Blue Team Con 2026

10:30am CDT

Same Network, Different Worlds: Bridging the IT Ops and SOC Divide

Saturday September 12, 2026 10:30am - 11:30am CDT

A temporary service account with Domain Admin rights gets created at 11 PM to patch a legacy application. The sysadmin logs off and forgets about it. The SOC sees the account creation, flags it as authorized admin activity, and moves on. Three weeks later, that account becomes an attacker's persistence mechanism. Nobody did anything wrong. And that is exactly the problem.
IT operations and security teams share the same network but operate in fundamentally different worlds. Sysadmins speak the language of uptime, change windows, and ticket queues. SOC analysts speak the language of alerts, TTPs, and kill chains. Both teams assume the other has visibility into what is happening, and both teams are wrong. The result is a gap that does not show up in any audit report but lives quietly in every environment: misattributed alerts, forgotten service accounts, unclaimed security tasks, and legitimate admin activity that looks completely indistinguishable from an attacker who already knows your environment inside and out.
Most organizations try to solve this with better documentation, cleaner org charts, and the occasional cross team meeting. It does not work. The gap is not a process problem. It is a knowledge problem. Security analysts often do not know enough about how systems are actually administered day to day to separate noise from signal. Sysadmins often have no idea how their routine tasks appear inside a SIEM and have even less awareness of the quiet risk they are generating while doing everything by the book.
This session is built on a premise that is easy to understand but rarely acted on: the person best positioned to bridge that gap is someone who has stood on both sides of it. Drawing from hands on experience managing and securing environments across multiple client organizations at an MSSP, this talk translates the operational realities of IT administration into the detection focused language of the SOC and does the same in reverse. No theory. No vendor pitch. Just an honest look at how two teams who are supposed to be working together keep accidentally working against each other.
Attendees will work through real world scenarios that are very common between companies and industries. They will experience each scenario from the IT ops side and the SOC side to understand what happens. The audience will leave with a practical communication framework they can bring back to their organization before the next incident forces the conversation anyway.
Whether there is a junior analyst trying understand the authenticity of alerts or a systems engineer who has never thought of how routine tasks look like from a SOC lens, this session will be inclusive of all.

Speakers

Sameer Singhal

System Engineer II, EXOS

Sameer bridges the critical gap between infrastructure engineering and security operations. He holds a bachelor's degree in Cybersecurity from Purdue University and is currently a Systems Engineer II working his way towards a Cybersecurity Analyst I position at an MSSP, where he supports... Read More →

Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA

Talk

Company EXOS
Audience Early Career
Subject Security Operations / Tools
global Y

Blue Team Con 2026

From $0.00

Tickets

Success you have shared X tickets.

Blue Team Con 2026

10:30am CDT

Sameer Singhal

Get help with the event

Choose your checkout method

Success you have shared X tickets.

Blue Team Con 2026

10:30am CDT

Sameer Singhal

Get help with the event