Focal Point has worked with a number of security operations teams, helping them advance their capabilities, execute on their strategies, and strengthen their skills. More often than not, we’re brought in because stakeholders don’t feel like their security operations are meeting the needs of the organization. When we dive into it, we often find that this “failure” is driven by a misalignment between what security operations does and the expectations of the leadership team. Left to fester, many security operations teams find them on the short end of the long-term leadership support they need.
There are a few ways that this breakdown occurs, but one of the simplest to fix and most commonly overlooked is the name.
There are lots of different names from Security Operations Center (SOC) to Cyber Defense Center to Fusion Center. Some win points for their cool factor but may send the wrong message to executives and business leaders. The reality is that the name indicates the job of your team to the rest of the business. Choosing the wrong name can misalign the mission of the SOC and business expectations. Everything from investment to workforce development may depend on it.
In this post, we’ll break down the most common SOC names and what they convey (intentionally or otherwise) to the business. We’ll also share tips for choosing a name that best suits what you do.
The Top 5 Names and What They Say
1. The Security Operations Center (SOC)
Cool Factor: ★ | Popularity: ★★★★ | Business-Friendly: ★★★
We’re starting with the classic here: we’ve had security operations centers for decades. Many organizations go with this name-by-default approach, using the traditional “SOC” name because it is familiar and avoids confusion. While leaders may choose this name for its simplicity, they are selecting a name that evokes a very specific image for many business leaders. When they hear “SOC,” leaders may picture a large room, lined with video-walls, displaying lots of visuals with analysts in NASA-command-center seating, quietly pouring over data on their own multi-monitor setups.
While the simplicity of the name is its greatest asset, it can also be a curse. When they hear “SOC”, leaders may only think of technology operations and may not see the real value you intended to provide. When leaders cannot see your value, it has the potential of turning your most critical security team into a generic and somewhat ambiguous cost center.
2. The Cyber Defense Center (CDC)
Cool Factor: ★★★ | Popularity: ★★★ | Business-Friendly: ★★★
While SOC may be too much about the technology, “Cyber Defense Center” (CDC) may be promising more than you can deliver. Security operations leaders sometimes choose this name for its cool factor, unwittingly sending a very specific message to their stakeholders: this SOC can defend against cyber threats.
Security operations teams that choose this name must have defense capabilities, tools, and strategies, and they have to be good at it. They can’t just detect threats – they must also be able to successfully fight against them, something many are not equipped to do. This leaves many CISOs and their SOC leaders in the unenviable position of having to explain to leadership why their investment in the CDC didn’t prevent the incident their teams so skillfully detected.
This is, however, often the best name for those teams who do have a very strong defensive mission and the capability to carry it out.
3. The Cyber Intelligence Center (CIC)
Cool Factor: ★★★★ | Popularity: ★ | Business-Friendly: ★★★★
For some security operations teams, this name is often the most accurate when it comes to what they deliver: they produce intelligence. The name sets the expectation that this team will provide clear, insightful data on cyber threats that can be used and relied on for decision making.
Security operations in the CIC mold are more focused on providing value to decision making and less focused on taking action. This team should be able to take incomplete or even contradictory data and use it to confidently provide an input to stakeholder decisions: from “is this a threat” to “who are the adversaries targeting us” to “what are the trends we are seeing over the next year." They know how to collect, analyze, and produce intelligent answers but are also able to communicate them effectively.
This is easier said than done, but the teams who master this are invaluable to their organizations, and it can be easier for leadership to see that value when they consume it every day.
4. The Cyber Fusion Center
Cool Factor: ★★★★★ | Popularity: ★★ | Business-Friendly: ★★★
When it comes to names, “Fusion Center” definitely has the cool factor, making it a popular option (particularly in government contexts), but it can really raise expectations.
In a commercial cybersecurity context, “Fusion Center” often implies that the team is able to bridge the gaps that lie between incident response, IT, and business teams to identify and address cyber threats. It indicates that these teams are in constant collaboration, making decisions together that apply across the enterprise. While many teams would like to achieve this level of teamwork, it is only as strong as the level of collaboration you can maintain over time. It may start well, but the “Fusion Center” label can be a recipe for long-term disappointment. With the right leadership support and the right mix of people within it, a “Fusion Center” can be a catalyst for increased collaboration, communication, and cooperation throughout the business – clearly positioning the team as a hub of information that can both protect and enable the organization.
5. Cybersecurity Center
Cool Factor: ★ | Popularity: ★★★ | Business-Friendly: ★★
“Cybersecurity Center” is the easily the blandest, least cool name on this list, but it is sometimes also the safest. It fails to convey any goals or what leaders should expect from the team. Do they monitor? Do they defend? Do they operate the technology? Do they provide intelligence? No idea.
In some organizations, that can be a big problem. It can be easily confused with other cyber-related teams in the organization. It’s so bland that it can lead leaders to question its necessity and value. Cue the budget cuts…
For other organizations, however, it can be the perfect fit. The name conveys few strong impressions, allowing the team to be fully flexible to what their stakeholders may need or what the team may be able to deliver. It raises the requirement for constant leadership interaction to be successful, but it does work for many.
How to Choose the Right Name for You
There is a right name for you, but it should not be chosen in a vacuum. Instead, it should involve collaboration with leaders across the business. While involvement may vary by organization, input from IT, strategic operations, internal audit, privacy, and executive leadership can help you identify the needs of the business, your organizational risk landscape, and the role your team can play. Having a better idea of what you can do and what the organization needs will lead you to the name that best fits.
To learn more about strengthening your SOC, check out our conversation with Gary below.
Want more SOC insights in your inbox?
Subscribe to Focal Point's Risk Rundown below - a once-a-month newsletter with templates, webinars, interesting white papers, and news you may have missed. Thousands of your colleagues and competitors have signed up! You can unsubscribe at any time.