An IT SOC (Security Operations Center) is made up of three levels. The first level responders are responsible for processing alerts and escalating more complex tasks to level 2 SOC analysts. Depending on the size of the company, this level can be outsourced to external companies. The second level analysts are skilled in Digital Forensics and Incident Response. They are responsible for initiating triage of infected workstations on the network. The third level is comprised of senior responders who have years of experience within the specific network. They are like the special forces of DFIR (Digital Forensics and Incident Response).

How is an OT SOC different from an IT SOC? The first level in an OT (Operational Technology) SOC is very similar to that of an IT SOC. As long as there is incorporation of an OT-specific SEIM (Security Information and Event Management) and IDS (Intrusion Detection System), level one analyst can be in-house or outsourced resource. Level two analysts should be specially trained to recognize ICS (Industrial Control System) specific protocols and threats. However, for the third level, you need engineers and field personnel, individuals who have built the system in the first place. As an OT Security Analyst, you must be able to communicate and build healthy relationships with field personnel, network security management, and senior management.

As someone who has spent over 18 years as a field operator and 3 years as a field supervisor for the largest government-owned municipal, and has also received hands-on ICS Cybersecurity training from individuals like Rob Lee (CEO of Dragos and Vice Chair of Grid Resilience for National Security Subcommittee for the U.S. Department of Energy) along with years of Web App developer experience, I am confident in my abilities to excel in this position. Learn more…