



Providing a vital layer of defense for Kroll clients 24/7/365 calls for a very particular mix of know-how, resilience and focus. Putting this powerful combination to work within Kroll Cyber and Data Resilience are Security Operations Center (SOC) Analyst, Georgi Sharkov and SOC Shift Lead, William Morgan.
Part of the global SOC network that manages and monitors the latest detection technologies to hunt for and eliminate threats impacting Kroll’s client base, their expertise forms a key element of the award-winning Kroll Responder managed detection and response (MDR) service.
Georgi enjoys the distinction of being the very first alum or “Kadet” to begin working within the Kroll SOC after training at the Kroll Cyber Academy, which aims to attract new talent to the business. Highlighting that every path into the SOC is different, William Morgan became a Kroll SOC Analyst and then SOC Shift Lead after working in government and Japanese/English translation, then retraining and working within an in-house SOC.
Both specialists are part of the team delivering seamless real-time threat monitoring and mitigation for hundreds of Kroll clients all day, every day. By investigating and triaging alerts, they ensure that Kroll clients’ in-house resources aren’t burdened with the responsibility of around-the-clock threat detection. Georgi explains: “The SOC Analyst is the person who analyzes incoming threats, looking at alerts which are generated from clients’ systems and networks and deciding whether to escalate them. When we see a security incident, our job is to carry out initial triage, and for instances where the activity is identified as a security incident, our findings are documented and escalated up for further investigation and remediation where necessary as part of our major incident process—all while supporting multiple customers across the three regions in which we operate.”
Of course, not every alert is the same: “For false positives, we raise tuning, which means we reduce the number of alerts generated form the benign activity. If we detect any malware, we retrieve and analyze it, using specialist internal and external tools.”
Not surprisingly, the nature of the work means it’s intense, but that’s a big part of what makes it interesting, according to William: “Because we're monitoring hundreds of thousands of endpoints over hundreds of customers, we get to see real attacks all the time. That comes with its own degree of challenge, but it's also really interesting. It keeps you sharp to know that anything you pick up may actually be a real attack.”
Working to contain and eradicate threats day after day doesn’t mean Kroll SOC specialists are far removed from clients. Quite the contrary. Georgi and William’s roles are as much about supporting clients with up-to-date insight as they are about responding to threats. William comments, “I interface with customers all the time. Once I have triaged an incident, I write up a dedicated write-up for the customer. What I do day-to-day relies on my ability to distill the information I've seen in the alerts and the insight drawn from contextualizing their environment and the surrounding activity.”
As a result, both SOC specialists point out that working effectively in the SOC calls for empathy as well as technical know-how: “I always try to put myself in the customer’s place, when I am writing up a ticket with my findings,” says Georgi. “It’s all about remembering the human side.”
The paradox of working in the SOC is that the more threats the specialists see, the better they become at their job. “I worked in an internal SOC previously,” William says. “The big difference here is that I get to see a huge range of environments and many different types of attacks.”
This breadth of perspective is advantageous for Kroll clients too. By using an external SOC, organizations benefit from the security insights gained across Kroll’s entire client base. “The range of customers we work for is growing all the time; not just in MDR but in digital forensics and incident response as well,” says Georgi. “That means our knowledge is always increasing.”
This new insight extends to new tools, as Georgi explains: “We’re always looking to get the best out of every tool, system and platform to enhance how fast we work and how well they work. By constantly improving tools and systems, we’re always providing more functionalities to speed up our processes, but also to enhance quality.”
While William and Georgi are already accredited to the highest professional standards, building on their skills and awareness is key to ensuring Kroll customers continue to benefit from the most advanced defense against threats. Keeping up with what’s new in cyber security is a critical aspect of that.
“Continual learning is a very large component of being an effective SOC specialist,” says William. There's never any end to the learning you need to do to keep abreast of what's going on. You learn new things every day. That's challenging, but it's also really, really fun.”
This ongoing development is supported by plenty of training opportunities: “We’re encouraged to be proactive about continuing to learn and we do a lot of training. We have a training budget and a dedicated platform where we can learn all kinds of different skills.”
For both SOC specialists, alongside continuous learning, the shared expertise of colleagues and the Kroll leadership team has been central to their career success to date. Georgi comments, “At Kroll, we have a unique opportunity to benefit from the real-life experience of experts. In my view, it is this, and the focus on individuals and their professional development, that is the big difference between Kroll and other companies.”
William adds: “Before starting at Kroll, I didn't fully comprehend the level at which security expertise could be held by individuals and across a team that actively collaborates and shares information. When I joined the Kroll SOC, I realized: this is the big leagues now.”
Learn More About Kroll Responder
Cyber and Data Resilience
Kroll merges elite security and data risk expertise with frontline intelligence from thousands of incident responses and regulatory compliance, financial crime and due diligence engagements to make our clients more cyber- resilient.
Kroll Responder
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.