{"id":83856,"date":"2026-02-15T10:30:55","date_gmt":"2026-02-15T10:30:55","guid":{"rendered":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/?p=83856"},"modified":"2026-03-20T08:01:09","modified_gmt":"2026-03-20T08:01:09","slug":"modern-cybersecurity-for-soc","status":"publish","type":"post","link":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/security-operation-center\/modern-cybersecurity-for-soc\/","title":{"rendered":"Defending the Digital Perimeter: Modern Cybersecurity for SOC"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"83856\" class=\"elementor elementor-83856\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-8776192 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"8776192\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-574b159\" data-id=\"574b159\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fb44045 elementor-widget elementor-widget-text-editor\" data-id=\"fb44045\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Proactive security is a must to keep up with evolving cyberthreats and building a blue team program is the best strategy to incorporate proactive methods. This article explores the foundational elements of a Security Operations Center (SOC), which provides the infrastructure and expertise required for effective blue teaming. It also delves on effective monitoring and incident response strategies, integration of vulnerability and exposure management, and best practices for incident recovery.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-491ba9c elementor-widget elementor-widget-text-editor\" data-id=\"491ba9c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>What Is the Mission of the Security Operations Center (SOC)?<\/h2><p>Let\u2019s dive into the core mission of a <a href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/security-operation-center\/what-is-soc-security-operations-center\/\" target=\"_blank\" rel=\"noopener\">Security Operations Center (SOC)<\/a>. At its heart, the SOC exists to detect, investigate, respond to, remediate, and report cybersecurity incidents. Each of these pillars is critical in protecting an organization\u2019s digital infrastructure.<\/p><ul><li><strong>Detection:<\/strong> Continuously monitoring the network and endpoints for signs of threats or policy violations.<\/li><li><strong>Investigation:<\/strong> Analyzing SOC alerts and logs to confirm and classify threats.<\/li><li><strong>Response:<\/strong> Following adopted triage policies to contain and mitigate confirmed threats.<\/li><li><strong>Remediation:<\/strong> Fixing the detected vulnerabilities and impacted elements to prevent further risk.<\/li><li><strong>Reporting:<\/strong> Documenting and reporting incidents and associated insights with stakeholders for transparency and strategic improvement.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3f2e671 elementor-widget elementor-widget-text-editor\" data-id=\"3f2e671\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Fundamental Components of a SOC<\/h2><p>Building on the SOC\u2019s mission, let\u2019s explore its key components that enable effective cybersecurity operations. These elements form the backbone of how a SOC functions programmatically and operationally.<\/p><ul><li><strong>Monitoring and Alerting:<\/strong> At the core of a SOC is continuous monitoring for security events. Tools like <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/security-101\/what-is-siem\" target=\"_blank\" rel=\"noopener\">Security Information and Event Management (SIEM)<\/a> systems aggregate logs and alerts from across the environment, helping analysts identify suspicious activity in real time.<\/li><li><strong>Investigation and Forensics:<\/strong> When alerts are triggered, deeper investigations begin. This involves collecting additional logs, engaging forensic tools, and analyzing artifacts to understand the nature and scope of the incident. The goal is to determine what happened, how it happened, and its impact.<\/li><li><strong>Incident Response:<\/strong> Following the discovery and confirmation of a threat incident, security teams initiate a coordinated response based on predefined policies. These incident response strategies involve processes such as threat containment, risk eradication, and recovery actions to restore normal operations.<\/li><li><strong>Quality Assurance, Control, and Improvement (QA, QC, and QI):<\/strong> QA, QC, and QI are vital to continuous improvement. SOC teams regularly review incident handling, validate adherence to policies and procedures, and assess training effectiveness. This ensures that the SOC evolves with emerging threats and maintains operational excellence.<\/li><li><strong>Training and Exercises:<\/strong> Regular training and simulation exercises help analysts stay sharp and up to date with the latest threats and technologies. These activities reinforce skills, validate readiness, and promote a culture of learning.