Timeline

Fixed price program to deliver a comprehensive project plan with key deliverables and timeline for developing a SOC. Client responsible for implementation without additional consulting support.

Buy the Gantt Chart
Jan 1
Establish Project
Exert effort to assure the right people are involved for your SOC.
Jan 5
SOC Requirements and Organizational Support
Identify the business relevance for security operations.
Jan 10
Protected Assets Defined
Identify the assets to protect.
Jan 18
Systems Operational Requirements Defined
After determining what systems exist, identify business continuity and operational requirements.
Jan 25
Success Factors
Organizational definition of success for the SOC.
Feb 1
Metrics / Service Level Objectives
Metrics and service level objectives.
Feb 20
Standardized Rubric for Quantifying Impact
Method is in place to quantitatively assess the impact of an incident for reporting from the SOC.
Jan 18
Constituents defined
Catalogue of who does (and perhaps doesn't) get service from the SOC.
Feb 28
Relative position of this SOC
Multi-SOC architecture considered both within the organization and external to the organization. Liasons with ISACs, Law Enforcement, etc.
Jan 18
Leadership Endorsement of Design objectives
With the aggregated research, seek formal approval to build SOC.
Mar 10
Start Building SOC
Jan 18
Staffing
Identify staff size and model, with appropriate outsourcing.
Jan 18
Organizational capabilities to absorb or interface
The SOC will surely be created after some security capability already exists. It might absorb existing function or staff, or operate in parallel.
Jan 5
Structure
Define what will be performed and how outsourcing will address the remaining operational needs. Identify SOC staff arrangement (specialists / generalists) and tiering. Account for 24x7 needs.
Jan 1
Processes
Define and document processes at appropriate level of specificity. This might be playbooks, standard operating procedures, etc.
Jan 5
Select and procure technology
Identify what technology is in place, and what is the best match for technology needs within the SOC.
Jan 1
Begin SOC Operations
With the staff hired, outsourced contracts created, processes defined, and technology purchased and installed, you can begin to operate.
Jan 5
Process Enhancement Methodology
The build phase will have created initial processes, but this must be iteratively improved.
Jan 1
Analytical Methodology
Develop and enhance analytical methodology for analysts within the SOC. Cultivate a practice of objectivity, and consistent application of agreeed upon methodology.
Jan 5
Interface to Incident Handling
Incident Handling may be a function of the SOC. Or, it might be an external outsourced capability. It could be a phase shift with the existing staff of the SOC. It might also be a different team within the organization. Rehearse the handoff to incident handling.
Jan 1
Define Operating Plan with strategies and objectives
The SOC operating plan will express how the SOC performs work.
Jan 5
Create a catalogue (knowledge base)
This catalogue is of incident response investigative and response actions, when they're advised, and how they are performed well.
Jan 1
Enumerate possible investigative tasks
There are a certain actions where data can be collected. Develop a defined set of investigation actions, technical implementations (perhaps multiple) and when to utilize.
Jan 5
Validation and Verification actions
Act through all deconfliction actions and verification of reported issue to establish issue existence and severity (impact per previously defined impact quantification method).
Jan 1
Define and execute all remediation actions
Execute actions for any type of containment or remediation (including resumption of normal operations).
Jan 5
Procedures, Playbooks, Specificity
Execute all procedures, or plays in the playbook with the appropriate degree of latitude (specificity) for practitioners to perform.
Jan 1
Execute all monitoring for detection
Perform actions to identify and investigate candidate issues.
Jan 5
Threat Intelligence
Ingest threat intelligence, correlate, and provide insight to investigations and response.
Jan 1
Incident Response
Perform incident response (IR) on an ongoing basis.
Jan 5
Forensics
Perform all forensic investigation work.
Jan 1
Self-Assessment
Monitor state of threats globally, and evaluate the organization's asset catalogue in light of known threats.
Jan 5
Exercises
Develop and execute exercises.
Jan 1
Hiring Staff
Develop ongoing operational methodology for selection of optimal candidates for hiring into SOC.
Jan 5
Mentor and Train Staff
Build a learning practice with existing staff, regardless of current skill level. Include opportunities for internal and external training and presentation.
Jan 1
Tempo Shift
Execute "Patch Now" or "Stand-down" tempo shift actions.
Jan 5
Ongoing maturity assessment using SOC-CMM
Annually (at least) perform a SOC-CMM self-assessment and determine change. Recalibrate growth objectives and possibly operational objectives.
Jan 1
Threat Hunting Practice
Perform threat hunting on ongoing basis.
Jan 5
APT Response Capability
Develop a response function with is capable of prolonged engangement with advanced adversaries when they are encountered. This is an advanced practice which will likely not be developed initially.
Jan 1
Ongoing Operations
Above operational actions performed on an ongoing basis.
Jan 5
Buy The Full Gantt Chart
More details in the full chart.

Purchase Details

License Terms. Please Download and review

License is either single entity or multiple entities. For single entity, you may use the chart for one organization's SOC build. For MSSPs or consulting firms, a minimum payment must be made per organization for each use.

Pricing is sliding scale. Minimum of $35, maximum of $5,000. It is difficult to specify the appropriate price because organizations vary substantially in how they will use this. I prefer to have the information available to organizations who need it. You can pay the minimum ($35) and if it provided substantial value, pay more later..

Note, purchase of the chart does not entitle the purchaser to consulting regarding use of the chart.

Note, no physical chart will be sent. An e-mail with the Gantt chart in Microsoft Project (mpp) file format will be sent. I send an email manually once I see the paypal notification, usually within 24 hours.

Buy the Gantt Chart