© 2015 IBM Corporation
SOC Poland / GSOC
Damian Staroscic
Security Operations Center (SOC) Manager
IBM Security
+48-727-036-464
November 27, 2015
IBM Security
Why setting up, managing SOC and delivering
high quality security services is similar to running
best in class sport club?
w SOC
cer
3 © 2015 IBM Corporation
Agenda. It’s all about People, Processes, Technology and Strategy.
Never ending game
Owning various sports clubs
Build a stadium and training fields
Get team members
Players positioning. In a
„
flashlights
” and „behind the scene”
Invest in players and train them every single day
Teach juniors what the game is
Readiness to play always and everywhere
Record your game
Match stats
The game: Never ending...
$5.85M
average cost
of a U.S. data breach
5 © 2015 IBM Corporation
IBM
Security
Systems
IBM
Security
Services
Technology: Owning various sports clubs.
IBM Security invests in best-of-breed
Build a stadium and training fields. SOC facilities and lab.
Unified and collaborative work environment.
7 © 2015 IBM Corporation
Service operative since November 2011
Official opening in Sep 2012
Facility fully operational
2nd largest IBM SOC worldwide
Players positioning. In a
„
flashlights
” and „behind the scene”
SIEM Analysts
Operations Desk Analysts
TM Analysts
Security
Service
Managers
Quality Analysts
SIEM Correlation Engineer
Device Engineers
Device Analysts
SI Analysts
SIEM Administrator
VMS Administrators
Deployment Engineers
Integration Engineers
Project Managers
Device Engineers
ITRM Analysts
9 © 2015 IBM Corporation
Train every single day / Invest in players. SOC Analyst Profiles
ITIL v3
CCNA, CCNA Sec. CCNP
Juniper JNCIA-SEC JunOS
CompTIA Security+ Network +
CEH, SANS GCIH
Computer Forensics Specialist
IT Security Academy professional: Security Academy
IBM Security QRadar SIEM Foundations & Administration
ArcSight ACSA / ACIA
RedHat Certified Engineer
SUSE Certified Linux Administrator
Microsoft MCSA / MCITP / MCTS / MCP
Cooperation with major technical
academies.
Special programmes like internships,
graduates hiring in place to attract best
students.
Częstochowa (1)
Kraków (4)
Opole (1)
Zielona
–
Góra (1)
Szczecin
(1)
Wrocław
Katowice
Wrocław University of Economis
Wrocław University
Wrocław University of Technology
WSB School of Banking
Wroclaw School of Information Technology
Silesian University of Technology
Katowice University of Econmics Silesian University
Academy of Business
University of Bussiness Profession
University of Business
11 © 2015 IBM Corporation
Readiness to play always and everywhere. Global SOC 24/7/365
Atlanta, GA
USA
Global Command
Center
Core Data Center
Boulder USA UTC-6 Hortolandia Brazil UTC-3
DR site
Data Center
Sterling Forest, NY USA 08:00 14:00 Brussels Belgium UTC+2 Bangalore India UTC+5:30 06:00 Heredia Costa Rica UTC-6 09:00 Wroclaw Poland UTC+2 17:30A.M.
P.M.
21:00 Tokyo Japan UTC+9 Brisbane Australia UTC+10 22:00 15:00 Atlanta USA UTC-4Wroclaw
Tokyo
Hortolandia
Atlanta
Boulder
24/7 Operations
Record your game. Follow processes. Sweat the details.
Every SOC “task” is a ticket.
This ranges from a firewall change to a
simple question.
Every single action is documented in
the ticket’s audit log.
Audit log is read-only, only adding is
allowed.
All tickets, including full audit log is
available to the customer through the
portal.
Makes real time follow-up by customer
possible.
13 © 2015 IBM Corporation
13
Motivation, concentration, stress management
Upskilling and training
Internal promotions / cascades
Hall of Fame
Internal Employee Satisfaction Survey
Constant market study
Social Fund packages
© 2015 IBM Corporation
Damian Staroscic
Security Operations Center (SOC) Manager
IBM Security
+48-727-036-464
November 27, 2015
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any
kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or
capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside
your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
