Design the SOC you actually need. Telemetry, detection content, runbooks, and operating model — built to be operated by your team or a partner of your choice.
Versus SOC Architecture is built for organizations standing up a security operations capability — or maturing one that has stalled. We design the SOC you actually need, against your threat model, not a vendor reference architecture stamped with your logo.
The deliverable is opinionated and complete: telemetry strategy, tooling architecture (SIEM, EDR, SOAR, TIP, identity), detection engineering practice, response runbooks, and the operating model that holds it together — staffing tiers, on-call rotation, escalation paths, and the KPIs that distinguish a working SOC from a noisy one.
We do not run the SOC for you. We design it, build the detection content and runbooks that make it work, and hand it over to your team or a managed partner of your choice — with the documentation, training, and on-call shadow time required for that handover to actually take.
Each engagement is led by senior operators who have run SOCs, written detections, and lived through the gaps. Scope is shaped to your environment, not pulled from a template.
Threat-model-aligned detection priorities, ATT&CK coverage targets, and a phased roadmap that matches the team’s actual capacity — not a vendor wishlist.
SIEM, EDR, SOAR, TIP, and identity-telemetry decisions. Vendor-agnostic design with explicit build-vs-buy tradeoffs and an honest read on where your current stack falls short.
Content lifecycle (write, test, deploy, retire), validation pipelines, and the SDLC discipline that keeps detections trustworthy after we leave.
Scoped, environment-specific runbooks for the alerts that actually matter — with decision authority, escalation paths, and containment thresholds spelled out.
Staffing tiers, shift design, on-call rotation, escalation, RACI, and the KPIs that distinguish a working SOC from a noisy one.
Current-state benchmark, gap analysis against your threat model, and a phased roadmap that translates the architecture into a budget and hiring plan.
A consistent rhythm whether the engagement is a greenfield build or a stalled-SOC reset.
Threat-model alignment, current-state benchmark, telemetry inventory, tooling audit, and a clear read on the binding constraints.
Target architecture, operating model, detection strategy, and a budgeted roadmap your leadership can defend.
Baseline detection content, runbook authoring, tooling integration, and validation pipelines — delivered as code, not slides.
Documentation, training, on-call shadow time, and a clean transition to your team or the managed partner you select.
If yours isn’t here, ir@versus-sec.com and the engagement intake both reach a senior partner.
No. We design it and build the content, runbooks, and operating model. We then hand it over to your team — or to a managed partner you select. If you need a partner recommendation, we will be honest about who is good in your context and who is not.
Yes. A meaningful share of our work is on existing SOCs that have stalled — alert fatigue, content rot, unclear escalation, vendors driving the roadmap. We benchmark, isolate the binding constraints, and deliver a reset roadmap.
An architecture document, a detection content library (SIGMA and SIEM-native), runbooks, an operating-model spec, KPI dashboard scaffolding, and a phased roadmap. Everything is yours; nothing is locked behind our tooling.
A typical greenfield engagement runs 12–16 weeks across the four phases. Brownfield assessments can deliver a credible target architecture and roadmap in 4–6 weeks.
Yes. The architecture is designed against SOC 2, ISO 27001, NYDFS, DORA, NIS2, PCI, and HIPAA control requirements where relevant, and we work alongside your auditors during evidence design.
SOC Architecture engagements frequently sit alongside these capabilities. The same operating doctrine, the same partners.
Most engagements begin with a 60-minute scoping call. We’ll tell you within that call whether we’re the right fit and where the binding constraints likely sit.