<\/li><\/ul><p>While not always part of the core SOC, several complementary programs may be integrated to enhance its capabilities:<\/p><ul><li><strong>Insider Threat Management:<\/strong> These programs focus on monitoring user behavior within the organization\u2019s network to detect any potential insider threats.<\/li><li><strong>Data Loss Prevention (DLP):<\/strong> Some of the advanced SOC tools and suites are also aligned with policies that adhere to the classification and protection of sensitive data across the network.<\/li><li><strong>Cyber Threat Intelligence (CTI):<\/strong> With SOC capturing all the raw data needed for threat analysis, modern SOC capabilities tend to automate the integration of telemetry from SOC to threat intelligence platforms in order to stay ahead of emerg<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9f94b5d elementor-widget elementor-widget-text-editor\" data-id=\"9f94b5d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Monitoring and Incident Response Techniques<\/h2><p><a href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/incident-handling\/what-is-incident-response\/\">Incident response<\/a> in a SOC is managed through two modes: alert-driven monitoring and a structured incident response. Classification of threats into this incident response approach is triaged via a tiered investigation model.<\/p><ul><li><strong>Level 1 (Triage):<\/strong> <a href=\"https:\/\/www.eccouncil.org\/train-certify\/soc-analyst\/\">SOC analysts<\/a> review and prioritize alerts by severity, filtering out false positives.<\/li><li><strong>Level 2 (Investigation):<\/strong> Analysts perform deeper analysis to assess whether the alert indicates a real threat.<\/li><li><strong>Level 3 (Escalation):<\/strong> Complex or confirmed threats are escalated to senior analysts or incident responders for further action.<\/li><\/ul><p>When a confirmed incident occurs, the SOC shifts to a centralized incident command model. A designated incident commander leads the response using management by objectives, setting clear goals and coordinating cross-functional teams, such as IT, HR, legal, and external vendors, to contain and mitigate the threat. Regular checkpoints ensure situational awareness and alignment across all teams.<br \/>The Incident Command System (ICS), originally designed for emergency services, is highly effective in cybersecurity contexts and offers structured guidance for managing complex incidents. For more information on ICS, resources are available through organizations like the U.S. Department of Homeland Security.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1228eb6 elementor-widget elementor-widget-text-editor\" data-id=\"1228eb6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>The Investigation Lifecycle<\/h2><p>In case of a security event in the environment, logs are generated and sent to a SIEM or log management system. If the event, or a series of events, meets predefined thresholds, an alert is triggered, signaling the need for human analysis.<br \/>The investigation begins with triage, where alerts are prioritized based on severity and assigned to analysts. Analysts perform an initial review to identify false positives and determine whether further investigation is needed.<\/p><p>Next comes enrichment, where additional context is gathered, such as user activity, login patterns, and access behavior, to better understand the event. This step helps analysts connect the dots and assess whether the activity is suspicious or benign.<\/p><p>If the investigation reveals potentially malicious behavior, the alert is escalated, and a formal incident may be declared, triggering the incident response process.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-71d9b7f elementor-widget elementor-widget-text-editor\" data-id=\"71d9b7f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Ensuring Effective Investigations and Response<\/h2><p>The effectiveness of any incident response strategy depends upon the tracking and improvement of a few key metrics, such as MTTR, MTA, and the rate of false positives. Improving the efficacy of these metrics will help security teams to drive down noise, identify critical risks, and implement agile mitigation. Some of the important metrics can be listed as:<\/p><ul><li><strong>MTTR (Mean Time to Resolve):<\/strong> This represents the total time from alert generation to threat resolution. A lower MTTR indicates more agile and responsive security operations.<\/li><li><strong>MTTA (Mean Time to Acknowledge):<\/strong> This represents the time needed to correctly classify threat levels and begin its analysis. A lower MTTA, especially for critical alerts, reduces overall incident response time.<\/li><li><strong>Time to Contain:<\/strong> This metric measures how quickly a threat actor is stopped and is an important performance indicator for incident response capabilities.