Carson Zimmerman

Carson Zimmerman has been working in and around security operations centers (SOCs) for over 20 years.  In his current role at Microsoft, Carson is a Principal Security Researcher working to elevate SOCs around the globe through industry-leading security capabilities.  In his previous role at Microsoft, Carson led the investigations team responsible for defending the M365 platform and ecosystem.  His experiences as a SOC analyst, engineer, and architect led Carson to author Ten Strategies of a World-Class Cybersecurity Operations Center, and co-authored its second edition, Eleven Strategies… which may be downloaded for free at mitre.org/11Strategies

2024 Talk

Talk Title: One SOC, The Whole SOC, and Nothing But The SOC, So Help Me

Talk Abstract:
I’ve been working in security operations for over two decades. In that time, I’ve worked in or with SOCs of all sizes and shapes, young and old, private industry and government. Most of them experienced endless struggle and conflict because of one big mistake. Don’t let this happen to you. In this talk, I want to share with you the number one secret for SOC success that so many people screw up. I will step you through how to organize a SOC: what should go in it, what should probably stay out, and what your SOC will look like if you get it right.