SOC-CMM Implementation at RMIT
Context
As Strategic Cyber Security Leader at RMIT University, I’m leading the implementation of the SOC Capability Maturity Model (SOC-CMM) across the College of VE. This framework provides a structured approach to assessing and improving Security Operations Center capabilities.
Key Insights
-
Maturity is Cultural, Not Just Technical: The most significant barriers to SOC maturity aren’t tools or processes—they’re organizational culture and leadership support.
-
Under-Resourced ≠ Low Maturity: Teams with limited resources can achieve high maturity through focus, discipline, and strategic prioritization.
-
Trust is the Foundation: In under-resourced environments, team trust and psychological safety are force multipliers that enable higher performance than budget alone.
-
Competency and Currency: My “Competency and Currency” project addresses the reality that cyber skills decay rapidly—continuous learning must be embedded in operations, not treated as separate training.
-
Assessment as Transformation: The SOC-CMM assessment process itself drives organizational change by creating shared language and visibility into gaps.
Practical Application
At RMIT:
- Current Focus: Rewriting cybersecurity policies to align with SOC-CMM Level 3 capabilities
- Team Growth: Building the Cyber Operations team with emphasis on cultural fit and learning capacity
- Cross-Cluster Coordination: Implementing consistent competency frameworks across all VE clusters
Industry Patterns:
- Most educational institutions operate at SOC-CMM Level 1-2
- The gap between technical capability and strategic alignment is the primary barrier to maturity
- Successful SOC transformations prioritize people development over tool acquisition
Strategic Bridge
Technical Reality: SOC teams need clear processes, defined metrics, and appropriate tooling.
Executive Language: “We are systematically improving our cyber resilience posture through capability maturity assessment, ensuring our security investments align with institutional risk appetite.”
The Bridge: SOC-CMM provides a common framework that allows technical teams to demonstrate progress in terms executives understand—maturity levels, capability gaps, and risk reduction.
Related Concepts
- Leadership Models & Practice - KLC, Bion, and BE KNOW DO
- Adaptive Challenges
- Five Principles of Purposeful Leadership
- AI and Cybersecurity Policy
References
- SECO-Institute SOC-CMM Framework
- My SOC-CMM Certified Assessor credential (2024)
- RMIT Competency and Currency Project documentation
Last Updated: 2026-01-19