<\/li><li><strong>False Positive Rate:<\/strong> A lower ratio of false to true positive alerts indicates lower noise and efficiency of SIEM.<\/li><li><strong>Event-to-Alert Time:<\/strong> This metric is directly linked to the efficiency of the SIEM in detecting and raising an alert for an incident from its occurrence. A typical acceptable range is 5 to 15 minutes.<\/li><li><strong>Log Source Coverage:<\/strong> This indicates the log coverage of SIEM; any gaps in coverage reduce threat visibility.<\/li><li><strong>Quality of Investigation:<\/strong> This is a derived metric that monitors how closely the SOC and IR guidelines are being followed. Results from this not only feed KPIs but also inform training and continuous improvement.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a404c38 elementor-widget elementor-widget-text-editor\" data-id=\"a404c38\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Integrating Vulnerability and Exposure Management<\/h2><p><a href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/network-security\/advanced-vulnerability-management-approach\/\" target=\"_blank\" rel=\"noopener\">Vulnerability management<\/a> focuses on identifying and fixing known security flaws or common vulnerability exposures (CVEs), while exposure management addresses broader risks like misconfigurations and poor security practices.<\/p><p>Both can be managed using a triage-based approach similar to alert handling in a SOC, categorizing issues by criticality, assigning ownership, and tracking remediation progress. In cases of severe risk (e.g., a CVSS 10 vulnerability on the perimeter), exposures can be treated like incidents, triggering a coordinated response.<\/p><p>Many organizations are now integrating vulnerability and exposure management into the SOC, leveraging existing triage and incident response processes. This ensures faster detection, prioritization, and resolution using the same 24\/7 monitoring and response capabilities. A designated incident commander ensures coordinated action and avoids conflicting efforts across teams.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-11ce6b8 elementor-widget elementor-widget-text-editor\" data-id=\"11ce6b8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Responding to an Incident<\/h2><p>The initial step in responding to any critical incident is to establish a chain of command in accordance with established policies. A single point of leadership and an appropriate channel for coordination help avoid confusion and ensure seamless management. Following this, assemble a cross-functional incident response team that includes not only SOC professionals but also professionals responsible for network, platform, DevOps, legal, and digital security management. This phase may also require the involvement of the vendor or third-party service providers for effective incident management. Using management by objectives, the threat response is structured into phases such as:<\/p><ul><li><strong>Impending Objectives:<\/strong> Contain the threat and minimize impact.<\/li><li><strong>Mid-Term Objectives:<\/strong> Restore disrupted services and resume operations.<\/li><li><strong>Long-Term Objectives:<\/strong> Fully remediate the issue and implement measures to prevent recurrence, moving the organization from recovery to resilience.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-41e69de elementor-widget elementor-widget-text-editor\" data-id=\"41e69de\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Incident Response Lessons<\/h2><p>Incident response is a team effort but not a group discussion. Success depends on involving only the necessary teams quickly, with clear roles and a single incident commander to lead and coordinate actions.<\/p><p>Maintaining need-to-know access ensures focus and prevents disruption. Stakeholders should receive structured updates to stay informed without interrupting workflows. Secure, isolated response environments help responders work efficiently and communicate openly.<\/p><p>After the incident, conduct an after-action review to gather feedback, identify gaps, and improve processes. Regular training and exercises are essential to define roles, build readiness, and ensure smooth execution when real incidents occur.<\/p><h2>Enabling Recovery<\/h2><p>Recovery is about restoring systems to a secure and functional state, ideally better than before. A successful recovery requires:<\/p><ul><li>A clean recovery environment, free from malware or threat actor access.<\/li><li>Reliable backups or system templates,\u00a0to restore critical services.<\/li><li>Mitigations,\u00a0to address vulnerabilities and misconfigurations that enabled the attack.<\/li><\/ul><p>While security teams may not lead recovery, they play a vital role in analyzing the attack, securing the recovery environment, and monitoring for follow-up threats.