The Challenge
One of the Netherlands' largest retailers faced a compliance audit with no operational SOC capacity. One Microsoft Sentinel licence had been purchased but not configured. The deadline: 30 days.
Week 1: Design & Recruitment
MVPeople started with a team design session together with the CISO. We defined a lean SOC model: 1 SOC Lead, 2 L2 Analysts, 2 L1 Analysts. In parallel we started recruitment through our network of available interim professionals.
Week 2: Team On Board
All five positions filled. The SOC Lead immediately began configuring Sentinel: detection rules, playbooks, dashboards. The analysts started learning the client environment.
Week 3: Operational Testing
Purple team exercises to test detection capabilities. Fine-tuning alerts to reduce false positives. Incident response procedures documented and practised.
Week 4: SOC Live
The SOC went live in 24/7 monitoring mode. Initially averaging 45 alerts per day, reduced to 12 relevant alerts after tuning. Compliance audit passed successfully.
Week 5: First Real Incident
A phishing attack was detected, contained and reported within SLA. The team proved its value in real-world conditions. The client extended the contract by 12 months.