SOC Operations Poll

Hello All!

I’m gathering some data to create example materials (tutorials and demos) that are most helpful for the overall community. With your help, I plan to gather as much realistic data as I can on the characteristics of the SOC at various organizations.

To do that I need your help with two things: (A) Please fill out the poll below with the most accurate information you can about your SOC (it’s anonymous and I’m not asking anything that you should have to worry about disclosing). (B) Please pass this along to anyone else you know in the industry that works in (or knows enough about) their SOC. If they aren’t yet a member of SecOps Hub, we’d love to have them here to help build the community into a strong resource that we can all rely on. Thanks in advance for your help! Here are the questions:

Remember that there are no wrong answers. Answer to the best of your ability to help me collect representative data.

What is the size of your entire organization/company (employees and any contractors that have employee like access and use of the IT resources)?

Is your SOC distributed (portions of it operate in different physical locations)? (this would not mean having analysts that work remotely and remotely connect to the SOC to do their work).

How many levels of hierarchy do you have operating in the SOC? (For example, if you have a small team of analysts, two or three managers and a CIO/CISO that run your SOC you would have three levels of hierarchy. The purpose of this question is to determine how many levels of different access to the tools are required).

How many analysts do you have in your SOC? (For this question, how many people work at the lower level in the SOC doing the lion’s share of the tasks – regardless of whether or not you call them analysts).

Thank you in advance for your help in gathering this information!
Jay

How many monitors do you use?

How many tabs do you usually have open at once?

How many tools do you jump between throughout your workday?