Breaching the Boardroom

Breaching the Boardroom is a high-level podcast designed to explore the intersection of leadership, growth, and technology. Each episode brings industry leaders, experts, and innovators together for candid conversations on how to navigate the evolving tech landscape while driving business success. We’re on a mission to simplify complex topics like AI, cyber threats, and IT strategy, making them accessible and actionable for executives in mid-market businesses.

All Episodes

Breaching the Boardroom

SOC vs. NOC

January 16, 2025 • NetGain Technologies, LLC

🔐 NOCs and SOCs might sound like tech jargon, but they are the unsung heroes behind your business’s smooth and secure operations. In this episode of Breaching the Boardroom, host David Mauro (NetGain Technologies) is joined by technology and security leaders Scott Logan, Jesse Kuykendall, and Bruce McDonald to demystify these critical operations.

Together, they discuss the differences, similarities, and synergy between a Network Operations Center (NOC) and a Security Operations Center (SOC) — and why every SMB should understand their value.

💡 What You’ll Learn:

What NOCs and SOCs are and the key roles they play in modern businesses
How the digital shift has heightened the need for 24/7 IT monitoring and security
The importance of proactive versus reactive IT management
Real-life examples of NOCs and SOCs working together during crises
Why outsourcing these services to an MSP or MSSP can be a game-changer

📢 Ready to strengthen your IT and security posture?
Discover how NetGain Technologies’ 24/7 NOC and SOC services can safeguard your business, minimize downtime, and maximize productivity.

👋 Connect with Us:

David Mauro – VP of Business Development, NetGain Technologies
Scott Logan – Director of Security, NetGain Technologies
Jesse Kuykendall – VP of Operations, NetGain Technologies
Bruce McDonald – Client Success Manager, NetGain Technologies

📖 Resources Mentioned:

NetGain Technologies’ Cybersecurity Public Service Initiative
Free workshops and simulations with the FBI.

🌟 Who Are We?

NetGain Technologies is a leading managed IT and security service provider with over 40 years of experience helping small to mid-sized businesses succeed. 💻✨ Specializing in IT management, cybersecurity, and strategic consulting, we empower businesses in healthcare, finance, manufacturing, and beyond to turn technology into a competitive advantage. 🚀

🌐 Website: www.netgainit.com
💼 LinkedIn: NetGain Technologies
📅 Meet with Us: Schedule a Meeting

Breaching The Boardroom (00:02)
All right. Welcome, everybody, to Breaching the Boardroom. I'm your host, David Mauro And in the studio today, we have some consummate technology and security leaders that we're really excited about bringing to you. We have Scott Logan, and I'll have Scott introduce himself. And we have Jesse, who runs our entire operations. We're very excited to have you as well, Jesse. And then also joining us is

Bruce is one of our client success managers, really the voice of the customer in the SMB space. Today, we're going to be talking about the integral operations of a network operation center and a security operation center, how they're similar, how they're different, what they are, and why businesses need them and use them on a regular basis, and then kind of what it means for leadership.

in small business. So gentlemen, thank you for joining us.

Scott Logan (01:06)
Thank you for having us.

Jesse Kuykendall (01:06)
Absolutely, David.

Breaching The Boardroom (01:07)
No, we're we're yeah, we're we're really excited about having you. Jesse, why don't you go ahead and please introduce yourself, explain to everybody your current role and kind of, you know, how how you serve small mid-sized businesses.

Bruce McDonald (01:08)
Yeah, thanks, David.

Jesse Kuykendall (01:24)
Excellent. Yeah. So David, obviously, you know me, Jesse Kuykendall I am the vice president of operations for NetGain Technologies. I've been with the organization for a little over 11 years now and have served in a multitude of roles that have given me a whole lot of skills along the way to understand both client needs, desires, and a little bit of the psyche that engineers struggle with day to day in terms of problem solving.

