Security Operations Monitoring
Description
Master the Art and Science of Security Operations
In today's threat landscape, prevention is no longer enough. Security Operations Monitoring offers a grounded, experience-driven guide to building and running effective Security Operations Centers (SOCs) and leveraging Security Information and Event Management (SIEM) systems-not through vendor playbooks or abstract theory, but through the real-world processes and decisions that define operational success.
This book takes you inside the SOC, starting with its evolution and structure, then diving into the workflows that drive daily operations. You'll explore how cases are validated, scoped, and escalated, and how to reason through uncertainty when alerts are ambiguous or incomplete. With clarity and precision, the book reveals how SOCs function not as detection engines, but as the investigative core of an organization's security posture.
From Tier 1 triage to Tier 4 continuous improvement, you'll gain a structured methodology for transforming raw data into actionable insight. Detailed chapters on SIEM architecture and the security data lifecycle-collection, enrichment, analysis, routing, and retrieval-equip you with the tools to build resilient, intelligence-driven operations.
Whether you're a SOC manager, analyst, architect, or IT leader seeking to understand the mechanics behind modern security monitoring, this book delivers both strategic perspective and tactical depth. With practical exercises and a focus on disciplined processes, it's your essential guide to making security operations work-efficiently, effectively, and at scale.
What You Will learn:
A structured methodology for moving from events to validated, actionable issues.
The role of each SOC tier, from Tier 1 validation through Tier 3 response and Tier 4 continuous improvement.
How to manage the security data lifecycle: collection, enrichment, analysis, routing, and retrieval.
Practical application of SOC workflows through structured workbook exercises,
How SIEMs have evolved and why modern SOCs require more than log collection.
Who This Book is for:
Primary audience: SOC Managers, SOC Architect, SOC analysts, and operations leads.
Secondary audience: CIO, CISOs, and IT professionals seeking to understand SOC processes.
More details
Person
Christopher Jordan is a cybersecurity leader with more than 25 years of experience building and directing security operations. In the 90s, he was initial member of the US Army Computer Emergency Response Team and went on to lead the development of multiple CERT programs across the Department of Defense, FAA, and other federal organizations.
He founded Endeavor Systems, which conducted government research on applying artificial intelligence to intrusion detection and transitioned that research into commercial products. Acquired by McAfee in 2009, Mr. Jordan became Vice President for Network Threat Intelligence. After McAfee, he co-founded Fluency Security, where he continues to serve as CEO. Fluency pioneered a real-time SIEM model that emphasizes stateful analysis, scalability, and operational clarity.
Content
Chapter 1. The Origin of Security Information and Event Management: A Story of Security, Scaling, and System Overload.- Chapter 2. The Security Operations Center.- Chapter 3. The SOC Workbook.- Chapter 4. Validation in the Knowledge Cave.- Chapter 5. The Promise and Reality of Prevention.- Chapter 6. The Role of a Security Information and Event Management System.- Chapter 7. Understanding Audit Records and the Evolution of Security Data.- Chapter 8. Data Analysis in Security Information and Event Management : From Categorization to Actionable Intelligence.- Chapter 9. Effective Risk Management: From Opportunity to Threat-Based Defense.- Chapter 10. Metrics.- Chapter 11. Network Traffic Analysis.- Chapter 12. Future Architecture of Security Information and Event Management Systems.- Chapter 13. Artificial Intelligence.- Chapter 14 Final Thoughts.