Do you have the right mix of skills in your security operations center (SOC)? Whether your SOC is brand new or has been around for years, you need to be sure it’s built to meet the demands of today’s complex security landscape.
In this post, we’ll define the most important skills any SOC should have today so you can be sure to have the right mix of people to safeguard your business.
Effective Team and Communication Skills
Regardless of the role, every SOC team member must have good teamwork and communication skills. With more threats cropping up every day, tools to manage, and tasks to execute, it’s critical that your team can work well together. From properly escalating alerts to interacting with management and training new employees, everyone must be a team player.
Broad and Deep Familiarity with the Security Landscape
While every SOC team member should specialize in a particular area of security, they all should understand the broader security landscape, too. Understanding how the kill chain works, for example, is a good marker of their experience level.
They should understand what possible threats could hit the organization, how an adversary works their way down the kill chain and into your network, what the impact would be, and what has to be done to get rid of them before they complete their mission. Without this broad and deep understanding, they may not be able to aid the SOC in properly defending the organization.
Passion for Their Work On and Off the Job
A marker of an exceptional SOC hire is someone who not only loves their day job, but is passionate about IT and security as a whole; whether they’ve build a tool on their own, manage a community hackathon, are a security researcher, or attend regular conferences and meetups to learn.
They have a deep rooted desire to make a positive impact in the world and the companies they work for. With how rapidly the threat landscape is changing today and how pervasive attacks are, the people on your team need to have both practical experience an ever-growing database of knowledge in the space.
Ability to Build and Manage a Complex Security Technology Stack
Today, it seems there’s a solution for every edge case in security. In general, that’s a good thing, but it also means your team needs to know how to use many of them and be able to manage an increasingly complex and interconnected toolset.
While they should be comfortable using standard technologies like IDS and malware services, they should also be proactive about recommending new ones that can help the team complete tasks better and faster. As a bonus, they should be willing and able to train others on how to use these tools so that everyone can maximize the value of them.
Performs Well Under Pressure
It’s no secret that being in security today is a stressful job. As large and destructive breaches continue to make the front page of the news, companies are under more pressure than ever to protect themselves — for the sake of the business and their customers.
A good SOC team member is cool under fire and quick to respond to issues. And depending on the vulnerabilities your organization faces and the nature of your security program, SOC team members may need to be on call at various times to handle incidents as they arise. So whether an issue crops up at 2a.m. or 2p.m., your team should be ready, eager, and focused to take it on.
Ability to Troubleshoot Common and Unusual Problems
Because threats evolve at an astonishing rate, your SOC should be stock full of problem solvers. A great SOC team member should be naturally curious, creative, and determined to get to the root of any problem, common or not. They don’t stop when things get tough, and are persistent about double and triple checking their investigations to be sure every nook and cranny is covered.
Building a Strong and Modern SOC
With the right people at the helm, your next mission is to optimize, optimize, optimize! Even with a large and highly skilled team, the volume of alerts and threats can be overwhelming, and tasks can quickly slip through the cracks.
To help your people, processes, and tools work together like a well-oiled machine, security automation and orchestration can tie it all together. By automating and orchestrating many common and repetitive tasks, your team can elevate its focus, side skirt alert fatigue, and get ahead of threats.