From Lab to Operations Once components and workflows are in place, the next step is moving from a SOC-as-a-Lab  setup to a fully operational 24/7 centre . At this point, technology alone isn’t the challenge — it’s capacity, processes, and performance management . The Operational Pillars of a Modern SOC People and Skills Sustainable SOCs depend on defined roles, shift rotations, and continuous training. In smaller teams, automation and clear playbooks  compensate for limited staff. Processes...

Why Open-Source? For most organisations in Bosnia and Herzegovina – especially in academia, civil society, and the SME sector – the biggest obstacles to establishing a SOC are not threats, but cost and staffing . Commercial SIEM and SOAR platforms can cost tens of thousands of euros per year, which is simply unrealistic for local budgets. The solution? An open-source SOC , built gradually, focusing on interoperability and community. Core idea:  Instead of one central, monolithic product, an...

What a SOC really is – more than just technology A Security Operations Centre (SOC) is not merely a room full of screens — it’s a function that unites technology, processes, and people  to detect and neutralise threats before they cause damage. A well-designed SOC provides centralised visibility , correlates logs from multiple sources, and enables fast and coordinated response. It usually consists of three functional layers: Data collection and correlation  – gathering logs from servers,...