Valerie Wilson explains what’s required to create an effective Security Operations Centre for customers.
About three years ago my husband and I embarked on the tough journey to build our own house. It was an experience which saw many stressful days and nights developing plans and gaining permissions, with countless phone calls to builders to push to get everything finished in time for Christmas dinner. I remember distinctly three days before Christmas I was in my living room putting up the tree, and outside it was like a scene from DIY SOS with about 12 builders’ vans hastily completing everything before heading off for the break (you can see some of them in the photo above).
So the house was finished by the deadline, but what I didn’t realise is that it would take longer to create a real ‘home’ for our family. The bricks and mortar were simply step 1… similar to the way that any good Security Operations Centre (SOC) should be created.
Cybersecurity stands as the industry’s fastest-growing sector, fuelled by the global imperative for companies to safeguard their data and uphold their reputation. Without a dedicated team of cyber experts, companies can become uninsurable and face significant brand risk for them and their customers.
The solution for many organisations might well be to set up a SOC, tasked with managing cyber-related issues and providing a focal point for related knowledge and expertise. But where do you start? I’ve witnessed first-hand the journey from concept to realisation and maturity, as SOCs emerge worldwide to safeguard customers everywhere.
The physical placement of a SOC is critical. Traditionally nestled high above or deep below ground to evade prying eyes, the location can depend on the data’s security level. Yet regardless of the position, features like fortified walls, armoured cabling, secure access, surveillance cameras, tinted windows (if any windows at all!) and top-level personnel clearance are customary within any SOC. It’s evident that constructing a SOC demands substantial investment, which needs to be accounted for in any client bid, as within these walls the true magic unfolds. Step 1 is complete.
Adjacent positioning of the SOC is equally vital. Proximity to ‘normal’ networking or IT service desks, technical towers, and other support functions accelerates incident resolution, fosters talent development, and offers a customer showcase environment.
Professionalising the SOC is imperative. Attaining certifications such as ISO27001, ISO22301, Cyber Essentials, or ITIL maturity ensures adherence to best practices, instilling confidence in our customers.
However, the heart of any SOC lies not in its infrastructure but in its people. Highly trained and disciplined individuals demonstrate a culture of continuous learning, armed with certifications like Network +, Security +, CISSP, CISM and ITIL Foundation. These individuals forge partnerships with customers based on trust and relationships, underscoring the human element’s irreplaceable value amidst so much talk of AI and automation.
When exploring with potential customers their needs and wants around their security offering, they consistently refer to professional expertise and the need to feel that they have a trusted partnership with their supplier. They want to have confidence in their provider and to know they have ‘got their back’ at all times. This must always be a two-way deal as so often the customer’s culture is of critical important in the security environment. Constant education of their staff in everyday topics like password security, fishing emails and good physical security will certainly help pave the way for solid collaboration between client and provider.
In summary, it’s positioning, professionalisation and, above all, trusted partnerships that will ensure the customer’s protection. Bricks and mortar represent merely a fraction of the work that goes into a successful SOC, as they do with a new home.
It’s what you put inside the walls that creates the right environment for staff or indeed for your family to thrive in. The day you move in is just the beginning. The real magic happens with every improvement that you make.