My role really at a high level is defining the strategic direction for our security, our managed services and our project services, along with the directors that serve in each of those individual sectors. You know, our approach for clients has always been at least from my viewpoint, understanding their business first, to understand why they exist as an organization, how they serve their own client base, and then

how can we make technology more intentional and useful for them in how they drive their day-to-day business. If it's not serving a purpose or mitigating risk, it's just wasting overhead. So we always want technology to be useful and intentional in how it's helping them.

Breaching The Boardroom (02:40)
Excellent. Yeah, is that is a you said that perfectly. I mean, that that's exactly the the mission behind everything that we do. Scott, please introduce yourself. Tell us tell us your role and how how you serve organizations today.

Scott Logan (02:57)
Awesome, thank you, David. My name is Scott Logan. the Director of Security for NetGain Technologies. So what does that mean to be a Director of Security? That means I have to provide security services for NetGain as an MSP. Our responsibility to keep the clients safe that we support in a managed service offering is very important, not only to each client, but also to our company.

Once again, as an MSP, our compliance requirements, our abilities to keep our clients safe. And then we also provide MSSP services directly to clients, security services, security provisioning, how their security is orchestrated, how their compliance needs to be aligned, and we provide security tools to help them achieve that.

Breaching The Boardroom (03:44)
Excellent. Bruce, introduce yourself, my friend.

Bruce McDonald (03:49)
Well, hey, David. I'm a client success manager here at NetGain. I started in the industry kind of in 1989 as a database administrator in the Marine Corps and then spent a lot of years at the community college as a project manager in IT and did help desk and desktop support before that. Been in the MSP space for about six years.

and recently migrated to the client success management role after some time as a service delivery manager. So for me, it's how do we understand what the technology does for the client? Their job isn't necessarily technology. so for us to understand what the SMB's core competencies and businesses are and how our tool set, which is technology, helps them and when they need to grab it off the shelf and use it.

that it's ready to go.

Breaching The Boardroom (04:46)
Excellent. Yeah, thanks so much. I mean, I want to define terms because we use, we hear terms like NOC and SOC and, know, NOC, Network Operations Center and SOC, Security Operations Center. And there's really two different roles and purposes. But before we get there, I think what you guys brought up was really interesting. And that is our clients aren't in the business of, most of them anyway, aren't in the business of technology, right? They are in the business of

practicing law, practicing medicine, conducting financial practices, right? They are building and manufacturing things. you know, times have changed in the last few years. you know, would you guys agree, like, 20 years ago, we really had two versions of our world. We had our physical world where we could, you know, conduct business, and we had our computers in the office and around.

And if the computers went down, it was inconvenient, but we could still function. I mean, we could still, you know, engage in new business, make payroll, engage in transactions, help out employees. But today, it seems so many organizations have gone through digital transformation and everything is either online or in a device somewhere so that when things go down, whether it's

from a cyber attack or from an outage or from a malfunction in the operations of a system, organizations really, really suffer more than ever. Is that what you guys are seeing as well?

Jesse Kuykendall (06:27)
Yeah, absolutely. And because of that shift from analog to digital, I think the ability to failover, let's say to something that's physical, whether that's taking orders, medical records, whatever else, it becomes a lot more clunky. And so, of course, the need for high availability for systems that can integrate and sustain those types of risks, whether that's

So we have a power outage, like you said, some sort of security risk, the ability to maintain and have as little interruption as possible, both for the sake of your employees as well as your client base just becomes more more important. And a little to your point, I mean, that is one of the core functions of a NOC, a NOC is really to maintain visibility on how the network's operating, allow it to run as optimally as possible and ideally,

defined thresholds for what looks like something that could be an indicator of problems to come or what is a legitimate problem that requires action and immediate action.

Breaching The Boardroom (07:35)
Excellent. Yeah, absolutely. So let's define some terms. They're growing their brands, right? When they when they hear the phrase NOC and SOC, I hear them, you know, use them interchangeably. They don't really understand it. And it's fine because that's not their field.

Scott Logan (07:58)
you

Breaching The Boardroom (08:05)
explain to us what is a NOC and then we can get into kind of what are the benefits of a small and mid-sized business leveraging a outsourced or contracted service that provides those NOC services.

