20. 12. 2025
Blue Team, CTF Writeups
Introduction
If you work in the Cyber Security field, you probably know how a traditional Security Operations Center (SOC) operates. It is often characterized by a demanding workload, extensive night shifts, and high personnel turnover. These factors can lead to alert fatigue among analysts and a lower morale. The stressful nature of such environments can also result in staffing shortages and may reduce the overall effectiveness of threat detection and mitigation. This may be the standard today, but it doesn’t mean we have to follow it.
The Cyber Defence Center
The Würth Group is made up of more than 450 companies worldwide. To protect all of them and guarantee a consistent security baseline, we need a SOC, which we call the Cyber Defence Center (CDC). We don’t just want to protect companies, we strive to build a healthy workplace with field experts who can grow and continuously gain new knowledge to defend us at their best.
We succeed when the attacker fails to achieve their objective
Our innovative approach introduces a modern SOC concept built upon the follow‑the‑sun principle. This model leverages teams located across three different time zones, ensuring continuous coverage without the need for overnight shifts. Each analyst works exclusively during daytime hours within their respective region. We are currently present in three regions (NA, EMEA, APAC) and five countries (US, Germany, Switzerland, Italy, Malaysia).
Furthermore, to facilitate seamless operations, structured handover meetings are conducted at the beginning and end of each shift. These meetings enable efficient transfer of the alert queue and ongoing cases, maintaining a high level of situational awareness and operational continuity throughout the 24‑hour cycle. This is made possible through an overlap period between shifts.
Map of the world with each SOC working hours
Since we operate 24/7, public holidays and weekends must also be covered. This is valid for each region, only during the day. To facilitate this, every local team consists of several members who share the working days fairly throughout the year.
Continuous Improvement
In a SOC, the expertise and dedication of its people are fundamental to its success. Skilled team members possess the critical knowledge required to identify, analyze, and respond effectively to emerging threats. Recognizing this, we prioritize continuous professional development by encouraging our teammates to obtain certifications in the technologies they use daily.
A tool is only as good as the person using it
Additionally, participation in SANS courses and attendance at GIAC exams are integral components of our strategy to maintain a highly knowledgeable, motivated, and proficient team. This commitment to ongoing education ensures that our SOC remains agile and well‑prepared to adapt to the ever‑evolving threat landscape, ultimately enhancing our ability to prevent and mitigate security incidents with precision and confidence.
Mirko Ioris
Technical Consultant - Cyber Security Team | Würth IT Italy
Author