<\/p><h2>Using Exercises to Prepare and Improve<\/h2><p>Exercises are essential for validating capabilities, identifying gaps, and building team readiness. Two primary types include:<\/p><ul><li><strong>Tabletop Exercises:<\/strong> Scenario-driven discussions using written injects to walk through procedures and decision-making.<\/li><li><strong>Functional Exercises:<\/strong> Hands-on simulations that test systems, tools, and team coordination in real time.<\/li><\/ul><p>After each exercise, conduct an after-action review to assess performance, uncover weaknesses, and refine processes. Exercises should be frequent, ideally quarterly, to ensure teams stay sharp and aligned.<\/p><h2>Continuous Improvement Programs<\/h2><p>Security is not static. A strong program focuses on continuously improving people, processes, and technology by:<\/p><ul><li>Analyzing inputs,\u00a0from exercises, metrics, and QA reviews.<\/li><li>Identifying gaps,\u00a0addressing them through training, tooling, or policy updates.<\/li><li>Staying current, with emerging threats and technologies.<\/li><li>Conducting after-action reviews,\u00a0for both exercises and real incidents to learn and evolve.<\/li><\/ul><p>Continuous improvement ensures your security posture grows stronger over time and remains resilient against evolving threats.<\/p><h2>Conclusion<\/h2><p>When structured effectively, a Security Operations Center (SOC) becomes crucial for cybersecurity, where threats are detected, triaged, and neutralized in real time. By applying disciplined models like triage and incident command, SOCs can manage not only active threats but also vulnerabilities and broader risks.<\/p><p>Success hinges on preparation. Continuous training, exercises, and a strong improvement program are essential to keep pace with evolving adversaries. The SOC must constantly adapt, refine its processes, and stay ahead, especially during quiet periods when proactive development matters most.<\/p><p>A mature SOC isn\u2019t just reactive, but rather resilient, agile, and always improving.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0add805 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0add805\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-781b460\" data-id=\"781b460\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-313f2a8 tags-cloud elementor-widget elementor-widget-heading\" data-id=\"313f2a8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Tags<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-278932d tags-cloud elementor-widget elementor-widget-post-info\" data-id=\"278932d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"post-info.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-inline-items elementor-icon-list-items elementor-post-info\">\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item elementor-repeater-item-f2e3860 elementor-inline-item\" itemprop=\"about\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text elementor-post-info__item elementor-post-info__item--type-terms\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-post-info__terms-list\">\n\t\t\t\t<a href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/tag\/cybersecurity\/\" class=\"elementor-post-info__terms-list-item\">cybersecurity<\/a>, <a href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/tag\/ec-council-2\/\" class=\"elementor-post-info__terms-list-item\">EC Council<\/a>, <a href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/tag\/edr\/\" class=\"elementor-post-info__terms-list-item\">EDR<\/a>, <a href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/tag\/ids-ips\/\" class=\"elementor-post-info__terms-list-item\">IDS\/IPS<\/a>, <a href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/tag\/information-security\/\" class=\"elementor-post-info__terms-list-item\">Information Security<\/a>, <a href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/tag\/security-analysts\/\" class=\"elementor-post-info__terms-list-item\">Security Analysts<\/a>, <a href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/tag\/security-operations-center\/\" class=\"elementor-post-info__terms-list-item\">Security Operations Center<\/a>, <a href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/tag\/siem\/\" class=\"elementor-post-info__terms-list-item\">SIEM<\/a>, <a href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/tag\/soc\/\" class=\"elementor-post-info__terms-list-item\">SOC<\/a>\t\t\t\t<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-01eed82 tags-cloud elementor-widget elementor-widget-heading\" data-id=\"01eed82\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">About the Author<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-bf5d233 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"bf5d233\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-0aaacb6\" data-id=\"0aaacb6\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-cc0af6f elementor-widget elementor-widget-image\" data-id=\"cc0af6f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"1050\" height=\"1000\" src=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/11\/AJ-Jarrett-1.png\" class=\"attachment-full