How to succeed as a SOC Manager


Becoming a Security Operations Center (SOC) manager is a significant career step, and our goal is to teach you what you need/should know to excel in this position and lead your team. Our content and classes are conducted by people who have done the job, felt the pressure, and had to stand in front of executives and deliver the facts. We will tell you what we wish we had known before we got the job and show you the skills required to transition from an individual contributor to a SOC manager, your team, and executive trust.

“Don't try to manage people;
you manage things; you lead people.”  
-Admiral Grace Hopper

Throughout the program, participants will have access to our team of SOC leaders, CISO network of cybersecurity leaders, and an array of resources to support their continued growth. The in-person event and project work will enable participants to translate learning into action and make an immediate impact in their organizations.

This program will give participants the confidence and capabilities to lead effective cybersecurity programs and manage risk in an increasingly complex landscape. Armed with operational best practices, measurement techniques, and leadership skills, they will drive results and enable their organizations to navigate the digital future securely.

SOC managers and leaders must bring order to their organizations from the chaos of threat actors, users' behaviors, and business governance demands. Our SOC Leadership Program will provide the perspectives, tools, and development skills required to be chair in one of the world's most demanding and rewarding jobs.


One unspoken truth of career advancement is the need to shift one’s focus to leading people rather than tasks. Your ability to excel at tasks will not make you a good leader; getting others to excel at tasks makes you great.

Everyone has someone who gave us opportunities and taught us to be better, and they led us to be better than we thought we could be in the past. It is your turn to lead, teach, and organize a multi-disciplinary team to enable security, create processes, and create cyber resilience.

Our SOC Leader program will prepare you to succeed and see the business world from a new angle with new thinking for long-term success.


This intensive 4-day course will equip new and aspiring SOC managers with the technical, leadership, and chaos management skills to lead security operations teams effectively. The course combines engaging lectures with immersive simulations to provide a hands-on learning experience.

Program Objectives:

By the end of this program, participants will be able to:

  • Understand and coordinate the various technical roles and responsibilities within a SOC
  • Effectively communicate and manage personnel up and down the organizational hierarchy
  • Bring order to chaos during security incidents by providing vision, priorities, and directional clarity.
  • Validate and improve SOPs and incident response plans
  • Lead teams through incidents, vulnerability disclosures, threat intel, and other sources of chaos
  • Make sound decisions with limited information under time pressure

Required Course Materials:

  • Course handbook (provided)
  • Laptop with internet access
  • Case studies (distributed in class)


Day 1
Day 1

SOC Fundamentals and Overwhelming Chaos

  • Course Introduction
  • Technical aspects of a SOC (response, passive defense, active defense)
  • Roles and responsibilities for security analysts, engineers, threat hunters, etc.
  • Key processes:
  • Monitoring, detection, response, hunting, vulnerability management
  • Chaos simulation:
  • Overwhelming incident with injects
  • Participants face an incident with injects from news, social media, execs, etc.
  • Debrief and reflection
Day 3
Day 3

Refining Incident Response

  • Validating and improving SOPs and IR plans
  • Identify gaps and implement lessons learned
  • Incident response in-depth process
  • The entire incident response lifecycle, from identification to lessons learned
  • Simulated Incidents at Increasing Speed
  • Re-run of the day one scenario with refined processes
  • Focus on smooth execution and team coordination
Day 2
Day 2

Bringing Order to Chaos

  • Vision, priorities, and clarity during incidents
  • Prioritization, communication, and decision-making under pressure
  • Handling different types of chaos
  • Incidents, threat intel, vulnerabilities, non-technical issues (PR, legal, execs)
  • Guided scenario walkthroughs
  • Slowly work through incidents from day one with instructor guidance
  • Focus on decision points and effective processes
Day 4
Day 4

Chaos Mastery and Course Conclusion

  • Personnel Management During Incidents
  • Leading and motivating teams through extended engagements
  • Interfacing with external stakeholders (executives, legal, PR, etc.)
  • Full-Scale Chaos Simulation
  • Complex, interwoven incidents with participants rotating through SOC roles
  • Hotwash, Retrospective, and Improvement Planning
  • Participant-led debriefs and lessons learned
  • Course Conclusion and Key Takeaways


Sign up for the Arbitr ThreatOps feed with your business email.