SOC metrics like alerts triaged and threats detected only tell part of the story, especially in financial services where performance is measured in risk, exposure, and business impact. This article explores how to reframe key metrics such as MTTR, containment time, and risk reduction to better align with financial outcomes,...
Meet Jess (Jessica Ryder), Security Blue Team’s HR Manager, leading the HR function across recruitment, onboarding, and employee relations. She...
Often, salary is blamed for SOC churn, but in reality it often is not the primary reason SOC analysts leave....
Locked Shields is as close as it gets to a real-world cyber war without it actually happening. This post breaks down what it’s like to support NATO’s largest live-fire exercise, the scenarios we built, and what training at that scale really looks like when pressure, complexity, and realism all come...
Burnout in SOCs is rarely about individual resilience and more often about how work is designed and sustained. This article explores how alert noise, context switching, and constant vigilance quietly erode performance over time, and what resilient SOCs do differently to protect judgement, focus, and long-term capability.
Starting your first SOC role can feel overwhelming, even with prior training and labs behind you. This blog breaks down the realities of day-to-day SOC work, from alerts that arrive with little context to investigations that rarely end with clean answers. It highlights why judgement, documentation, and communication matter as...
Many of the challenges that slow investigations and increase escalations in SOCs are not caused by missing tools or technical skills. They stem from uneven judgement under uncertainty. This article explores why judgement is harder to build than knowledge, how it affects escalation and closure, and what SOC managers can...
Ransomware training helps cybersecurity professionals move beyond technical response to become trusted contributors during high-pressure incidents. By understanding attacker behavior, business impact, negotiation dynamics, and the full incident lifecycle, practitioners gain credibility across technical, legal, and executive teams. This practical, real-world knowledge builds confidence, expands career options across multiple security...
Say hello to Alaina and Dora, the brilliant creative duo behind Security Blue Team’s distinctive look and feel. As our design team, they craft everything from course interfaces to BTLO illustrations, blending deep cybersecurity knowledge with serious artistic flair. Discover how they keep SBT’s cybersecurity training visually stunning yet brilliantly...
Step into the world of David Elliott, Security Blue Team’s Principal Defensive Content Engineer, whose creative flair and technical expertise shape cutting-edge cybersecurity training. From building realistic scenarios to mentoring talent, David’s work strengthens SBT’s technical team, helping clients master cyber defences. Dive into his story, from RAF roots to...
