SOC Transformation - From 3-Tier to Functional SOC

Presented at Kernelcon 2019, April 5, 2019, 3:40 p.m. (20 minutes)

There are many ways to organize a Security Operations Center (SOC). Among the most pervasive models is the 3-tier SOC model. This talk explores one organization's journey to transform away from a 3-tier SOC model to a functional SOC model focused on Detection, Monitoring, and Response. Discussion includes reasons for making the change and lessons learned along the way.

Presenters:

• Kevin Houle
  Kevin has a 29 year career spanning the telecom/ISP, CSIRT, security vendor, and enterprise security spaces. He's helped build ISPs, applied research programs, security research teams, threat intelligence capabilities, and security operations centers. In his spare time he enjoys family, woodworking, and boating.

Links:

• https://2019.kernelcon.org/agenda#soc

Similar Presentations:

• ShmooCon 2023 / How to Save Your SOC from Stagnation
• NolaCon 2022 / Build your first SOC
• DerbyCon 2.0 Reunion (2012) / How to create a one man SOC