Probably it could also be useful for a generic startup of a market oriented technical structure.
Please feel free to send me suggestions to integrate it.
Start up project of a Security Operations Center for a Managed Security Service Provider
Phase 1 - Predesign
- Certifications useful for the design
In general, you should never forget that "following a well known best practice" it's the best answer to the question "why are you doing it in this way?".
- Security services market analysis
- Interview people involved into the market
- Build up the design team
- Visit other Security Operations Centers
- Study competitors
Phase 2 - Design
- Decide the services to implement
- Design services
- Technologies choice
A good methodology to choose could be: market analysis, create a short list of vendor, PoC (Proof of Concept), evaluation, choice.
- Define KPI/KPO
- Sharing people between services
- Plan a marketing strategy
Phase 3 - Implementation
- Write down processes and procedures
- Acquire the know-how
- Implement the technologies
- Create a security culture in sales people
- Implement a lab environment
- Start the marketing strategy
- Apply KPI/KPO
Phase 4 - Improvement
- Evaluate useful SOC certifications
- Evaluate useful SOC team certifications
A short list of useful certifications as an example: GIAC, CISM, Security+, vendor specific, CCNA, CISSP, ITIL, etc.
- Keep you and the your team updated about security news
- Let the market be aware of you
- Let the management be aware of you
- Scouting of new security services required by the market
- Periodical upgrade of technologies
- KPI/KPO monitoring