glossary

What is a SOC (security operations center)?

Source-cited RoleMath page about What is a SOC (security operations center)?.

Build my personalized career plan

Researched by RoleMath Research. Every figure on this page traces to the official source shown next to it.

What is a SOC (security operations center)?

The team that monitors, detects, and responds to security threats — the common entry point for the SOC Analyst role.

What it means

A security operations center (SOC) is, per Microsoft, "a centralized function or team responsible for improving an organization's cybersecurity posture and preventing, detecting, and responding to threats." (NIST's CSRC glossary also defines the term.)

It is where many people start in cybersecurity: the entry role is typically a SOC Analyst (Tier 1), monitoring alerts and logs and escalating real incidents, often using a SIEM tool.

Definitional only; see the SOC Analyst role page for the cited skills and roadmap.

Sources

  • Microsoft — What is a security operations center (SOC)?: https://www.microsoft.com/en-us/security/business/security-101/what-is-a-security-operations-center-soc
  • National Institute of Standards and Technology — NIST CSRC Glossary: https://csrc.nist.gov/glossary

Citation Ledger

IDSupportsEvidenceSource
CIT-01Microsoft — definition of a security operations centerOfficial source pageMicrosoft — What is a security operations center (SOC)?
CIT-02NIST CSRC glossary — security operations centerOfficial source pageNational Institute of Standards and Technology — NIST CSRC Glossary

Ready to see how this fits your background?

RoleMath planner