An interview with Roman Draguntsov, a postgraduate student at the G. Ye. Pukhov Institute for Modeling in Energy Problems of the NAS of Ukraine and head of the cyber defense department at a company, has been published on the IT professionals community platform DOU.
The conversation is dedicated to the practical aspects of the operation of Security Operations Centers (SOC) and key cybersecurity challenges in the context of full-scale war. The interview discusses the advisability of creating an in-house SOC or using outsourcing models, issues of continuous 24×7 operation, interaction between SOC and IT departments, as well as the choice of tools for monitoring and correlating security events.
The interlocutor pays special attention to typical scenarios of successful attacks, particularly phishing and exploitation of long-known vulnerabilities, as well as the increasing intensity of cyberattacks from state-sponsored and Russia-affiliated groups. The conversation also touches on the impact of the destruction of civilian infrastructure and power outages on cyber incident investigations.
The interview also considers the role of artificial intelligence and large language models (LLM) in SOC operations—as tools for automating analytics and reporting, which at the same time carry new cybersecurity risks.