Modern-day SOC Evolution from Open Source to Unlimited Budget
Grifter, pope
ShmooCon XX (Final) · Day 2 · Build It
In this insightful ShmooCon talk, "Modern-day SOC Evolution from Open Source to Unlimited Budget," Grifter (Neil Wier) and Pope offer a comprehensive look at the essential components of a robust modern Security Operations Center (SOC). Drawing from over two decades of experience leading the Black Hat Network Operations Center (NOC) – a unique, high-stakes environment where the network itself is often a target and a testing ground – the speakers detail the journey from rudimentary, off-the-shelf solutions to a multi-million dollar, enterprise-grade security infrastructure. Their discussion serves as a practical guide for organizations grappling with the perennial question: "What security tools do we actually need, and how do we acquire them given varying budget constraints?"
AI review
This session by Grifter and Pope delivers a no-nonsense, highly practical guide to building and evolving a modern SOC, drawn directly from their extensive experience running the Black Hat NOC and their careers as threat hunters. They methodically break down essential SOC components, offering clear, battle-tested recommendations for both unlimited budget commercial solutions and robust open-source alternatives. Illustrated with raw, real-world anecdotes of compromises and operational challenges, the talk cuts through vendor hype to provide actionable intelligence for security professionals at…