Build A Security Operations Center Planning Guide and Calculator

DIY SOC Calculator

DIY SOC Calculator

This is a calculator I have created for estimating the cost of building an in-house Security Operations Center. The cost is based on common best practices and research from several leaders in the industry. Though the costs are not universal for every country, region and territory it should give you an idea. Please use this calculator as you see fit but I accept no responsibility for any way that any user uses the calculator. Use at your own risk.

Common Discovery Questions

This section will begin the process of filling out the common discovery and will register you to the site so that you can log in later if you can't complete the calculator all at once.
Company Size
Name
Name
First
Last

Maximum file size: 104.86MB

Common Technical Discovery Questions (Environment Survey)

Do you currently have a SOC of any type you are utilizing for your organization?
Do you deploy a common security infrastructure base on a single vendor or multiple vendors?
Which vendors are you using in your security stack? (Choose all that apply)
Is your organization a cloud adopter?
Is yes, how do you use the cloud in your environment?
Which Cloud vendors are using or are likely to use?
How does your organization handle their email requirements?
If in the cloud?
If on-premise?
What do you use for email security?
Do you use containerization?
Which Variant of containerization do you use?
What do you use for containerization security?
Do you virtualize applications in your organization?
Which App Virtualization solution do you use?
How do you deploy servers for workloads in the organization?
Which vendor do you use for virtualization of servers?
Which server hardware do you use?
How are your firewalls deployed?
What is the total GB of throughput per firewall type?
What core features are running on the firewalls?
What types of networking are in your environment?
What routing protocols are you running?
Are you using Layer 3 switching protocols?
What types of access are at core/datacenter sites?
What types of access are at branch officesites?
What types of access are at mid-sized sites?
Are you using any of these advanced security solutions?
Which desktop operating systems to you use?
Which server operating systems to you use?

People

Security Analyst 1
Security Analyst 2
Security Analyst 3 | Threat Hunter
Security Engineer
Security Architect
Manager/Director of Security Team
Chief Information Security Officer (CISO)
Chief Information Officer (CIO)
$People Cost
This is an estimation of the cost of the People required for the foundation of a Security Operations Center. There are always discounts and contract vehicles to lessen the cost based on deals, discounts and specials offered by the vendor of the solution.

Process

SOC2 Type 2 Audit
PCI-DSS Self Assessment Questionnaire
PCI-DSS Audit
NIST CSF
CIS Controls
ISO 27001
ISO 27002
COBIT
HITRUST
Cloud Control Matrix
CMMC 2.0
CJIS Compliance Pre-Audit Audit
Quarterly Vulnerability Scans
Quarterly Pentest
$Bi-anually
$assessment
$per audit
$implementation
$implementation
$implementation
$implementation
$implementation
$implementation
$implementation
$implementation
$per audit
$yearly cost
$yearly cost
$Process Cost
This is an estimation of the cost of the Process required for the foundation of a Security Operations Center. There are always discounts and contract vehicles to lessen the cost based on deals, discounts and specials offered by the vendor of the solution.

Technology

devices and endpoints
integrations
log sources
users
Security Information and Event Management (SIEM)
Security Orchestration and Automated Response (SOAR)
Log Management
User and Entity Behavior Analysis (UEBA)
$per month
$per month
$per month
$per month
$per year
$per year
$per year
$per year
$per seat
$per seat
$per source
$per user
$per seat
$per integration
$per log source
$per user analyzed
$one time
$one time
$one time
$one time
$SIEM cost
$SOAR cost
$LM cost
$UEBA cost
$First Year Build
This is an estimation of the cost of the Technology required for the foundation of a Security Operations Center. There are always discounts and contract vehicles to lessen the cost based on deals, discounts and specials offered by the vendor of the solution.

Threat Intelligence

IBM X-Force Threat Intelligence
Recorded Future Intelligence Platform
Cyware Threat Intelligence Platform
Cisco Talos
AT&T AlienVault Open Threat Exchange
Palo Alto Networks Cortex
Mandiant Threat Intelligence
CrowdStrike Falcon X
ManageEngine Log360
Anomali Threat Stream
Other CTI provider
$per year
$per year
$per year
$per year
$per year
$per year
$per year
$per year
$per year
$per year
$per year
$per year
This is an estimation of the cost of the CTI required for the foundation of a Security Operations Center. There are always discounts and contract vehicles to lessen the cost based on deals, discounts and specials offered by the vendor of the solution.

The Final Assessment

These results are not intended to be a quarantee of pricing from any vendor mentioned in this calculator. It is a rudimentary estimation of the cost of a Do It Yourself Security Operation Center (DIYSOC). If you would like changes made to the calculator please reach out via the contact me page and I will be glad to look into the request.
$per year
$per year
$per year
$per year
$Total Cost