Inside the Evolving World of SoC Operations: Insights from Feras Tappuni
In this episode of ThreatCast by Threatscape, host Colin Reid sits down with Feras Tappuni, CEO of SecurityHQ, to explore the rapidly changing landscape of cyber security operations centres (SOCs). Drawing on more than 20 years of experience, Feras shares valuable insights into the benefits of maintaining a high-performing SoC, how to communicate its value at the executive level, and why AI and automation are reshaping both attack strategies and defence mechanisms.
The Rise and Reinvention of the SoC
Feras begins by reflecting on the early days of SoC operations, when threats were simpler, and antivirus software provided adequate protection. “Back then, nobody thought they needed more than antivirus and firewalls,” he recalls. Yet, as cyber criminals recognised the vast profits at stake and the minimal risk of prosecution, the threat landscape evolved dramatically.
SecurityHQ’s journey mirrored this evolution. Starting with just one employee and modest capabilities, the firm has grown into a global operation with over 500 employees. “Complexity allowed us to reinvest and scale,” Feras noted. Their ability to adapt to ever-changing threats became the cornerstone of their success.
AI and Automation - Tools, Not Saviours
A key focus of the discussion was the role of AI and automation in modern SoC operations. While some in the industry foresee fully automated SoCs, Feras firmly disagrees. “That’s for the birds. You still need people to hold the screwdriver, even if the screwdriver is electric,” he quipped.
At SecurityHQ, AI is harnessed to improve efficiency—automating low-level tasks and enhancing ticket quality—but human expertise remains essential. Interestingly, adversaries are also adopting AI to streamline their attacks, leading to an ongoing arms race between attackers and defenders.
Adapting to the Cloud Era
The conversation then shifted to the challenges and opportunities presented by cloud computing. The flexibility and scalability of cloud environments have empowered businesses but have also expanded the attack surface significantly.
Feras emphasised the importance of having cloud-native security solutions and teams “born in the cloud.” SecurityHQ’s approach has been to invest in specialised talent and retool their operations to remain agile in this new environment.
Demonstrating ROI and Managing Risk
When asked how to convey the value of a SoC to executive leadership, Feras advised focusing on risk and capability. He encouraged clients to assess their ability to detect and respond to threats honestly, noting that measurable improvement is key. “It’s not an insurance policy. It’s just good business,” he stressed.
He also highlighted the importance of continuous improvement. “If you’re not seeing better results after hiring an MDR provider, including us, you need to switch providers,” he asserted.
Looking Ahead - The Armageddon Moment
In closing, Feras warned of potential future threats that could redefine the cyber security landscape, particularly the use of quantum computing to break encryption (known as Q-Day). He also acknowledged the growing sophistication of attackers leveraging AI at scale.
However, he remained confident. “They are getting more sophisticated, but so are we,” he said.
Final Thoughts
The episode highlighted the critical role SoC operations play in today’s cyber security strategies. As threats become more complex and persistent, organisations must invest not just in technology but in skilled professionals and adaptive processes.
Security is not a one-time investment but an ongoing commitment to vigilance and resilience.
