The Security Operations Center is a cybersecurity first principle strategy.

The Security Operations Center (SOC) is the nerve center of a company’s information security program. Rick teaches us the history of the SOC and why it’s so fundamental to every good security program. He shows us exactly where our SOCs go wrong, the framework for the ideal first principle-guided SOC, and the best way to convince leadership that change is necessary.

Four members of the CyberWire’s Hash Table of experts:

• Don Welch: Interim CIO of Penn State University
• Helen Patton: CISO for Ohio State University
• Bob Turner: CISO for the University of Wisconsin at Madison
• Kevin Ford: CISO for the State of North Dakota

discuss SOC Operations in terms of intrusion kills chains, defensive adversary campaigns, insider threats, cyber threat intelligence, zero trust, SOC automation, and SOC analyst skill sets.

Cybersecurity professional development and continued education.

You will learn about: the first principles of a SOC, the ideal SOC, improving your SOC, convincing leadership that change is needed

CyberWire is the world’s most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram

Additional first principles resources for your cybersecurity program.

For more SOC and cybersecurity first principles resources, check the topic essay.

Selected Reading:

1. "5G/SOC: SOC Generations,” by HP ESP Security Intelligence and Operations Consulting Services, May 2013, Last Visited 30 June 2020. 
2. “ABOUT ISACs,” by The National Council of ISACs, Last Visited 30 June 2020. 
3. “A History of Western Technology,” by Friedrich Klemm, published by Iowa State Press, 1 July 1991, Last Visited 30 June 2020. 
4. “A tour of AT&T's Network Operations Center (1979) - AT&T Archives,” by AT&T Tech Channel, 19 November 2012, Last Visited 30 June 2020. 
5. “Phenomenati's Taxonomy of a SOC™ for Cyber Security Operations,” by Phenomenati, Last Visited 30 June 2020. 
6. “Richard Pethia,” by the Software Engineering Institute, Carnegie Mellon University, Last Visited 30 June 2020.  
7. “Testimony of Richard Pethia, Manager, Trustworthy Systems Program and CERT Coordination Center Software Engineering Institute, Carnegie Mellon University, Before the Permanent Subcommittee on Investigations U.S. Senate Committee on Governmental Affairs,” Federation of American Scientists (FAS), 5 June 1996, Last Visited 30 June 2020. 
8. “The CERT Division,” by the Software Engineering Institute, Carnegie Mellon University, Last Visited 30 June 2020.  
9. "The Exabeam 2020 State of the SOC Report,” by Exabeam, 2020, Last Visited 30 June 2020. 
10. “The Morris Worm: 30 Years Since First Major Attack on the Internet,” FBI, 2 Novemebr 2018, Last Visited 30 June 2020.
11. "The National Sigint Operations Center,” NSA FOIA Release, 4 May 2007, Wayback Machine, Last Visited 30 June 2020. 
12. “U.S. Cyber Command History,” by U.S. Cyber Command, Last Visited 30 June 2020.