SOC-CMM Implementation at RMIT
Context
I’m leading SOC-CMM implementation across RMIT’s College of VE. For those unfamiliar, SOC-CMM is a framework that helps you systematically assess and improve your Security Operations Center—think of it as a maturity roadmap for cyber defense capabilities.
Key Insights
-
Culture beats tools every time: Here’s what I’ve learned—the biggest barriers to SOC maturity aren’t technical. They’re cultural. You can have the best SIEM in the world, but if your leadership doesn’t support the team or your culture is broken, you won’t get past Level 2.
-
Budget doesn’t determine maturity: I’ve seen under-resourced teams punch way above their weight. How? Focus, discipline, and ruthless prioritization. It’s not about having everything—it’s about doing the right things exceptionally well.
-
Trust is your force multiplier: In under-resourced environments (which is most of us), team trust and psychological safety matter more than budget. A trusted team of five will outperform a dysfunctional team of twenty.
-
Skills decay faster than you think: My “Competency and Currency” project tackles a hard truth—cyber skills have a shelf life. You can’t treat training as a once-a-year checkbox. Continuous learning has to be embedded in daily operations.
-
Assessment drives change: The SOC-CMM assessment itself is transformative. It creates shared language between technical teams and executives, making gaps visible in a way that drives action.
Practical Application
At RMIT:
- Current Focus: Rewriting our cybersecurity policies to align with SOC-CMM Level 3. This isn’t just paperwork—it’s about making our policies actually useful for the teams executing them.
- Team Growth: Building the Cyber Operations team with emphasis on cultural fit and learning capacity over resume credentials.
- Cross-Cluster Coordination: Implementing consistent competency frameworks across all VE clusters so we’re speaking the same language.
Industry Patterns:
Most educational institutions I’ve seen operate at SOC-CMM Level 1-2. The gap isn’t technical capability—it’s strategic alignment. The teams that succeed prioritize people development over tool acquisition.
Strategic Bridge
Here’s how I translate this for different audiences:
Technical Reality: SOC teams need clear processes, defined metrics, and appropriate tooling.
Executive Language: “We’re systematically improving our cyber resilience through capability maturity assessment, ensuring our security investments align with institutional risk appetite.”
The Bridge: SOC-CMM gives us a common framework. Technical teams can demonstrate progress in terms executives understand—maturity levels, capability gaps, risk reduction. Executives can make informed decisions about where to invest.
Related Concepts
- Leadership Models & Practice - KLC, Bion, and BE KNOW DO
- Adaptive Challenges
- Five Principles of Purposeful Leadership
- AI and Cybersecurity Policy
References
- SECO-Institute SOC-CMM Framework
- My SOC-CMM Certified Assessor credential (2024)
- RMIT Competency and Currency Project documentation
Last Updated: 2026-01-19