Training the Maritime Security Operations Centre Teams

A Security Operation Centre (SOC) is a powerful and versatile infrastructure for cybersecurity due to the capabilities of monitoring and improving the security posture of an organization. While they found great diffusion in companies to defend IT/OT infrastructures, their employment in the maritime domain is still narrow but required. Nevertheless, SOC analysts working in traditional SOCs may be unprepared to operate proficiently in the maritime environment due to its context-specific features. They require specific training to fully exploit these newfound requirements. In this work, we leverage the NICE framework to outline the profile definition of a SOC operator in terms of required knowledge and skills. This profile allowed us to define the requirements of a training program tailored for maritime SOC operators. Moreover, we show how this program can be fulfilled with targeted hands-on exercises. An example exercise set in a representative scenario highlights that we are able to train the specific skills with metrics for evaluating their proficiency.