Jesse Kuykendall (08:23)
It's interesting when you think about a NOC or SOC because I think just from a stereo tickable viewpoint, they're really one and the same in the sense that it's a room full of people likely behind computer screens with all sorts of graphs and widgets and other things that they're looking at. But to your point, what they're looking at and how they're responding are vastly different. And so for those that are in a NOC, I mean, what they are looking at is monitoring health points,

Bruce McDonald (08:48)
you

Jesse Kuykendall (08:52)
across hardware infrastructure, which could be a server, could be switch, could be virtual machines, containers, anything that's running something from, let's say a Windows or Linux based operating system, all the way to application monitoring where we may be monitoring for, is that application running? Is it actually processing authentication requests? Can it log into it? That's one of the things that...

I think I've discussed with clients before where there's two types of ways that we can monitor. And if you think about a patient in the ER, it's one thing to just yell inside the room and ask them if they're doing okay and hope they're going to yell back versus having all the oximeter and pulse meter and all the other tools that a medical professional would use to monitor the body. so it's...

Breaching The Boardroom (09:43)
all of the vital signs, right? All of the vital

signs.

Jesse Kuykendall (09:47)
Yeah,

and so I think a big difference too is just waiting for an alert to come in versus actually seeing the screen of positive results and health going on throughout the client's network to make sure that one, we are monitoring it, we're seeing good things and know that should it change, we're not in the dark on what those might be.

Breaching The Boardroom (10:10)
Absolutely. And then there's an element of not just reactive support there too. I would think that there's proactive things, meaning when something does come across as disk space getting full, something going off, like you're able to foresee future problems and then remediate that, fix that ahead of time. Sometimes in the middle of the night, sometimes while people are busy doing other things.

Jesse Kuykendall (10:39)
Absolutely. Yeah, and I would say that's one of the things that scripting and I guess more so recently automation have been able to help us with where you based on those predictive trends if we're able to look at the past three months and see to your example storage growth has steadily increased at you some sort of percent or an amount of data over a period of time and then we see something that's an anomaly a data spike or data growth over overnight.

We can also use that to understand that somebody dumped some data that maybe we weren't communicated to as a partner of the client. They are adding some sort of offsite application, maybe something new. And I think to your other point really, using those to trend and forecast for things that we might need in that case, we've seen this amount of data growth over the past six months based on how much free space we need. know that we're gonna need to buy either additional storage,

Scott Logan (11:29)
you

Jesse Kuykendall (11:37)
Or if we don't have the space for storage in, say, a SAN or some sort of storage appliance, we might have to buy a whole new appliance and then start to discuss what that could look like when we come to the point of making that technology transition. Maybe we don't want to keep with what is standard today, let's say a storage appliance, and talk about how we leverage public cloud repos, private cloud, or anything else that's an option to us.

Scott Logan (11:44)
you

Breaching The Boardroom (12:02)
That's fantastic. I've got to imagine that most SMB customers are just growing exponentially, most likely even more so than a lot of leadership would realize the amount of data everybody keeps. Right? Like it's just vast amounts. When you think of all of the data that we constantly are consuming and generating and

and receiving in and sending out, it's just got to be, it's just monumental growth.

Jesse Kuykendall (12:36)
It grows tremendously and especially with a lot of compliance driven clients, you know, we're required to store a certain amount of data. And so, you know, as our customer base grows, that could be a force multiplier on how much data we need to store, you know, particularly if we're housing client data, or even if it's just transactional records on how we're doing business with them. So not to mention that, you know, I think we have times where personal and professional lines blur, particularly when people work from home and

Breaching The Boardroom (12:56)
Yep.

Jesse Kuykendall (13:04)
And maybe you do have something that's either photos that are personal in nature or other media that's on at least a work PC that one, we need to control from a security perspective to ensure that we're segmenting those lines of what the organization can allow on the network and ensuring, think a little to your point, that we're not wasting company resources on storing data that's not serving the purpose of the business.

Breaching The Boardroom (13:34)
Absolutely. that network operation center monitoring management remediation that goes on 24 seconds technology really like the business may have open hours and closed hours and things like that. But their servers, their their public facing information, all that goes on 24 7 3 65.

