Too often, organisations look to a third party for ready-made answers. What they need instead is to own the process of defining priorities and thresholds, then bring in partners to help validate and strengthen that work.
Where to go from here
The solution isn’t more automation or better tools. It’s careful thinking, threat modelling, and understanding your environment. It’s moving from reactive detection to anticipatory defense. It’s building behavioural analytics that give us context, not just alerts.
And we need urgency. I keep coming back to aviation because it gets this right. When a pilot loses an engine, they don’t pull out a manual. They have rehearsed it. Straight away, they follow a flow that stabilises the situation: aviate, navigate, communicate. SOCs need the same discipline: speed, intuition, and engineering that doesn’t crumble under pressure.