Blue Team Con 2026

10:30am CDT

Beyond the SIEM: Critical Governance and Architecture Decisions for Modern SOCs

Saturday September 12, 2026 10:30am - 11:30am CDT

Modern Security Operations Centers (SOCs) have evolved from basic technical hubs into essential engines for risk management. Success requires a disciplined alignment of governance, architecture, and talent to ensure every action remains resilient and defensible. This session presents a structured methodology to balance high-level technical capability with fiscal responsibility and regulatory mandates. By evaluating SOC evolution through the lens of financial and legal risk, organizations can build a function that is both highly effective and accountable to the board of directors.

We begin by discussing why governance must precede tooling to avoid embedding technical debt into the center’s foundation. This involves identifying critical assets, defining precise operational scope, and mapping risks driven by regulatory frameworks and customer contracts. Once these boundaries are set, we explore how to design a technical backbone that eliminates unnecessary complexity. We will evaluate a tiered log strategy where a security data lake handles high-volume telemetry while the primary analytics engine is reserved for real-time, high-fidelity alerting. This strategic approach prevents cost escalation while providing the depth required for advanced automated workflows.

We also address workforce modeling, demonstrating how technology choices dictate staffing requirements. By examining the mathematical rule of five, we evaluate the requirements for sustainable 24/7 coverage while preventing analyst burnout. The session concludes by reviewing how these elements create a living function that leverages automated triage and standardized playbooks to reduce manual effort by 60–80%. Attendees will learn to formalize critical escalation paths and measure performance through a trinity of operational, contractual, and compliance metrics, ultimately validating defenses through structured training to maintain a proactive, intelligence-driven posture.

Speakers

Bart Stump, "Stumper"

Managing Principal, Coalfire

Bart Stump is a Managing Principal on the Threat Discovery Services team at Coalfire with over 19 years of experience. He specializes in identifying defensive gaps through threat hunting, cyber threat intelligence, and security tool gap analysis to implement robust defensive measures. For... Read More →

Jeremy Croghan

Director, Coalfire

Jeremy Croghan is a seasoned cybersecurity leader and Director of Business Resiliency at Coalfire with over 20 years of experience, including U.S. Marine Corps service. He specializes in aligning the complex regulatory requirements of any industry with organizational policies to ensure... Read More →

Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA

Talk

Company Coalfire
Audience Intermediate
Subject Governance / Risk / Compliance
global Y

Blue Team Con 2026

From $0.00

Tickets

Success you have shared X tickets.

Blue Team Con 2026

10:30am CDT

Bart Stump, "Stumper"

Jeremy Croghan

Get help with the event

Choose your checkout method

Success you have shared X tickets.

Blue Team Con 2026

10:30am CDT

Bart Stump, "Stumper"

Jeremy Croghan

Get help with the event