 |
 Building and maintaining skill sets and expertise in a SOC is a difficult task – and many security leaders face this challenge. They are not able to retain best of the talent for long term. There are too many tools for them to invest in,,, too many alerts that pop up when the tools are deployed…. and, an insufficient number of people to look after the alerts or to manage the tools. Traditional approach of L1,L2 and L3 doesn’t help retain the talent, as many L1,L2 analysts who are assessing the alerts get bored easily and start to look for new jobs, sooner or later.
A better approach for managing talent within SOC environments, would be to have a role-based approach and not a level-based approach. The entire SOC team could therefore be comprised of the following:
This new “team” and “role” approach adds new capabilities to the traditional structures that have existed for decades. It may takes time and focus to implement, and this approach will become easier as you start to add these functions. A phased approach is better than a big bang approach.
All the team members within SOC team should be rotated into different roles across these teams. This will help build skill sets in the team, retain talent, and also build backup of critical team member expertise. In the past, some organizations may have outsourced these functions – by taking the approach mentioned above, you will be able to bring the capabilities in-house, giving you more control of your SOC.
Follow me @prashantmishra1
The post Revisiting the SOC Structure appeared first on Speaking of Security - The RSA Blog. |