Jesse Kuykendall (13:56)
It has to, yeah. Cause unfortunately, it seems that the problems are always going to happen when you're not looking. You know, the expression of watch pot never boils. That's one of the reasons why we ourselves started, you know, at least staying open on Christmas and other holidays where we don't want to walk in and find that the pots boiled over. And I know our clients certainly don't either. So again, that's, that's an area where automation always helps. You know, we can

Breaching The Boardroom (14:05)
Right.

Right. Absolutely.

Jesse Kuykendall (14:26)
take some action that we know is commonplace for, with the disk space analogy. Let's purge Windows updates that are no longer needed, clear out temp files, recycle bin. And so some of that can help, particularly at times where you're not staring directly at the oven.

Breaching The Boardroom (14:47)
Yep. That's excellent. And now mentioning the things that happen when people are least likely. I mean, that's a good segue over to the Security Operations Center because breaches tend to happen on Fourth of July and Christmas holidays and, you know, various Memorial Day weekends. It's like the threat actors know when people are not or least expecting it or least are.

Right?

Scott Logan (15:17)
Well, that's a natural play, right? The threat actors want to take advantage of systems when they're least monitored, least approached, IT is not in-house or not available. They want to take advantages of those lacks, those gaps, and try to be able to execute some level of interaction within those platforms. Security Operations Center has to be on scale 24-7, 365 as well, because they never sleep.

Breaching The Boardroom (15:20)
Yeah.

Right.

Yeah.

Scott Logan (15:46)
And the sun goes around the world. We don't know what time frame the attackers are coming from. So we have to be ready to be able to react to those threats.

Breaching The Boardroom (15:55)
Well, that's a good point. Bruce and I talk about this all the time, and that is what a lot of people don't realize is when you get online, they might be physically in Lexington, Kentucky, or they might be physically an hour outside of Wichita, and they are physically safe. They feel safe. They're in familiar environments. They know the people around them. But when they get online, they enter a global world, right, that doesn't have boundaries.

They're not all from the Midwest. They're not all American, right? Like we're entering their world and there are, you know, people for whatever reason that want to target people, right? And it's not even necessarily the individual small business that they even want to target, but it could be a whole host of reasons, right? It could be

they do business with a bigger target and they want to use you to leverage to get over there. Or you get swept up in some larger campaign that they're doing for extortion or ransomware or something like that. And your IP or your vulnerability just happens to be on some list that is sold on the dark web.

Bruce McDonald (17:10)
You're in

Scott Logan (17:10)
Yeah, most

of the tax are not targeted. They're, they're random, right? They're just throwing spiders out there and whoever answers the call gets the threat. So they're, they're, they're rarely targeted. I'm not saying there's not targeted attacks. There certainly are, but most of the tax and most of the SMB space fall victim to strip simply because somebody responded to something that was asking.

Bruce McDonald (17:10)
an industry.

Breaching The Boardroom (17:12)
Right. Yeah.

Yeah.

Yeah.

Yeah. Or it's a it's like a supply chain, right? Or the the vendor, meaning they've they've compromised a larger vendor or they're able to impersonate that vendor and they have the list that they're able to buy on the dark web of of every SMB that's using that vendor. And then they're going to go and try and socially engineer all of those SMBs in a large campaign. Right.

Jesse Kuykendall (17:56)
It's kind of like locking your front door. You know, you do it to keep people out. And so with some of these security vulnerabilities, you think about the ability to check a thousand doors at once to see who forgot to unlock it. know, Scott's point there, they're not always targeted and sometimes they're just looking for who forgot to lock the door or who's locked is prone to failure.

Breaching The Boardroom (18:10)
Right.

Absolutely. Yeah. Well, given that both of them

operate 24 seven, 365, and they have these highly skilled engineers operating in those systems, that to me is an obvious reason why most SMBs will outsource that. Because as a business owner, you've got an option of build or buy, right? And to build your own, you know,

Jesse Kuykendall (18:24)
you

Breaching The Boardroom (18:45)
enterprise of technology when that's not what your business is. Your business is building widgets, practicing medicine, right? And you want to focus on that. It really does make sense to leverage that scale and that expertise of MSPs and MSSP's like NetGain and others, right?

