The structure of a process or organization at small scale is often about generalization – everyone has to be able to do anything – but at large scale, you want to design for specialist roles. Learn the essential items to scale, which ones to specialize in and how to outsource unimportant (to you) parts.
Takeaways:
* It’s okay to have a hero-oriented small-scale SOC/IR program, but that can’t scale.
* How to build robust IR processes that handle both trivial and toxic incidents.
* How to staff a scaling SOC organization.