How the SOC is evolving to meet new threats [Q&A]
As cybersecurity threats grow more sophisticated and relentless, the role of the Security Operations Center (SOC) has never been more critical.
In response organizations are re-imagining their SOCs to address the dual challenges of an evolving threat landscape and a shifting workforce dynamic. We spoke to Scott Scheppers, chief experience officer at LevelBlue to find out more about this shift and how SOC teams are pivotal in safeguarding operations, fostering innovation, and mentoring the next generation of cybersecurity talent.
BN: Why are security operations centers (SOCs) an essential component of organizations’ cyber resilience strategy?
SS: At their foundation, the core functions of security operations centers (SOCs) are to continuously understand an operating environment and execute actions that protect businesses from unsanctioned activity in that environment. Put simply, SOCs must detect, analyze, and respond to cyber threats 24/7. This work is essential to ensure security, which is a key pillar of resilience.
As today’s cyber landscape continues to evolve, it’s no longer a matter of if but when an organization will face a cyberattack. Effective cyber resilience strategies will help reduce the cost and minimize the impact of eventual incidents, and SOCs are a crucial piece of the puzzle.
BN: How does strong SOC leadership influence the efficiency and effectiveness of SOC technical operations?
SS: Most SOCs are still reliant on human operators. Strong leadership can help enable those operators to achieve priority business outcomes while simultaneously fostering their growth as cybersecurity professionals. Leaders must constantly look for innovative ways to empower their people to become more productive and engaged. In my experience, strong SOC leaders differentiate themselves through depth of understanding of their people, processes, and technology and ability to manage each accordingly depending on the needs of the current operating environment.
BN: What role do SOCs play in cultivating the next generation of cybersecurity talent?
SS: A SOC is where the fundamental functions of cybersecurity -- detect, analyze, and respond -- occur daily. It allows operators to learn by doing. This includes understanding the strengths and weaknesses of customer environments, different tactics of bad actors, and how to use different analytic and response tools. The SOC is a one-stop shop for young operators to get exposure across a wide spectrum of cybersecurity. The more exposure they can gain, the more knowledge they can reference as they find their niche and hone their interests across other parts of the cybersecurity ecosystem.
BN: What key traits define the next generations of SOC leaders and how can organizations proactively nurture these qualities to build strong leadership pipelines?
SS: An inquisitive mindset is essential for SOC operators and leaders! A SOC operator must be driven to better understand the various aspects of cybersecurity (people, processes, and technology).
The people element of cybersecurity is important but often overlooked. Future SOC leaders will need emotional intelligence to complement their technical competence. While not always found on a resume, soft skills like empathy, critical thinking, and effective communication are essential and enable leaders to connect and influence their teams. These skills are not as easily taught or assessed but often must come from experience while operating in a very trusting environment with bosses and peers.
Technical competence is a trait that remains vital. I’d note that future SOC leaders will not be successful by simply understanding the technology set. The most successful leaders will be those who can adapt and creatively apply technology in ways we have not yet seen. A perfect example is artificial intelligence. A leader who has the vision to apply AI to their environment to make their business outcomes more effective will be more valuable than a peer who does not.
BN: How could artificial intelligence be used to enhance the future of SOC operations?
SS: AI can and will supplement and then replace current human processes in SOCs sooner than later. Aspects of AI have already been used in SOCs for years. As AI agents grow more powerful and learning models take root, SOC processes will increasingly benefit from tools that streamline efficiency in nearly every measure, especially speed and accuracy. Humans in the SOC will increasingly adopt a strategic view deciding what tasks should and should not be done by AI along with defining the risk upon which the AI system will execute. The value a human brings to a SOC will change, but not disappear.
Image credit: mikkolem/depositphotos.com