Get to Know Security Operations

Learning Objectives

After completing this unit, you’ll be able to:

  • Define security operations.
  • Explain the importance of security operations.

What Is Security Operations?

When you consider the term operations, you may think about the day-to-day tasks necessary to run an organization. Security operations is no different. It involves putting in place the policies, standards, and procedures to secure the organization’s normal business functions. Security operations engineers consider three elements of security: confidentiality, integrity, and availability (also known as CIA). 

In the context of securing an organization, confidentiality means preventing an adversary from inappropriately accessing proprietary data, such as a document containing intellectual property. Integrity means preventing an attacker from accessing and tampering with data; for example, preventing someone from altering a video recording of a webinar. Availability means ensuring users have access to the data they need; for example, preventing adversaries from disrupting customer access to a website used to place orders.

Knowing this information, you as a security operations engineer have a key role to play in ensuring the CIA of the systems and data in your organization are protected.  

What is a Security Operations Center?

In coordinating security operations and maintaining visibility into the security of the organization’s systems and data, security operations engineers typically work as part of a team in a security operations center (SOC). A SOC is a centralized function within an organization employing people, processes, and technology to continuously monitor and improve an organization's security posture. Together this team prevents, detects, analyzes, and responds to security incidents.

SOCs take many forms depending on the size and maturity of the organization. At larger organizations, security operations engineers typically work in a SOC that is staffed around-the-clock and may be made up of analysts, threat intelligence experts, and incident responders. Smaller organizations may have a SOC that just focuses on incident detection, or may outsource the SOC function to a managed services company that provides these functions as a virtual service. 

All types of organizations employ security operations engineers, from technology companies to organizations in the healthcare, hospitality, financial, transportation and services industries to large and small departments and agencies in the government. Any organization that has a digital footprint is also a target for malicious actors, and therefore it needs to protect itself against threats through a robust security operations capability.  



Nomenclature for different positions within a SOC varies by organization. In this module we use the term security operations engineer to talk about employee functions in a SOC in general. Specific organizations may name this function as a Tier 1 analyst. At large organizations, SOC functions are often divided into tiers, with Tier 1 employees performing initial identification and detection of threats, and Tier 2 employees following up on confirmed alerts to further analyze the risk.

The Importance of Security Operations

Cybercrime increases exponentially each year. As your organization acquires new technology assets and becomes ever more connected, the threats to your customers’ and your business’s data expand as well. Criminals seek to compromise the CIA of an organization’s data from a combination of malware, phishing, web-based attacks, social engineering, and malicious insider attacks. 

For example, a malicious actor sends a spoofed email to one of your organization’s employees that appears to be from another employee at the company with a similar domain name in the email address—a common technique used in phishing emails. The email contains a link to schedule a meeting using a scheduling website. However, the link is in fact malicious, and when the employee clicks, it downloads malware to their computer, which allows the cyber criminal to inappropriately take control of the system and access sensitive company data.  

SOCs don’t just respond to actions taken by cyber attackers, they also support CIA when honest mistakes are made. The confidentiality of data and information is degraded when an employee accidentally sends the incorrect invoice to a customer, for example. In this example the SOC might respond to ensure that the unintended recipient deletes all copies of the incorrect invoice and in no way retains them. They may also notify the company whose data was incorrectly sent to the unintended recipient that this mistake occurred.   

Because malicious actors target organizations of all sizes, deploying an extensive security monitoring infrastructure, either in-house or through a managed service provider, is crucial. Additionally, no matter how hard-working your security team is, there will be a backlog of security incidents. Organizations today face both a high volume and velocity of attacks and a lack of skilled security talent in the market. In fact, a 2019 survey by SANS of SOC organizations found that the most frequent barrier to excellence was lack of skilled staff. While this may sound daunting, it’s really a great opportunity for anyone with an interest in building their security operations skills. These jobs are fast-paced and in high-demand. That means job security and good pay for you, a real win-win!

As a security operations engineer, your job is critical to the success of the organization. You are the first to detect a possible intrusion, as well as the last line of defense when other security protections fail to stop adversaries from penetrating the network. You lead the organization’s security force in puncturing adversaries’ lines of defense to stop threats in their tracks. In the event that the organization’s security controls fail, it’s your job as the last line of defense to detect unusual and anomalous activity and quickly respond.

A security operations engineer wearing a cape, holding a shield, stands in front of servers protecting them.

Knowledge Check

Ready to review what you’ve learned? The knowledge check below isn’t scored—it’s just an easy way to quiz yourself. To get started, drag the description in the left column next to the matching category on the right. When you finish matching all the items, click Submit to check your work. To start over, click Restart.

Great work! Now you understand a bit more about what security operations is and why it’s important. In the next unit, you learn more about your responsibilities as a security operations engineer in enabling organizations to detect and respond to evolving threats, and discover skills that help you succeed in the role. 


Keep learning for
Sign up for an account to continue.
What’s in it for you?
  • Get personalized recommendations for your career goals
  • Practice your skills with hands-on challenges and quizzes
  • Track and share your progress with employers
  • Connect to mentorship and career opportunities