Disclaimer: The following story is entirely fictional. Before we embark on this rollercoaster ride of hypothetical incompetence, let me assure you that any resemblance to actual persons, living or dead, or actual events is purely coincidental. Really. I mean it. Now, if by some strange twist of fate you do find yourself identifying a little too closely with any of the characters or situations described here, I have only one piece of advice: perhaps it’s time for a bit of soul-searching.

Our story begins in September 2021, when the world was still grappling with the aftermath of the COVID-19 pandemic. In a gleaming office tower on the outskirts of Rome, a newly appointed Chief Information Security Officer (let’s call him Mr. Bluff) had just taken the reins of cybersecurity at a major telecommunications company we’ll affectionately dub “GiantTelco.”

Mr. Bluff, fresh-faced and eager to make his mark, was reviewing the company’s security posture when he made a startling discovery. To comply with the myriad Italian and European regulations governing critical infrastructure security, GiantTelco needed something it didn’t have: a fully operational Security Operations Center (SOC).

Now, don’t get me wrong. GiantTelco wasn’t exactly running its network security on hopes and prayers. They had a competent security team that kept the digital wheels turning. But a SOC? That was a whole different ballgame. It meant 24/7 monitoring, incident response capabilities, threat intelligence, and a laundry list of other fancy-sounding cybersecurity buzzwords that make executives nod approvingly without really understanding what they mean.

As if summoned by Mr. Bluff’s rising panic, the CTO materialized in his office with an ultimatum: “We need a SOC up and running by the end of the year. Make it happen.”

Make it happen? In three months? During a global pandemic? Mr. Bluff’s mind raced. He could almost hear the ominous ticking of a doomsday clock in his head. That’s when he decided to call in the cavalry—or in this case, the consulting company where yours truly was working at the time.

The great SOC rush

When Mr. Bluff reached out to us, you could practically hear the desperation crackling through the phone lines. “Help me,” he pleaded, “I need to implement a full SOC infrastructure—SIEM, SOAR, incident management plans, the works—and I need a small army of consultants to staff it.”

Now, I’ve seen some tight deadlines in my day, but this? This was the cybersecurity equivalent of trying to build the pyramids over a long weekend. But hey, who doesn’t love a challenge?

So, we rolled up our sleeves and got to work. And let me tell you, dear readers, it was a Herculean effort. We were implementing complex systems, designing workflows, and training analysts—all while working remotely due to pandemic restrictions. It was like trying to conduct an orchestra where all the musicians were playing from different countries, connected only by the tenuous threads of video calls and instant messaging.

But against all odds, by early December, we had done it. The SOC was operational, humming along like a well-oiled machine. We had assembled a crack team of cybersecurity professionals:

  1. A group of level-one analysts, eyes glued to their screens, monitoring security events with the intensity of birdwatchers hoping to spot a rare species.
  2. A team of level-two analysts, diving deep into suspicious activities, maintaining our monitoring systems, and occasionally emerging from their digital spelunking to mumble something about “anomalous behavior patterns.”
  3. An Incident Response team, always ready to spring into action faster than you can say “potential data breach.”
  4. A small but mighty Digital Forensics team, piecing together digital evidence like cyber detectives.
  5. And last but not least, a Threat Intelligence team, scanning the dark horizons of the internet for emerging threats.

It was beautiful. It was efficient. It was entirely virtual.

And therein lay the problem.

The empty theater

You see, dear readers, in his initial panic, Mr. Bluff had managed to secure a sizable budget for this SOC project. A significant chunk of this budget had gone into creating what can only be described as the Taj Mahal of SOCs—a state-of-the-art “control room” that would make even the most hardened cybersecurity professional weak at the knees.

Picture this: an entire floor of a modern office building, transformed into a vast open-plan space. Rows of high-tech workstations, each equipped with curved monitors that made you feel like you were piloting a spaceship. Ergonomic chairs that probably cost more than my first car. And the pièce de résistance—massive wall displays designed to project real-time SIEM dashboards, turning the entire room into a cathedral of cybersecurity monitoring.

It was impressive. It was expensive. And due to the ongoing pandemic restrictions, it was completely empty.

image

Now, in a rational world, this wouldn’t be a problem. After all, the SOC was fully functional, staffed by a distributed team of experts working efficiently from various locations across Italy (and even a few from Prague). The empty physical space was just a sign of the times, a temporary situation until it was safe for everyone to work in close proximity again.

But the corporate world, dear readers, is not always a rational one.

The CEO’s visit

One fateful morning, my phone rang. It was Mr. Bluff, and he sounded like he had just seen a ghost.

“The CEO is coming to visit the SOC next week,” he said, his voice a mix of panic and desperation.

“Oh,” I replied, not quite grasping the problem. “That’s a shame we’re all working remotely. It would have been nice to meet him.”

“That’s exactly the problem!” Mr. Bluff exclaimed. “After all we’ve spent on this control center, I can’t present an empty room to the CEO! Can’t you all come to the office that day?”

I tried to explain the logistical nightmare this would entail. Our team was spread across Milan, Turin, Naples, and Prague. The travel expenses alone would be astronomical, not to mention the potential health risks of gathering everyone in one place during a pandemic.

“We don’t have any budget left for that,” Mr. Bluff said, deflating my suggestion before I could even fully articulate it.

“Well,” I ventured, “we could always be honest with the CEO and explain the situation.”

There was a pause on the other end of the line, the kind of pause that makes you wonder if the call has dropped. Then, Mr. Bluff spoke again, his voice taking on a conspiratorial tone that made me instantly nervous.