size-full wp-image-83858\" alt=\"\" srcset=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/11\/AJ-Jarrett-1.png 1050w, https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/11\/AJ-Jarrett-1-300x286.png 300w, https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/11\/AJ-Jarrett-1-1024x975.png 1024w, https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/11\/AJ-Jarrett-1-768x731.png 768w\" sizes=\"(max-width: 1050px) 100vw, 1050px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6041154 elementor-widget elementor-widget-heading\" data-id=\"6041154\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Andrew Jarrett<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b5c9383 elementor-widget elementor-widget-text-editor\" data-id=\"b5c9383\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tDirector, Cyber Monitoring &#038; Incident Response, DTCC\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-6d5a437\" data-id=\"6d5a437\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c354d23 elementor-widget elementor-widget-text-editor\" data-id=\"c354d23\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><a href=\"https:\/\/www.linkedin.com\/in\/cyber-aj\/\">Andrew Jarrett<\/a> has over fifteen years of experience in technology, cybersecurity, and incident response in both the public and private sectors. Prior to joining DTCC, Andrew Jarrett launched and led multiple cybersecurity programs in highly regulated environments, including defense and finance. In addition to his work at DTCC, Andrew Jarrett is also an adjunct instructor with the Applied Cybersecurity Program at Texas A&amp;M Engineering Extension Service and a volunteer advisor for multiple high school and college career technology education programs.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Proactive security is a must to keep up with evolving cyberthreats and building a blue team program is the best strategy to incorporate proactive methods. This article explores the foundational elements of a Security Operations Center (SOC), which provides the infrastructure and expertise required for effective blue teaming. It also delves on effective monitoring and&hellip;<\/p>\n","protected":false},"author":33,"featured_media":83863,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_eb_attr":"","footnotes":""},"categories":[12225],"tags":[199,12981,12964,12995,12407,12994,12454,12996,12532],"class_list":{"0":"post-83856","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security-operation-center","8":"tag-cybersecurity","9":"tag-ec-council-2","10":"tag-edr","11":"tag-ids-ips","12":"tag-information-security","13":"tag-security-analysts","14":"tag-security-operations-center","15":"tag-siem","16":"tag-soc"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v20.13 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Modern SOC Cybersecurity: Incident Response &amp; Defense Guide<\/title>\n<meta name=\"description\" content=\"Learn the core mission, components, and tiered response model of a modern Security Operations Center (SOC). Master incident response, recovery, and continuous improvement\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/security-operation-center\/modern-cybersecurity-for-soc\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Modern SOC Cybersecurity: Incident Response &amp; Defense Guide\" \/>\n<meta property=\"og:description\" content=\"Learn the core mission, components, and tiered response model of a modern Security Operations Center (SOC). Master incident response, recovery, and continuous improvement\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/security-operation-center\/modern-cybersecurity-for-soc\/\" \/>\n<meta property=\"og:site_name\" content=\"Cybersecurity Exchange\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-15T10:30:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-20T08:01:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/11\/Modern-Cybersecurity-for-SOC-Banners.jpg.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"419\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"EC-Council\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Modern SOC Cybersecurity: Incident Response &amp; Defense Guide\" \/>\n<meta name=\"twitter:description\" content=\"Learn the core mission, components, and tiered response model of a modern Security Operations Center (SOC). Master incident response, recovery, and continuous improvement\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/11\/Modern-Cybersecurity-for-SOC-Banners.jpg.webp\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"EC-Council\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/security-operation-center\\\/modern-cybersecurity-for-soc\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/security-operation-center\\\/modern-cybersecurity-for-soc\\\/\"},\"author\":{\"name\":\"EC-Council\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#\\\/schema\\\/person\\\/10d534ff5660436a0efe90fea66ce5fd\"},\"headline\":\"Defending