What is a SOC (security operations center)?
The team that monitors, detects, and responds to security threats — the common entry point for the SOC Analyst role.
What it means
A security operations center (SOC) is, per Microsoft, "a centralized function or team responsible for improving an organization's cybersecurity posture and preventing, detecting, and responding to threats." (NIST's CSRC glossary also defines the term.)
It is where many people start in cybersecurity: the entry role is typically a SOC Analyst (Tier 1), monitoring alerts and logs and escalating real incidents, often using a SIEM tool.
Definitional only; see the SOC Analyst role page for the cited skills and roadmap.
Sources
- Microsoft — What is a security operations center (SOC)?: https://www.microsoft.com/en-us/security/business/security-101/what-is-a-security-operations-center-soc
- National Institute of Standards and Technology — NIST CSRC Glossary: https://csrc.nist.gov/glossary
Citation Ledger
| ID | Supports | Evidence | Source |
|---|---|---|---|
| CIT-01 | Microsoft — definition of a security operations center | Official source page | Microsoft — What is a security operations center (SOC)? |
| CIT-02 | NIST CSRC glossary — security operations center | Official source page | National Institute of Standards and Technology — NIST CSRC Glossary |