying to achieve.
FREE role-guided training plans
A.N. Ananth, Chief Strategy Officer and Resident Cybersecurity Evangelist at Netsurion and co-creator of Netsurion’s open XDR platform, believes SOCs are warranted for medium to large organizations at a minimum. But while small organizations need them, too, the function tends to be outsourced.
“The SOC monitors and secures the IT assets, cloud-based systems, and the remote or in-house employees of the business,” said Ananth. The network is so critical that losing it negatively impacts a business in a major way.”
Running a SOC without running the SOC team into the ground
If a SOC operates 24/7, it will need at least 12 people to ensure they all keep reasonable schedules, can have time off and can be trained on the latest technologies and security strategies. Beyond that, SOCs with more resources can incorporate threat intelligence, threat hunting and automation and become proactive about potential threats. Thus, the skill sets required within a SOC will vary. Some will include top-notch threat hunters who can get to the bottom of an incursion, while others may only be able to recognize potential threat content and send an alert. There is also a need for basic monitoring duties, as well as a manager to run the SOC and someone who can interface well with other departments and clients.
“The advantage of working in a SOC is that it allows some degree of specialization and a career growth path for individuals,” said Ananth. “The SOCs that succeed really understand what the business is, what risks are appropriate, what users are doing, what sorts of applications are in play and what is important to keep things running.”
The remote SOC trend is accelerating, and it’s a boon for young professionals
The trend towards remote or hybrid rather than centralized SOCs has been slowly evolving for years, but the COVID-19 pandemic accelerated it. SOC duties can be done remotely without losing much or exerting too much impact on contracted service level agreements (SLAs). This trend also opened the door to a much wider recruitment pool. With IT resources, especially skilled cybersecurity personnel, being in such short supply, SOCs could pick up employees nationwide or even globally.
FREE role-guided training plans
Of course, this brings a new set of challenges related to distance, time zones, schedules, the division of duties and overall management.
SOC positions are in high demand. Where are the qualified candidates?
Like many other sectors of the cybersecurity industry, remote SOCs often hit a barrier in finding the right resources. Despite a surfeit of qualified people looking for work, HR departments frequently need more candidates. Professionals with many certifications and skills sometimes say they have sent their resumes in response to dozens or even hundreds of job postings without getting a single interview. How can this be?
Part of the problem is the pattern-matching systems used in HR to weed out wildly unqualified entries by requiring certain key phrases to appear in the resume. Just as bad, the application process is crafted by HR workers who often know little or nothing about IT and cybersecurity. They get the job description asking for a certain number of years of experience and several certifications such as CISSP. If CISSP doesn’t show up in the document, HR doesn’t mark them as candidates – even if they have other similar certs that would probably suffice.
Ananth believes it’s possible to “train” HR to understand what’s being implied instead of just strictly what’s being said in a resume, focusing on experiences and qualifications that don’t fall under strict degree or certification signposts. “The most interesting people may come from the most unconventional backgrounds,” he says.
Ananth recommended placing less importance on educational qualifications and more on finding people with a demonstrated track record of being able to think and function on their feet in challenging situations. Yes, you may make the occasional mistake if you are a little looser with hiring requirements, but a probationary period can be a way to get around that.
What should you learn next?
Curiosity in IT and cybersecurity
There is an old saying, “Curiosity killed the cat.” That may well be the case for cats in certain situations, but curiosity won’t kill a cybersecurity career. Ananth isn’t necessarily keen to hire someone who has been doing the same function for 11 years, as it may indicate someone satisfied with merely doing the same work day after day, year after year. Potential SOC employees should have the right mix of curiosity and experience. Curious people tend to be more teachable and interested in learning new things. If hiring someone with the ideal qualifications and the requisite number of years of experience is beyond your budget, it might be time to recruit someone who can be trained rapidly. Therefore, look for signs that the person is exploring new horizons, is keen to try new things, and can think on their feet during interviews.
SOCs offer cybersecurity opportunities
The modern SOC, then, is changing rapidly from its traditional roots. Remote operations, smaller teams and the demand for higher efficiency would appear to limit the number of cybersecurity opportunities available to young professionals. But the opposite is true. More organizations than ever require SOC services, whether in-house or outsourced. Those with the right mix of skills will find ample SOC career possibilities in the coming years.
Learn more about A. N. Ananth's predictions for the future of Security Operation Centers by watching this episode of the Cyber Work with Infosec podcast.
Get unlimited and self-paced training for you or teams in your organization with Infosec Skills.
- 190+ role-guided learning paths
- 100s of hands-on labs & cyber ranges
- Custom certification practice exams
In this Series
- The Changing Role of the Modern SOC
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
- I failed my CREST Certified Infrastructure Tester exam: Here’s my story
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity