Content, Security Staff Acquisition & Development, SOC

Most MSPs Can’t Afford to Build Security Operations Centers (SOCs)

Share
Credit: Pixabay

You know the story. Thousands of VARs and MSPs are looking to augment their basic endpoint management capabilities with true managed security services. But as TruMethods CEO Gary Pica will tell you: Success in any managed services market requires you to solve a math problem. And frankly, the financial math is particularly challenging for MSPs that want to build dedicated security operations centers (SOCs).

Let's say, for instance, you want to be the only MSP in your neighborhood with a full-blown SOC. You want it staffed 24x7 to monitor and remediate cybersecurity issues before they have a chance to run wild. It's a heck of a vision -- until you start crunching the numbers.

Let's start with staffing your SOC for a single day.

  • You'll have three shifts of employees, and each shift will work eight ours.
  • You'll have three analysts on the first shift (say, the prime support hours).
  • Plus two analysts on the second shift and two analysts on the third shift.

Security Operations Center: Basic Year-Round Staff Costs

So far, that's seven analysts for your SOC during a 24-hour window. But here's where the math gets painful.

  • Those seven analysts are working 8 hours each, and that equals 56 hrs. of daily labor.
  • But a full year of coverage (365 days x 56 hrs) = 20,440 hours (let's round to 20,000 for the sake of simplicity)
  • The typical person works 2,000 hours annually
  • The bottom Line? You'll need at least 10 analysts to run a 20,000 hour SOC on an annual basis.

The source for all that information, by the way, is Rafeeq Rehman, a consultant, author and researcher in the cybersecurity market.

Let's not forget: You'll also need somebody to lead the SOC team. A chief information security officer (CISO), perhaps? Sounds awesome -- especially if you're seeking MSSP credibility with customers. But be careful of the titles you throw around. The typical CISO makes at least $200,000 in many of the major U.S. metropolitan markets, with some areas averaging up to $240,000, according to SilverBull.

Solving the Cybersecurity Talent Shortage

Even if you can afford to recruit, hire and train all that talent -- can you really find that talent? After all, the cybersecurity talent shortage will grow to 3.5 million professionals in 2021, according to Cybersecurity Ventures. And by the way, we haven't even mention the cost for all the cybersecurity technology your home-grown SOC will require.

With all those variables in mind, I suspect most traditional MSPs will embark on a multi-partner MSSP and/or SOC strategy. Most MSPs will:

  • Offer basic managed security services such as patch management and next-generation anti-virus services.
  • Those MSPs will seek out full-blown MSSPs as partners that sprung from the traditional IT services market. Here, names like Carvir (acquired by Continuum in 2018) and Infogressive come to mind.
  • Some of the MSPs will seek out vertical vertical market partners. MSSPs like N-Dimension Solutions, for instance, safeguard the U.S. electric grid.
  • In their quest to find third-party SOCs, those MSPs will reach out to IT distributors and NOC providers that have extended into the SOC sector.

The MSSP, Security Operations Center Inflection Point

Today's MSSP market reminds me of the cloud services market around 2010. At the time, many VARs and MSPs weighed a build-vs.-partner strategy for public cloud services. Some of those companies wasted hundreds of thousands of dollars -- perhaps millions -- building out private cloud infrastructure. The wiser option, in most cases, involved embracing public cloud services. After all, you can't fight Moore's law -- increasing performance, falling prices -- in the cloud age.

History is set to repeat itself in the cybersecurity market. Quite a few MSPs will waste time and money trying to build everything on their own. Instead there's a wiser path forward: Partner first, learn from those mistakes, then decide just how much you want to invest in this market.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.