Security operations centers (SOC) are the backbone of the cybersecurity industry providing defense, mitigation, and incident response against risks and attacks. However, SOCs are often criticized as ineffective, and one of the most frequently asked questions about SOC performance is “how to measure SOC effectiveness?” While mean time to resolution (MTTR) is the standard measure of effectiveness, this high-level measurement does not address the underlying optimization and performance improvement opportunities. SOC teams cite lack of visibility to attack surfaces, analyst burnout and turnover, and lack of budget for technology enhancements as the rationale for low performance.

Effective SOC performance is a critical factor for cybersecurity success in a rapidly evolving threat landscape. In this session, an expert panel will discuss recommendations to improve SOC performance such as automation, machine learning, strategic alignment, and analyst burnout. Invite your SOC managers and analysts to join us as we explore opportunities to optimize SOC performance:

Session Outcomes:
1. Identifying critical drivers for SOC performance (beyond MTTR)
2. Recognize the value of strategic alignment in SOC operations
3. Differentiate between high and low performing SOCs
4. Understand the barriers to optimal performance
5. Discuss recommendations and enhancements to SOC support performance

ICIT Panelists include:
– Colonel Joshua Rockhill, Commander 688th Cyberspace Wing, USAF
– Jennifer Saunders, Branch Chief, Computer Security Incident Response Center (CSIRC)
– Dan LaGraffe, Deputy CISO, US DOE
– Gunter Ollmann, CSO, Devo
– Moderator: Joyce Hunter, Executive Director, ICIT