The current model of building security operations center (SOC) is not sustainable. This is probably not a news for many of my readers. Working with many businesses, small to large and regional to international organizations, I have been thinking about this quite a lot lately. I have been publishing CISO MindMap for over eight years to explain and highlight complexities of work that security professionals have to do. With digital economy taking a foothold, the CISO’s work is just getting more complex as new technologies are adopted by businesses, strict privacy laws are enacted globally, and attack surface is expanding by each day. Networks are no longer confined to data centers or corporate offices, and older ideas of managing security operations are obsolete.
With digital economy taking a foothold, the CISO’s work is just getting more complex as new technologies are adopted by businesses, strict privacy laws are enacted globally, and attack surface is expanding by each day.
Working on my latest book “Cybersecurity Arm Wrestling – Winning the perpetual fight agains crime by building a modern Security Operations Center (SOC)” has made me even more convinced that something needs to change (or many things need to change depending upon how you frame the challenges). Managing cost of security programs is a challenge, SOC analysts are stressed out by overwhelming number of incidents, and CISOs are living in the constant fear of when the next data breach is going to happen and how would it impact their career. This can’t continue. It is not sustainable.
Why SOC Conference?
There is a need for major changes in foundational thinking about how to run security operations. Most security conferences are too generic and focusing on tactical and derived work. There is a need for new, original, and thought-provoking ideas to change our practices for managing security operating and optimizing risk. Our industry needs this badly. For these reasons, I have started thinking about a 3-day conference in 2021 to exclusively focus on SOC by gathering best minds and exploring new ideas.
What could/would be the Conference Focus Areas?
Per my initial exploration, following are some of the major areas of focus for the conference. However, I believe these would evolve and change as I get more feedback from industry leaders.
- Alternate models for the SOC of the future
- SOC for IoT, OT, Autonomous Vehicles and other emerging industry needs
- Implication of Cloud, Containers, Serverless Computing on SOC
- Threat visualization, Threat Intelligence
- Cooperative SOC for vertical markets
- SOC Innovation and frameworks, Meaningful Metrics
- SOC in the Cloud, SOC as a Service
- SOC People: Stress management and well being
- Automation, Machine Learning for SOC technologies
- Open source SOC
- Incident Response, Digital Forensics
- Planning and implementation, Business case development
- Emerging SOC technologies
- Global SOC challenges, privacy laws, data sharing across physical boundaries
- Integrations, APIs, Ticketing Systems
- Knowledge Management
Want to be Involved?
In the short team, I would like to create an advisory council for the conference. However, there are many other areas where help is needed. Please check and fill out this Google Form if you are interested in getting involved.
While upgrading SOC technologies, bringing in new tools, and continuously training SOC staff are all great things to do, these don’t solve the fundamental issue of long term sustainability of the SOC model itself. With expanding sources of data and ever-evolving new threats, we, as industry need to bring new thought process to question what we are doing today and what is the best path forward. The objective of this conference is to do exactly that by challenging the status quo and bring fresh and original thoughts to meet new challenges.
Subscribe to this Blog
Subscribe to my blog to keep updated about this and other thought-provoking discussions. You will get an email when a new post is published here.