The Security Operations Center (SOC) has served public sector cyber teams for years, but it’s time for something more proactive. It’s not just about reacting to security events; we need to address the risks that lead to these events. This shift makes cyber operations not only more efficient but also more cost-effective.
Sumedh Thakar, CEO of Qualys, shared these insights at a recent event for federal IT leaders near Washington, D.C. He introduced the idea of a new-generation SOC—the Risk Operations Center, or ROC. For Thakar, this shift is crucial. “The old way of scanning weekly and dumping the results somewhere isn’t cutting it anymore,” he said. “We can’t keep relying on manual triage and trying to fix every single issue.”
He emphasized the need for CISOs to focus on managing risk rather than simply monitoring attack surfaces. It’s about identifying and addressing the most plausible losses that could impact the organization. For private companies, that loss often translates to revenue. Public sector organizations, however, face a more complex definition of “loss.”
Thakar pointed to the broader implications, including public safety, national security, and critical infrastructure. He referenced major incidents like the Colonial Pipeline attack in 2022, which disrupted fuel supply across the U.S. “For agencies, it’s all about understanding what disrupts their mission and addressing those risks,” he explained.
In terms of practical steps, Jonathan Trull and Mayuresh Ektare from Qualys want to help public sector CISOs make the most of their limited resources against overwhelming security data. “Our larger clients are not just facing thousands of findings; they’re dealing with hundreds of millions daily. It’s impossible to address them all,” Ektare noted. That’s exactly where the ROC comes into play.
He described running an ROC as a “peacetime” activity for defenders, contrasting it with the SOC’s more reactive, crisis-mode function. Trull, who has extensive cyber experience in Colorado, highlighted the need for accurate risk assessments. “Back in the day, I would have loved an ability to continuously aggregate data,” he recalled. CISOs need clear insights to inform leadership about emerging risks.
He added, “For customers navigating complex environments, exploring this ROC concept could be a game-changer.”