SOC CSIRT skills

SOC CSIRT skills are the skills required in Security Operation Centres (SOC) and Computer Security Incident Response Teams (CSIRT). By providing an overview of skills, organisations can set priorities for expanding their workforce. Our research indicates that there is no clear framework for SOC CSIRT skills. The Netherlands Organisation for Applied Scientific Research (TNO) has incorporated the insights from existing frameworks into the Dutch Cyber Cube Method. Organisations can use this model to provide an overview of the skills for their SOC CSIRT.

How do SOC CSIRT skills work?

TNO developed the Dutch Cyber Cube Method for the Dutch Ministry of Defence. The method facilitates the combination of frameworks in a step-by-step approach, while at the same time safeguarding the link between the work that must be performed and the skills required to do so. TNO has produced a visual representation and summary of the Dutch Cyber Cube Method.

Enlarge image
Image: ©NCSC

A more detailed explanation and an example of the Dutch Cyber Cube Method can be found on TNO website. You can read more in the research  publication .

What is the impact of the SOS CSIRT skills?

The 2018 (ISC)2 Cybersecurity Workforce Study identified a shortage of almost 3 million cyber security professionals worldwide. To this end, SOCs and CSIRTs are investigating ways to improve strategies for the development and acquisition of their personnel. Team leaders and managers of individual SOCs and CSIRTs can provide an overview of the specific SOC CSIRT skills for their organisation using the Dutch Cyber Cube Method.

What does this mean for my organisation?

Team leaders and managers of individual SOCs and CSIRTs can provide an overview of the specific SOC CSIRT skills for their organisation using the Dutch Cyber Cube Method. This method is the result of analysing the services that an organisation offers and needs step by step.

Three frameworks are combined when applying the Dutch Cyber Cube Method to SOC/CSIRT-personnel: the European Network and Information Security Agency (ENISA) list of services and the National Initiative of Standards and Technology (NIST) framework.

What does the NCSC do?

NCSC has commissioned TNO to conduct research into SOC CSIRT skills. This research aims to study existing frameworks in relation to the skills of SOC and CSIRT personnel as well as to investigate ways that they can be used in practice.

More information?

The NCSC conducts its own research as well as research with national and international partners. More information? Please contact us at research@ncsc.nl.