All learning paths
Senior10–16 months

Career learning path

Director of Security Operations

Lead SOC, detection, and incident response at scale

Leadership path for blue team at scale: SOC maturity models, SIEM/SOAR strategy, staffing models, MTTR metrics, purple teaming, and executive incident communication.

Best for: SOC managers, IR leads, detection engineering leads, and MSSP leaders targeting director-level operations roles.

Your destination

Director of Security Operations owning SOC/M DR, detection engineering, and 24/7 security operations

Director of Security OperationsHead of SOCGlobal SOC ManagerDirector of Incident Response

What you will achieve

Outcomes when you complete this learning path — your career destination.

  • Design SOC tiers, runbooks, and escalation matrix
  • Build detection engineering and log onboarding pipeline
  • Report MTTR, alert fidelity, and coverage to leadership
  • Lead major incident response with cross-functional teams

How this path helps your career

Director-level SOC leaders are critical in enterprise and MSSPs — compensation reflects 24/7 accountability and scarce operational leadership talent.

Path milestones

Phases on the way to your destination — what you prove at each step.

Phase 1

SOC operating model

Tiers, shifts, tools, and vendors.

  • Define SOC charter and SLAs
  • Map log source coverage
Phase 2

Detection & engineering

Use cases, tuning, and automation.

  • Prioritize detection backlog
  • Reduce false positive rate
Phase 3

Incident command

Major IR, forensics partners, and comms.

  • Run cross-functional tabletop
  • Document executive IR playbook
Phase 4

Metrics & maturity

SIM3/CMMI-style improvement and budget.

  • Present maturity roadmap
  • Build hiring and training plan

Resources to reach your destination

Technology roadmaps, tutorials, labs, and tools — everything bundled for this career path.

Roadmaps below are technology maps — focused guides for one skill area. They are stepping stones inside this career path, not the destination itself.

Technology roadmaps

Operational technology maps for your teams.

Labs

IR and detection scenarios.

SOC tools

Log and IOC utilities.

What comes next

After progressing on this path — related executive roles, technology roadmaps, and community.

CISO

Enterprise security executive

Continue →

Security Architect

Architecture and detection alignment

Continue →

Cloud Security Director

Multi-cloud security leadership

Continue →

Start with the first technology roadmap

Enroll in a roadmap stage to track progress while following this path.

Open first roadmapCompare paths