The Role of a Security Operations Center (SOC)

A Security Operations Center (SOC) is where an organisation monitors, detects, and responds to security events 24/7. As part of my course, I got to visit two live SOCs in Dublin—ReliaQuest and State Street—and it gave me a clear picture of what the role really looks like on the ground.

What a SOC does

The SOC is the central place for security monitoring and incident response. Teams watch networks, endpoints, and logs for signs of attacks or misuse, triage alerts, investigate incidents, and work with the rest of the business to contain and fix issues. They also help improve detection and processes over time. It’s a mix of technology (SIEM, EDR, threat intel) and people following playbooks and communicating under pressure.

Visiting ReliaQuest and State Street in Dublin

On class trips we went to ReliaQuest and State Street in their Dublin offices. Both runs live SOCs—real operations, not just demos.

ReliaQuest – We saw how they run security operations for multiple clients. The focus was on how they use their platform and processes to handle a high volume of alerts and keep visibility across different environments. It highlighted how a managed SOC scales and how analysts prioritise and escalate.

State Street – In the financial sector, the bar for security and compliance is high. We saw how a global institution runs its SOC in Dublin: shift patterns, escalation paths, and how the team works with the rest of the business. The regulatory and risk context made it clear why clear procedures and documentation matter.

What I learned about going into a live SOC

• It’s 24/7 – SOCs run in shifts. Seeing the floor and the boards made it real: someone is always watching, and handovers between shifts are critical.
• Alert fatigue is real – There are a lot of alerts. The difference between a noisy SOC and an effective one is tuning, playbooks, and knowing what to prioritise. Both visits emphasised filtering noise and focusing on what matters.
• Teamwork and communication – Incidents aren’t solved by one person. We saw how analysts work together, escalate to seniors or other teams, and coordinate with IT or the business. Communication and clear roles matter as much as the tools.
• Tools and processes together – SIEMs, EDR, and threat intel are only as good as the processes and people around them. Both sites showed that the SOC’s value comes from how people use the tech, not from the tech alone.
• From study to the floor – The visits connected what we learn in class (threat models, log analysis, incident response) to a real environment. It made the “SOC analyst” role concrete: timelines, shift work, and the need to keep learning as threats and tools change.

Why it matters for someone getting into security

If you’re studying cybersecurity or aiming for a SOC role, visiting a live SOC—even once—helps a lot. You see the pace, the screens, the runbooks, and the collaboration. You get a sense of what “monitoring” and “incident response” mean in practice. Trips like the ones to ReliaQuest and State Street in Dublin are a great way to bridge the gap between theory and the day-to-day reality of working in a SOC.