Scott Logan (19:05)
Absolutely, operating a SOC requires security professionals that are not just readily available. Absolutely, absolutely. If you're operating out of Knoxville, Tennessee, Cincinnati, Ohio, you may be able to find resources of that caliber to be able to utilize. If you're operating out of Southwest City, Missouri, they're hard to find. You're not going to be able to just round them up anytime you can get one. So operating and utilizing companies like NetGain,

Bruce McDonald (19:11)
Thank

Breaching The Boardroom (19:12)
No,

there's a huge shortage, in fact, in the United States, right?

Bruce McDonald (19:15)
Mm.

Breaching The Boardroom (19:28)
Right.

Bruce McDonald (19:31)
you

Scott Logan (19:35)
provide those services is really something that a business needs to leverage, if not for their compliance simply from their operational requirements.

Breaching The Boardroom (19:41)
Yeah.

Absolutely. And I would say the same thing or similar to a large degree for for network operations center services, because it's still a a time consuming, expensive task to build internally your entire network team and all of that. Like how are you going to as a business owner, how are you going to know how to manage that? Right. And why would you want to write? You want to focus on what you went to school for and what you are are trying to build your

your organization's brand into.

Jesse Kuykendall (20:15)
You don't want it to be a distraction from growth of your business. one, and you know, to Scott's point, you know, particularly for, for scare security, but certainly for NOC, you know, when, disaster strikes, you don't want somebody that doesn't know exactly what needs to happen. And particularly somebody that has, you know, a wealth of experience from seeing in such a variety of different types of issues, situations, client business, makeups, infrastructure, technology, makeups.

Breaching The Boardroom (20:18)
Right.

Jesse Kuykendall (20:45)
to be able to dive in head first with confidence to know how to handle that. So, you know, obviously there's that cost and, you know, these tools aren't cheap, you know, even just from administrative overhead training, understanding how to get the best out of a product, figuring out what product to use. But, you know, some of these tools from a monitoring standpoint can cost upwards of $10 per endpoint. And so, you know, on top of managing, configuring those,

Breaching The Boardroom (21:10)
Right, which gets expensive for each one.

Jesse Kuykendall (21:13)
Yeah, there's a lot of product costs. so, you know, as a provider with lots of clients, that does allow us to negotiate some further discounts, which then we're able to transition to our customers. So, because ultimately it's the service we want to be able to provide to them more than anything else.

Scott Logan (21:33)
Since the COVID era, lot of businesses have shifted their architectural footprint. They're no longer on-site, on-premise IT. They're transitioning off to the cloud. Having somebody that can support both sides of the house, whether that you've already transitioned or you're in the process of transition and migrating to the cloud, you need somebody that is certified and aware of how to operate within either of those platforms, if not both, in a hybrid approach.

Bruce McDonald (21:33)
to that.

Breaching The Boardroom (21:38)
Right.

Absolutely.

Bruce McDonald (22:06)
So tying all this in for the client. Recently, I had a chance to sit with one of Scott's lead engineers and one of Jesse's lead engineers with a client and do a tabletop exercise. It was a healthcare client, assisted living type facility. And the tabletop exercise was an off hours, like Friday night when everybody's doing something more fun, tornado.

Breaching The Boardroom (22:31)
Yeah.

Bruce McDonald (22:34)
What was really interesting to me is, you know, if they didn't have the tools that we have in the NOC and in the SOC to make sure that their technology was ready for them when they needed it. So we're monitoring that stuff 24 seven. So while there's a tornado, you know, we are, you know, maybe observing the carriers are down and come back up or whatever, but we're working that.

while they're nailing up blankets over glass to protect the residents.

Breaching The Boardroom (23:08)
Excellent point, right? Like they're dealing with the physical reality. We're dealing with the world facing and the internal digital reality.