the Digital Perimeter: Modern Cybersecurity for SOC\",\"datePublished\":\"2026-02-15T10:30:55+00:00\",\"dateModified\":\"2026-03-20T08:01:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/security-operation-center\\\/modern-cybersecurity-for-soc\\\/\"},\"wordCount\":1884,\"publisher\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/security-operation-center\\\/modern-cybersecurity-for-soc\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/Blog-Banners-CND-01-1080x1080e.png\",\"keywords\":[\"cybersecurity\",\"EC Council\",\"EDR\",\"IDS\\\/IPS\",\"Information Security\",\"Security Analysts\",\"Security Operations Center\",\"SIEM\",\"SOC\"],\"articleSection\":[\"Security Operation Center\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/security-operation-center\\\/modern-cybersecurity-for-soc\\\/\",\"url\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/security-operation-center\\\/modern-cybersecurity-for-soc\\\/\",\"name\":\"Modern SOC Cybersecurity: Incident Response & Defense Guide\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/security-operation-center\\\/modern-cybersecurity-for-soc\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/security-operation-center\\\/modern-cybersecurity-for-soc\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/Blog-Banners-CND-01-1080x1080e.png\",\"datePublished\":\"2026-02-15T10:30:55+00:00\",\"dateModified\":\"2026-03-20T08:01:09+00:00\",\"description\":\"Learn the core mission, components, and tiered response model of a modern Security Operations Center (SOC). Master incident response, recovery, and continuous improvement\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/security-operation-center\\\/modern-cybersecurity-for-soc\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/security-operation-center\\\/modern-cybersecurity-for-soc\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/security-operation-center\\\/modern-cybersecurity-for-soc\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/Blog-Banners-CND-01-1080x1080e.png\",\"contentUrl\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/Blog-Banners-CND-01-1080x1080e.png\",\"width\":1080,\"height\":1080,\"caption\":\"Modern SOC Cybersecurity\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/security-operation-center\\\/modern-cybersecurity-for-soc\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.eccouncil.org\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity Exchange\",\"item\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Security Operation Center\",\"item\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/category\\\/security-operation-center\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Defending the Digital Perimeter: Modern Cybersecurity for SOC\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#website\",\"url\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/\",\"name\":\"Cybersecurity Exchange\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#organization\",\"name\":\"Cybersecurity Exchange\",\"url\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Cybersecurity Exchange\"},\"image\":{\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.eccouncil.org\\\/cybersecurity-exchange\\\/#\\\/schema\\\/person\\\/10d534ff5660436a0efe90fea66ce5fd\",\"name\":\"EC-Council\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Modern SOC Cybersecurity: Incident Response & Defense Guide","description":"Learn the core mission, components, and tiered response model of a modern Security Operations Center (SOC). Master incident response, recovery, and continuous improvement","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/security-operation-center\/modern-cybersecurity-for-soc\/","og_locale":"en_US","og_type":"article","og_title":"Modern SOC Cybersecurity: Incident Response & Defense Guide","og_description":"Learn the core mission, components, and tiered response model of a modern Security Operations Center (SOC). Master incident response, recovery, and continuous improvement","og_url":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/security-operation-center\/modern-cybersecurity-for-soc\/","og_site_name":"Cybersecurity Exchange","article_published_time":"2026-02-15T10:30:55+00:00","article_modified_time":"2026-03-20T08:01:09+00:00","og_image":[{"width":800,"height":419,"url":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/11\/Modern-Cybersecurity-for-SOC-Banners.jpg.webp","type":"image\/webp"}],"author":"EC-Council","twitter_card":"summary_large_image","twitter_title":"Modern SOC Cybersecurity: Incident Response & Defense Guide","twitter_description":"Learn the core mission, components, and tiered response model of a modern Security Operations Center (SOC). Master incident response, recovery, and continuous