January 18, 2021

HELP: I have been tasked with setting up a SOC from nothing

So I am a network engineer by trade at my work however over the last few years the company has realized that they can no longer just ignore cyber security. Through luck and placement I have become the “cyber” person as I showed interest in cyber and hacking and my work was looking for an inside hire.

They have sent me on some SANS courses as that was what was recommended to them to create cyber personnel.

I have been tasked with setting up a small SOC. We have ok funding and so have most of the equipment we need however what we are low on is man power (and we are not going to get any more). We are essentially no documentation / procedures and are making it up as we go along.

Does anyone have any documentation / tutorials / guides about how a SOC should be run. Anything from “day in the life of SOC analysis” or standard operating procedures would be amazing or links would be great.



Honestly that’s a hell of a task. I was dumped into a similar position about five years ago.

I highly recommend you check our MITRE’s “Ten Strategies of a World Class CyberSecurity Operations Centre”.

This kind of question is something that you pay a consultant $1200 a day for about three months to set up for you. It’s going to be a rough journey. If you have any specific questions, HMU, but general advice is wayyy too general – really something that would be a four day course somewhere.

The SANS 511 course is really key imo, if you haven’t done it. It really shows you how to set up a SOC. 599 is really useful as well.


If they’re asking you to build a SOC and you have no experience doing so, then it’s the wrong decision to build a SOC. It would be best to augment with a third party until your organization is capable or building and operating a SOC. It also has to make business sense.

And by all means… no offense to you. I wish you the best.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.