Zane Jarvis - Flattening the SOC: Re-thinking Tiered Operations to Improve Outcomes

Traditional Security Operations Centres (SOCs) are commonly structured around rigid tiered models (Level 1–3), optimised for ticket throughput rather than security outcomes. While widely adopted, this approach often introduces friction: alert fatigue at the lowest tiers, slow escalation paths, inconsistent decision-making, and high analyst attrition driven by repetitive, low-context work. This session presents a practical case study of restructuring a SOC to remove traditional tiers and instead empower the most senior analysts to directly drive alert triage and operational decision-making. By flattening the operational model, the SOC shifted from an escalation-driven workflow to one focused on rapid context-rich analysis, ownership of outcomes, and deliberate use of automation to support—not replace—human judgement. This session is aimed at SOC leaders, security managers, and senior analysts looking to modernise operations, improve outcomes, and build sustainable teams in an increasingly complex threat landscape.