To the professionals in the house. The organization where I work is looking to make a foray into cybersecurity services by launching a SOCaaS product. We currently provide managed services to multiple telcos and financial institutions. I took an interest in cybersecurity last year, consuming multiple books and video resources and at the moment, all I have to show for my pivot is getting the CompTIA Security + certification and now I’ve been tasked to lead this project. I feel grossly underqualified for this task and I am grasping at straws here. Any help, advice, and pointers would be deeply appreciated.

A couple of questions first…

1- For frameworks, do we go with NIST or CIS? Or do we just go the whole 10 yards and work towards getting ISO27001 certified?

2- For anyone who works or manages a SOC? What are the essential technologies/tools, hopefully with some real-world products that you think are critical to these operations? I know for SIEM, we are looking at Wahzuh or security onion but that’s about that.

3- What resources can I lay my hand on that would help expand my understanding of how to implement a SOCaaS project?



Share This Discussion

Leave a Comment

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.