Generally, the effectiveness of any security operations center is largely determined by the level of efficiency demonstrated when analyzing, responding to, and remediating threats across its stewardship. However, with limited personnel, resources, and time, even inefficiently accomplishing these tasks can be daunting. Due to the asynchronous nature of cybersecurity threats, manual monitoring and even polling-based functionalities are quickly becoming ineffective to counter the increased sophistication of bad actors. The emergence of event-driven microservices in IT represent a growing desire for organizations to increase efficiency, awareness, and organization throughout the enterprise. These same benefits are especially applied to security, an inherently event-driven environment. Converting to an event-driven/microservice architecture however, can quickly become a chaotic mess of interdependent services. Especially in large enterprises where uniformity is not always guaranteed and hybrid infrastructures exist, a flexible design is needed to maintain consistency, in addition to providing the benefits of a microservice architecture. In order to facilitate and coordinate security functionality across three distinct institutions/IT environments, the Church Educational System (CES) Security Operations Center at Brigham Young University decided to adopt an event-driven microservice architecture. In this presentation we will describe the challenges, benefits, and applications of this architecture. Specifically, we will detail our evolution toward event-driven security, the requirements necessary for us to effectively transition, and how we are currently using this architecture to enable security functionality throughout the enterprise.