Bruce McDonald (23:16)
And that's an excellent argument for outsourcing to an MSP, MSSP like us, because if they do that, then the IT guy isn't nailing up blankets, or the IT lady isn't nailing up blankets with the other employees, right? So then you end up having the IT is always available. You know, that's our whole purpose of the 24-7 operation of both the NOC and the SOC. And so...

Breaching The Boardroom (23:26)
Right.

Bruce McDonald (23:44)
While Scott's team is making sure that none of their environment is infected or breached, Jesse's team is making sure that it's available to them after they get all the windows covered and do all the things. They had a whole list. It was amazing to listen to. Then they go and they grab that toolbox that is technology and say, okay, now I need to put these patient meds into the system on the network. that has to be, the system has to be there, the network has to be there.

so that the patient meds are recorded in real time in case they have to send a patient. Well, and if they have to send a resident to admit in the hospital, they have to transfer those records through, they have to print them and transfer them through technology, know, digitally. So all that has to be available if they get into a situation where they do have to like exfiltrate residents to hospitals and things. They have to send it right, they go on.

Breaching The Boardroom (24:17)
Administer, yeah.

Yeah. Yeah, that's a great

real real life example. I appreciate that. That's good. So the engineers that are inside the SOC and the NOC, there's different kind of career skill sets that each one has. Right. Like there's a whole host of certifications. There's obviously undergraduate degrees. Some do some don't. But the point is, is generally there's a knowledge base and a skill base in these certifications.

Bruce McDonald (24:43)
Yeah.

Breaching The Boardroom (25:08)
And, and like they're, they're kind of different, aren't they? Like, can, can you guys kind of explain, you know, some of the, mean, we don't, I'm not talking about the specific certification names or types, but generally some of the skill sets that get developed for each one, because as I understand it as, as not an engineer, the tool sets that are being used, and even though you might sometimes be

looking at the same technology, you're looking at it for different reasons. So are we looking at different aspects of it? Right. So can you guys walk us through that?

Jesse Kuykendall (25:47)
I think for us, what we've always found as a well-rounded engineer is a great base to start, but you're exactly right. mean, from there, typically somebody finds their niche, an area they want to grow, something they just enjoy more. And so, you know, for somebody that's operating out of the NOC, they're definitely focused more on, you know, infrastructure management. You know, I think data, data management.

storage pooling, just networking concepts, dynamic networking concepts, how do we route via OSPF, BGP, understanding the specifics of how a packet of data moves from point A to point B so that when we do have a problem, we can dig into the weeds and understand where that issue is, if it's hardware level, somewhere on, yeah.

the entire OSI model as we use in troubleshooting to see where is the problem. And so on the security side, Scott, you can speak more to it, but we're thinking about forensics. There is a lot of log review and that is dense information to be able to pars through and ultimately find Waldo, so to speak. I think being able to develop an eye for that, it takes years.

Breaching The Boardroom (27:09)
Yep.

Jesse Kuykendall (27:14)
to be able to understand one vendor specific information, tools that maybe we're using to aggregate those logs and then constant refinement of what we expect to see because the other side of that coin is we don't want to be alerted just when we burn a little bit of bacon in the oven. So those false positives can be noise that actually distract us from real problems, particularly from the SOC side.

On the security side, it's a lot of forensics, it's understanding policy, it's understanding the controls that are needed, whether that's perimeter security, endpoint security, and then also how those integrate together because security ultimately needs to come in a fabric and in layers.

Scott Logan (28:01)
Yeah, the analytics that's required to be able to diagnose a issue or a threat in an infrastructure requires a great understanding about how security applies to the organization. Jesse made the point earlier about a patient in the hospital, how, you know, the, the NOC is looking at its heartbeat. He's looking at its blood pressure. He's looking at key points of keeping that patient alive. Security is more about why that patient has a fever.

Breaching The Boardroom (28:24)
Thank

Scott Logan (28:32)
or why the pain is occurring here. It's more diagnosis of it than it is the actual issue itself. And security is a interesting platform in that effort. And I think that's why it's really drawn a great deal of interest in college studies in towards security. It's because of the detail of forensics, the detail of defining, capturing the flag, if you will, of a threat.

