Security Operations Center (SOC) People and Process
- Career vs. Job
- Developing Job Roles
- SOC Job Roles
- NICE Cybersecurity Workforce Framework
- Role Tiers
- SOC Services and Associated Job Roles
- Soft Skills
- Security Clearance Requirements
- Pre-Interviewing
- Interviewing
- Onboarding Employees
- Managing People
- Job Retention
- Training
- Certifications
- Evaluating Training Providers
- Company Culture
- Summary
- References
Every Security Operation Center (SOC) service requires the right people and processes to be successful. This chapter introduces all of the different job roles that are common in mature SOCs around the world. It describes skill requirements for each of the roles as well as expectations for daily duties. I cover how to find the right people for your SOC and groom them using different programs that tie directly back to the SOC’s service success. Topics include job roles, recruiting, interviewing, onboarding, and outsourcing people and process.
This chapter is from the book
This chapter is from the book
This chapter is from the book
Never forget what you are. The rest of the world will not. Wear it like armor, and it can never be used to hurt you.
—“Tyrion Lannister,” Game of Thrones (George R. R. Martin)
This chapter focuses on the human element of the SOC. These are the people that deliver the services covered in Chapter 3, “SOC Services,” and will be the highest cost of running the SOC. According to a 2018 survey of 620 IT and cybersecurity professionals conducted by Enterprise Strategy Group (ESG), as summarized by Jon Oltsik, a senior principal analyst at ESG, “cybersecurity represents the biggest area where their [survey respondents] organizations have a problematic shortage of cybersecurity skills.” This means not only are good people hard to find, they are even harder to keep because the technology industry has more jobs than people to run them. This chapter looks at what skills are recommended for different SOC job roles, how to recruit the right people, and strategies to keep those people excited to be part of your SOC. Without the proper people, process, and technology, your SOC will experience failures in services. Also, remember from Chapter 3 that people are one of the three pillars (along with work environment and technology) of the foundational SOC support services that must be in place before any SOC service can be launched. Let’s now spend a chapter focusing on your people.
Career vs. Job
My mother used to explain that the difference between a job and a career is the perspective of the person doing the work—that is, how serious the person considers the work to be. For example, many teenagers look for a job simply to save enough money to purchase things they want. They don’t care about advancements in their job because they are working just for the paycheck and typically don’t even know or care about the mission of the organization they work for. By contrast, people who are career-driven are not showing up just for a paycheck. They also want career advancement, training to improve their skills, and the satisfaction of spending time working on something they enjoy doing.
The goal of this chapter is to help you not only plan to recruit career-driven people, but also develop and retain talent, because people are going to be your SOC’s most important assets.