What a SOC Manager Wishes Every Customer Knew with Angie Broadwater - Ep 2

"If you can't reach us, it doesn't mean we're ignoring you. It might mean all hands are on deck for a major incident. And honestly? If it were your company we were fighting for, you'd want every one of us on that call." Who They Brought In Angie Broadwater is SOCSoter's SOC Manager, and she got here the hard way. A career in the spa industry, a pandemic, a husband who has been in cybersecurity since age 16, and a decision to go back to school at West Virginia University for her MBA while simultaneously earning three cybersecurity certifications including the CEH. She came in as a SOC analyst and operational admin. Two and a half years later, she runs the team. She also participated in the NATO Locked Shields exercise alongside the Department of Defense, CISA, and the National Guard. Not your typical career path. That's the point. What Got Loud Ticket volume swings from hundreds to thousands depending on the day, and Angie is still in the queue herself Bad actors are now using Axios user agents for bot activity and scripting, and when the SOC sees it, it is 99.9% always malicious Free personal VPNs are not protecting your company. They share infrastructure with the same threat actors trying to get in AI is being positioned in the industry as a tier one SOC analyst. Angie has thoughts on that. If your admin password is "admin," this episode is specifically for you Compliance and security are not the same thing, and checking the box is not the same as being protected The Rundown Angie didn't come up through a traditional IT pipeline, and she makes no apologies for it. The skills she built in the spa industry translated more than people might expect: managing operations, staying calm under pressure, handling a lot of moving pieces at once. When COVID shut everything down, she made a decision. Get the MBA, get the certifications, get into cybersecurity. Three certs later, including passing the Certified Ethical Hacker on her first attempt with great scores, she landed at SOCSoter and has not slowed down since. The day-to-day inside a 24/7 SOC is not what most people picture. Angie describes it as looking for a needle in a haystack where there might not even be a needle. The team handles hundreds to thousands of tickets on any given day across priority, general, maintenance, and help queues. Patch Tuesday means more volume. Weekends mean maintenance windows. And through all of it, Angie is still in the queue herself, still running vulnerability scans, still fielding calls. The SOC manager who stays in the work is a different kind of manager. Two things Angie flagged that every MSP and IT team should hear. First, on VPNs: free personal VPNs share IP infrastructure with known malicious actors. The SOC catches logins coming from IPs flagged for malicious activity thousands of times over, and those same IPs belong to the free VPN pools your users think are protecting them. The data being transmitted through those VPNs, including usernames and passwords, can be intercepted. Business VPNs cost more. The breach they prevent costs more than that. Second, on speed: when a bad actor gets into a cloud environment, they are not browsing around. They are running automated scripts that can read hundreds of emails, exfiltrate files, and set up persistence in under ten minutes. Every minute SOCSoter cannot reach someone to authorize a block is another minute of access. Give the SOC the permissions it needs to act fast. Angie closed with practical recommendations that sound simple and still get skipped constantly. Patch and actually remediate vulnerabilities, not just scan for them. Run phishing training because even security professionals get fooled now. Back up your data offsite, not just locally and not just with snapshots. Change default admin credentials. And communicate with your SOC when anything in your environment changes, because the team is not clairvoyant. Real Talk Compliance checks boxes. Security protects your business. Angie knows the difference because she lives in both worlds every day. The controls that feel pointless often matter more than the ones that feel obvious, and the ones that feel obvious, like not using "admin" as your admin password, still need to be said out loud apparently. Work with your SOC like a partner, not a vendor. The ones who call the most are usually the ones who care the most. Catch It Listen to the full episode on Apple Podcasts, Spotify, or wherever you get your podcasts. If you want to know whether your security setup would pass the Angie test, let's find out together. Visit socsoter.com.