That is a challenge and a lot of fun for those that are working in that platform to try to make that diagnosis and make that understanding of why that patient has a fever. It's kind of interesting.

Breaching The Boardroom (29:13)
Yeah, absolutely. I mean, to me, it's always that that threat hunting for anomalies, right? Like, I always think of, you know, there are things that otherwise are innocent, like behavior that otherwise are innocent. But in this context, it's an anomaly. Like in this context, it's not right. And you can you can then decipher and figure out that behavior is wrong. Something's going on. Right. And so it's it's really

kind of digital crime fighting the way I look at it. And the NOC is like the digital Superman that is keeping everything going, right? Like that is saving the day. So let me ask this. Let's say, because I want to address, before we wrap up, I want to address how the two work together. Because small mid-size organizations

need both of them, right? Whether you build it or whether you buy it, if you're using technology today, clearly an organization needs both because security is going to help you reduce the risk of getting otherwise interrupted while you're building your growth and your brand. And the Network Operations Center is going to allow you to grow and it's going to allow you to maximize and leverage those advances in technology. when

Like walk us through how you guys work together. In my mind, I always think of should there be bad behavior found, right? Exfiltrated data, an anomaly, somebody's moving laterally from one account to another, they're moving, you know, they're trying to escalate privileges and get up so that way they could ultimately launch a ransomware attack on everything, something like that. But then you need to go back to the NOC, right, to actually

take the action sometimes. I mean, there are certain security tools that will take the action, but it depends on what it is clearly, but they both work hand in hand together, don't they? Yeah.

Scott Logan (31:17)
In most cases, right? And so

in most security definitions of threat, it usually is corresponding to either a vulnerability that already exists within it or an active threat that's currently happening on it. In either case, we would leverage the NOC to say, can you guys patch this instance? Can you guys change this configuration? Can you do something physically to the infrastructure to reduce the threat?

Bruce McDonald (31:30)
you

Breaching The Boardroom (31:38)
Right.

Scott Logan (31:47)
that's currently leveraged against the client. That's how we work together. The NOC has direct influence hands-on into the infrastructure. They can make change. Security is more about the analytics of what's happening within the infrastructure from a security perspective, from a threat perspective, and we leverage the NOC. Once again, they're our hands-on to the infrastructure.

Breaching The Boardroom (31:55)
Right.

Right.

Jesse Kuykendall (32:12)
Yeah, mean those two have to marry well. And I think to Scott's point, know, in your example, you know, in those situations, there has to be a conversation about what we're seeing. Let's say that there is, you know, something that's on the network traversing, moving laterally. It's, you know, hey, what IP space or areas that moving in the network, can we isolate it to that?

shut down a particular area so that it can't go further, maybe infect our more critical assets, assuming we don't already have controls in place limiting that. And then from the security side, it's what are we seeing? What indicators of compromise are there that maybe give us an answer, at least a pointer, to where this even got to the network to start with? Maybe that's patient zero, maybe that was vulnerability on a particular perimeter endpoint, maybe it was a threat actor that

you know, somehow got something inside the network. And so, you know, part of that is identification from the SOC side and I think mitigation or I guess it's really control to limit, you know, how far something could continue to move. Ultimately trying to lock it in the bathroom so it's stuck there until we can finally purge it.

Breaching The Boardroom (33:28)
Exactly.

Scott Logan (33:29)
Yeah,

the NOC is making us aware of something. Maybe the network traffic has diminished or the circuit is no longer performing at the level that it used to perform at. They could leverage the security team to say why, what is happening at the firewall that is causing this? Where is it coming from? Where is it going to? And we can give that information, but we may not have initially found that unless the NOC told us that, Hey, we're seeing a diminished.

Bruce McDonald (33:30)
and something.

Breaching The Boardroom (33:45)
Right.

Right.

Scott Logan (33:59)
performance measurement within their network. Can you tell us why? And that's how we can marry together. So not only are we telling them information where they can put their hands on and correct it, but they can also leverage us to say, Why is this happening on the network?

