The Biggest Takeaways From SOC Analyst Appreciation Day 2023

SOC Analyst Appreciation (SAAD) Day 2023 has come and gone. With great speakers and great sessions, it was a can’t-miss event for SOC analysts and anyone else looking to better appreciate their SOCs and see what’s on the horizon for cybersecurity.

But hey, we realize that despite your best efforts, some SOC teams and leaders couldn’t make it the day of. It’s not surprising—while companies increasingly understand the impact of SOCs and recognize the need to appreciate their analysts, cybercriminals aren’t quite as considerate. For those who couldn’t make it, we’ve reviewed the tapes and scoured the footage for five key takeaways.

1. The SOC Is Key to Cultivating Culture

What do SOC analysts do all day? Our panelists explored this question in A Day in the Life in the SOC and arrived at some surprising conclusions. While it’s true that analysts are busy monitoring operations and addressing security issues as they emerge, a large part of their job comes down to culture.

As noted by Jay Jay Davey, Global Security Operations Centre Lead at Marks and Spencer, “Technology is there to be a solution to a problem, but most of the problems are being caused by poor processes or people lacking the skills to adopt that technology.” SOC analysts don’t simply deploy tools and watch for problems—they also play an essential role in helping organizations implement security tech effectively.

According to Jules Okafor, BISO, CEO, and founder of RevolutionCyber, “Your ability to build a positive security culture is directly related to the overall culture of the organization. You are succeeding as a program when your culture begins to influence the broader organizational culture.” This speaks to the growing ability of SOCs to not just keep companies safe, but to transform security culture for the better.

2. AI Has Potential, But Proceed With Caution

Artificial intelligence (AI) is making SOC inroads. But what does the adoption of “smart” tools really mean for security centers? In the AI and Automation’s Role in the SOC panel, Luc Comtois, Senior Analyst and CSOC at Air Canada, touched on the idea of AI solutions that came with the promise of data privacy. While he recognizes the potential of these products, he also highlights the need to double-check answers from AI. “The tools can spit out answers, and give you reasons why they came up with these answers,” he said. “But when you start digging, you realize while it looks like it makes sense, the data is bad.”

The takeaway? AI in the SOC comes with big potential but requires consistent oversight.

3. CISOs Must Foster Connection

CISOs are increasingly on the hook to not only manage SOCs but also ensure they don’t stagnate. Along with expected responsibilities such as managing security budgets and prioritizing new projects, these C-suite members also play a key role in creating a more connected workplace. As part of SAAD 2023’s CISOs Take the Hot Seat panel, Micheal Meis, Associate CISO at the University of Kansas Health System, says “I spend more of my time learning nonsecurity skills than I ever anticipated when I set out on this track, especially around people leadership and people management.” He goes on to highlight that no CISO is successful without a great team behind them, and building better teams requires a leader that fosters connection.

4. Action Leads to Cybersecurity Career Growth

SAAD also explored new career paths for cyber professionals at the There is a Seat for Everyone in Cyber panel. From junior- and senior-level SOC analysts to team leaders and CISOs, the need for end-to-end security has created both skills gaps and career opportunities. As noted by Bennett Hendrix III, Cyber Security Analyst III at Principal Financial Group, it takes more than desire and more than qualifications to have a successful security career. “Just because you obtain whatever degree or qualification that qualifies you for a job, you must apply action,” he said.

In other words, opportunities abound—but action is required to grow in a security career.

5. The Secret to Moving From Public Sector to Private Sector

As the cybersecurity landscape evolves, many professionals are making the move from the public to private sector. During the Transitioning from Public to Private Sector Cyber session, panelists discussed how this can be a challenging transition as security staff navigate policy and process differences. For Darryl Taylor of Binary Defense, one of the key components of succeeding in the private sector is appreciating the expertise of those around you, regardless of their position in the organization.

“I had a CW4 ask me one of the most important questions of my career. He said ‘If you come here, and a Private tells you that you need to do something this way, what is your response, and are you going to listen?'” Taylor says that he thought for a second and then said he would follow the instructions given, noting that if a Colonel told him to fire a weapon a specific way—but had no knowledge of that weapon—he would instead listen to someone with experience. It’s important to carry this mindset in times of career transitions.

See You Next Year!

While we’re sad it’s over, SAAD 2023 was a smashing success. Our expert panels exceeded our expectations with top-tier takeaways that can help SOC analysts, managers and C-suite leaders improve security center operations and stay ahead of cyberthreats.

If you couldn’t make it to SAAD, we missed you, but you can still view the recorded sessions here.