improvement","twitter_image":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/11\/Modern-Cybersecurity-for-SOC-Banners.jpg.webp","twitter_misc":{"Written by":"EC-Council","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/security-operation-center\/modern-cybersecurity-for-soc\/#article","isPartOf":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/security-operation-center\/modern-cybersecurity-for-soc\/"},"author":{"name":"EC-Council","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#\/schema\/person\/10d534ff5660436a0efe90fea66ce5fd"},"headline":"Defending the Digital Perimeter: Modern Cybersecurity for SOC","datePublished":"2026-02-15T10:30:55+00:00","dateModified":"2026-03-20T08:01:09+00:00","mainEntityOfPage":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/security-operation-center\/modern-cybersecurity-for-soc\/"},"wordCount":1884,"publisher":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#organization"},"image":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/security-operation-center\/modern-cybersecurity-for-soc\/#primaryimage"},"thumbnailUrl":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/11\/Blog-Banners-CND-01-1080x1080e.png","keywords":["cybersecurity","EC Council","EDR","IDS\/IPS","Information Security","Security Analysts","Security Operations Center","SIEM","SOC"],"articleSection":["Security Operation Center"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/security-operation-center\/modern-cybersecurity-for-soc\/","url":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/security-operation-center\/modern-cybersecurity-for-soc\/","name":"Modern SOC Cybersecurity: Incident Response & Defense Guide","isPartOf":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/security-operation-center\/modern-cybersecurity-for-soc\/#primaryimage"},"image":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/security-operation-center\/modern-cybersecurity-for-soc\/#primaryimage"},"thumbnailUrl":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/11\/Blog-Banners-CND-01-1080x1080e.png","datePublished":"2026-02-15T10:30:55+00:00","dateModified":"2026-03-20T08:01:09+00:00","description":"Learn the core mission, components, and tiered response model of a modern Security Operations Center (SOC). Master incident response, recovery, and continuous improvement","breadcrumb":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/security-operation-center\/modern-cybersecurity-for-soc\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.eccouncil.org\/cybersecurity-exchange\/security-operation-center\/modern-cybersecurity-for-soc\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/security-operation-center\/modern-cybersecurity-for-soc\/#primaryimage","url":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/11\/Blog-Banners-CND-01-1080x1080e.png","contentUrl":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-content\/uploads\/2025\/11\/Blog-Banners-CND-01-1080x1080e.png","width":1080,"height":1080,"caption":"Modern SOC Cybersecurity"},{"@type":"BreadcrumbList","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/security-operation-center\/modern-cybersecurity-for-soc\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.eccouncil.org\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity Exchange","item":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/"},{"@type":"ListItem","position":3,"name":"Security Operation Center","item":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/category\/security-operation-center\/"},{"@type":"ListItem","position":4,"name":"Defending the Digital Perimeter: Modern Cybersecurity for SOC"}]},{"@type":"WebSite","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#website","url":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/","name":"Cybersecurity Exchange","description":"","publisher":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#organization","name":"Cybersecurity Exchange","url":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#\/schema\/logo\/image\/","url":"","contentUrl":"","caption":"Cybersecurity Exchange"},"image":{"@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/#\/schema\/person\/10d534ff5660436a0efe90fea66ce5fd","name":"EC-Council"}]}},"_links":{"self":[{"href":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/posts\/83856","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/users\/33"}],"replies":[{"embeddable":true,"href":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/comments?post=83856"}],"version-history":[{"count":0,"href":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/posts\/83856\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/media\/83863"}],"wp:attachment":[{"href":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/media?parent=83856"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/categories?post=83856"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/wp-json\/wp\/v2\/tags?post=83856"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}