Breaching The Boardroom (34:13)
Well, and that gets to your point, Jesse, about the importance of having a well-rounded network operations center engineer, right? Because they're also thinking about potential security. They're thinking about all of the things and they realize somebody needs to look at this. They communicate with the SOC, right? Because they have that sense of we need to understand a little bit more here, right? As opposed to something more innocuous and their experience and their training will give them.

That's phenomenal. Yeah, go ahead, Bruce.

Bruce McDonald (34:45)
And something

that all of these tools provide, all these tools that these engineers and both of these teams are using, they also provide reporting, those tools do, those monitoring tools. And then that's something that we can present to the client from our team to show them the work that's being done to safeguard their network, their servers, their computers, their users.

and also to ensure that they have their working toolbox to do whatever it is that they do. And that reporting can be invaluable. Some of it's required by their compliancy and we meet those needs for them and everything because we're a SOC 2 shop and all of that. we also, one of the things that I was going say earlier is it's amazing to me to watch these two teams when we get that panic phone call from an SMB

that isn't a client and says, know, hey, all the files on my desktop are a blank little white icon that I don't know what it is and I can't open anything.

Breaching The Boardroom (35:57)
And they want you to

download a talks channel and negotiate with a ransomware gang that's very good at their job. Right. That's not fun.

Bruce McDonald (36:01)
Yeah. Right. Right. So, so

we actually get clients out of that process, you know, a few of them. So they'll, they'll reach out because they've, they've, they've got behavior that they can identify is not right. And then to watch Scott and Jesse's teams, you know, work that either on a, for hire basis or turn around and, and

Breaching The Boardroom (36:10)
Yeah.

Bruce McDonald (36:30)
on-board them as a client, right? And our on-boarding process puts all these tools in place for these two sets of engineers to use to make sure the client's environment is safeguarded and available to them. Because that's what it's really about, right? Is availability of the environment. You know, if I'm a car dealership, I care about talking to a person who might buy a car.

And everything else I do is to get that signature on that car, right? And so the computer is just something they use to get to their software as a service or whatever is that they're using. And it has to be available at all times.

Breaching The Boardroom (37:11)
Right.

Well,

in the role, I know that we're wrapping up and we're winding down, but the role that you mentioned about translating what these two entities do for an organization in that client success role is really important, right? Because the businesses don't care necessarily what the NOC does or what the SOC does. They care about what impact it has on them. They care about what they care about, right? And they care about

the business that they're growing and the mitigating the risks that they have and understanding them. Right. And the way that net gain and all of your roles are in the translating of that into the business impact, it's absolutely outstanding. Like it's really, really impactful. Like, you know, it's not about the bits and bytes, but it's about the what does this mean in reality for us? Right. And

Jesse Kuykendall (37:59)
Okay.

Bruce McDonald (38:06)
Yes.

To go back to

Jesse's analogy of the patient in the hospital, know, the medical team has taken these diagnostics and has a chart of these diagnostics and Scott's team, you know, has done the research to find out what's caused the ailment. And then what we do in our team is we can present that to the client on a periodic business review.

and say, know, hey, these are the things that are going on in your environment. These are the things that we suggest your lead engineers have looked into. we think, you know, whether it's computers or hardware that's going into life and you need to replace it because it's going to become vulnerable in Scott's world because it can't be patched anymore, you know, or maybe it's you don't have the right network and.

and Jesse's team has identified a way to make your network behave better for you. And we can suggest some things to help you implement with our project team.

Breaching The Boardroom (39:12)
Right.

Well, fantastic. Well, I want to thank everybody for attending. Guys, thank you so much for the insight and I hope that the listeners and the viewers understand a little better now the difference between the SOC and the NOC and how they both interrelate and the benefits to engaging in these services to help organizations grow and grow without interruption because that's really our whole goal. So thank you, everybody.

Jesse Kuykendall (39:48)
Absolutely.

Breaching The Boardroom (39:49)
and we'll see you everybody again soon. Thanks.

Scott Logan (39:53)
Thank you.

Bruce McDonald (39:54)
I'm saving.