Loading…
Company: C Spire clear filter
Saturday, September 12
 

10:30am CDT

Life After Tier 1: Rebuilding the SOC When Triage Is Outsourced
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
For many medium-sized enterprises, outsourcing Tier 1 triage to an MSSP is positioned to reduce workload, provide 24/7 coverage, and improve efficiency. In practice, it fundamentally reshapes how a SOC operates—and introduces new challenges that many teams are unprepared for.


Outsourcing Tier 1 doesn’t eliminate work—it redistributes it in ways most SOCs are not designed to handle.


This talk examines what happens after Tier 1 is removed. Organizations place significant trust in third-party providers, yet alert volume may decrease while investigation complexity increases. Context is often lost at handoff boundaries, and traditional metrics lose meaning, while new measures—such as mean time to confirm and escalation quality—become critical for understanding performance. Teams that fail to adapt quickly often find themselves with fewer alerts, but greater uncertainty and slower response.


Operational gaps also emerge when systems do not align with MSSP onboarding models. Custom telemetry sources, delayed parser development, and the gap between deployment and monitoring readiness introduce risk that must be actively managed.


Drawing on real-world experience leading a SOC through this transition, this session focuses on how to redesign operations for a post–Tier 1 model. We will explore how analyst roles must evolve from queue processors to investigators, why detection fidelity becomes the most important metric, and how to build feedback loops that continuously improve detection quality.


Attendees will leave with a practical framework for restructuring workflows, redefining success metrics, and improving detection precision.
This talk is designed for SOC leaders, detection engineers, and analysts navigating MSSP integration or considering outsourcing triage functions and aligns with both the Management/Leadership and Security Operations tracks.
Speakers
avatar for Stuart Fairchild

Stuart Fairchild

Senior Manager, Cybersecurity, C Spire
Stuart Fairchild is a Senior Manager of Cybersecurity at a regional telecommunications provider, where responsibilities include leading security monitoring, incident response, and security awareness programs supporting infrastructure for over one million customers. Work focuses on improving detection... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk
 
Blue Team Con 2026
From $0.00

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Thursday, September 10
Saturday, September 12
Microsoft Technology Center (Aon Center)
Swissôtel Chicago
  • Talk
  • Training
  • Company
  • Abstract
  • Acalvio
  • Amazon
  • Beazley Security
  • Black Hills Information Security
  • Bloom security
  • Broadcom
  • C Spire
  • Campbell Clinic
  • Coalfire
  • CQURE
  • Critical Path Security
  • Data Defenders
  • Dataminr
  • Daylight Security
  • DHS/CISA
  • EXOS
  • First National Bank of Omaha (FNBO)
  • Flare
  • Fortune 150 Food & Bev Manufacturer
  • GetReal Security
  • Horizon Secured
  • Invisible Technologies
  • LevelBlue
  • Liberty Mutual Insurance
  • Nationwide
  • Netwrix
  • Notion
  • Pixee AI
  • Push Security
  • Rapid7
  • Reflex Security
  • Reversec
  • Revology
  • SCYTHE
  • Semperis
  • Spacewalk.ai
  • SpecterOps
  • StoneX
  • TrustedSec
  • Webflow
  • WiCyS Wisconsin
  • Zelis Healthcare
  • Audience
  • Advanced
  • Beginner
  • Early Career
  • Intermediate
  • Subject
  • Application Security / DevSecOps
  • Career Matters
  • Governance / Risk / Compliance
  • Management / Leadership
  • Physical Security
  • Resilience
  • Security Operations / Tools
  • Threat Hunting and Red Teaming
  • Threat Intel and DFIR
  • Vulnerability Management