“Tell me,” he said, “for someone who has never worked in IT or cybersecurity, how hard would it be to tell if someone is actually working or just pretending?”

I felt a sinking feeling in my stomach. “About as hard as it is for a non-musician to tell if an actor in a movie is really playing an instrument or just faking it,” I replied cautiously.

“Perfect!” Mr. Bluff exclaimed, his enthusiasm doing nothing to alleviate my growing sense of dread. “The CEO of GiantTelco has always worked for cosmetics companies. He wouldn’t know a SIEM from a hole in the ground. We can easily fool him!”

“What exactly do you mean by ‘fool him’?” I asked, although I was starting to get a pretty good idea.

“Let me make a few calls,” Mr. Bluff said, ignoring my question. “I’ll get back to you.”

The line went dead, leaving me staring at my phone in disbelief, wondering if I had just become an unwitting accomplice in what was shaping up to be the cybersecurity equivalent of a Potemkin village.

The great pretender

The following week, the CEO of GiantTelco strode into the SOC control room, flanked by Mr. Bluff, who was doing his best to appear calm and collected. The CEO’s eyes widened as he took in the sight before him: at least 20 people hunched over their futuristic workstations, fingers flying over keyboards, eyes darting between multiple screens filled with graphs, numbers, and what appeared to be very important and technical-looking command-line interfaces.

Now, at this point, you might be wondering: who were these dedicated cybersecurity professionals, working so diligently in a room that had been empty just days before?

Dear reader, prepare yourself. For the “analysts” populating the SOC that day were none other than… the building’s security guards.

Yes, you read that correctly. Mr. Bluff, in a move that would make any Hollywood director proud, had enlisted the help of the physical security team. These stalwart guardians of the lobby had traded in their uniforms for business casual attire and were now playing the role of elite cyber defenders.

But the deception didn’t stop there. Oh no. Mr. Bluff had gone all out in his quest for verisimilitude. The screens in front of our improvised analysts were a carefully orchestrated mix of genuine SIEM dashboards (which, thankfully, required no interaction) and—I kid you not—a website called hackertyper.net, which simulates “hacking” by generating random code on the screen with each keystroke.

As the CEO made his way through the room, nodding approvingly at the hive of apparent activity, I couldn’t help but marvel at the absurdity of the situation. Here we were, in a multi-million euro facility, with state-of-the-art equipment, engaged in what can only be described as an elaborate game of cybersecurity make-believe.

The guards, to their credit, played their parts admirably. They squinted at screens with furrowed brows, muttered technical-sounding gibberish to each other, and occasionally pointed at random blips on the giant wall displays with grave expressions.

After a brief tour and a coffee with Mr. Bluff, the CEO left, clearly impressed by the modern, bustling SOC he had just witnessed. As he walked away, I overheard him commenting on how fit all the analysts looked—apparently, all that time spent monitoring networks is great for the physique.

The aftermath

As the elevator doors closed behind the CEO, there was a collective exhale in the room. The “analysts” slumped in their ergonomic chairs, some of them flexing their fingers after their unexpected foray into fake typing. Mr. Bluff looked like a man who had just successfully walked a tightrope over an active volcano.

“Well,” he said, turning to me with a mixture of relief and something that might have been shame, “that went better than expected.”

I nodded, not trusting myself to speak. What could I say? That we had just perpetrated one of the most ridiculous charades in the history of corporate IT? That our “SOC” had more in common with a Hollywood set than an actual cybersecurity operation?

As we began to dismantle our elaborate ruse, sending the guards back to their usual posts and shutting down the fake displays, I couldn’t help but reflect on the absurdity of what had just transpired. Here we were, ostensibly defenders against deception and cyber threats, engaging in our own form of deception.

Lessons learned (Or Not?)

Now, dear readers, you might be wondering what lessons we can glean from this farcical tale. And to be honest, I’m not entirely sure. Perhaps it’s a cautionary tale about the dangers of prioritizing appearances over substance in the world of cybersecurity. Or maybe it’s a testament to the ingenuity and resourcefulness of IT professionals when backed into a corner.

One thing’s for certain: it’s a stark reminder that in the world of corporate IT, sometimes the biggest threats don’t come from outside hackers or malicious insiders, but from the pressure to meet unrealistic expectations and the lengths some will go to maintain the illusion of control.

As for Mr. Bluff and GiantTelco? Well, last I heard, the SOC was fully operational, staffed by actual cybersecurity professionals (who, I’m told, are not quite as physically fit as their temporary stand-ins). The elaborate control room is still mostly empty, a monument to pre-pandemic plans and post-pandemic realities.

And Mr. Bluff? He’s still there, presumably dreaming up new and inventive ways to impress the higher-ups. Though I hear he’s developed a nervous twitch whenever anyone mentions an upcoming executive visit.

In conclusion

So, the next time you find yourself impressed by a slick presentation or a high-tech operations center, remember the tale of GiantTelco’s phantom SOC. In the world of cybersecurity, as in life, things aren’t always what they seem.

And if you ever find yourself in a similar situation, faced with the choice between honesty and an elaborate deception? Well, I can’t tell you what to do. But I can say this: hiring a troupe of actors might be less stressful than trying to turn security guards into cyber analysts overnight.

Stay vigilant, stay honest, and for goodness’ sake, learn how to actually type if you’re going to work in IT. You never know when you might be called upon to play the role of a cybersecurity expert in the theater of corporate absurdity.