I picked up this book while planning a project to build an integrated SOC that combines threat intelligence, data science, physical security, and network operations under one umbrella. I was looking for actionable insights to guide me in this ambitious endeavor. While the book delivers on a few key points, it left me wanting in areas critical to the kind of joint operations I was envisioning.
The guide does an excellent job of addressing the foundational elements of building a Security Operations Center. It walks you through creating a business case, considering financial, operational, and regulatory requirements. These are crucial for anyone trying to secure executive buy-in. The sections on policies and procedures are helpful, as are the discussions on metrics to demonstrate an SOC’s value to management. These parts alone could be invaluable for someone just starting their SOC journey.
However, if you’re thinking about a more advanced SOC—one that blends various disciplines like data science and physical security—this book doesn’t fully deliver. The insights into joint operations and the interplay between different functional areas felt surface-level. That was disappointing given the evolving complexity of modern SOCs.
One aspect I did appreciate was the inclusion of practical tools like case studies, checklists, and sample objectives. These elements add tangible value and can serve as starting points for tailoring your own SOC’s operations.
Ultimately, this is a solid guide for building a traditional SOC and gaining management support. If your vision includes a fully aware, multidisciplinary SOC, you may find yourself searching for additional resources to fill in the gaps. That said, this book is worth a read for its clear explanations of the basics and its structured approach to making an SOC operational and valuable.