A year of Jisc's SOC – what we’ve achieved and learned through 12 months of protecting the sector
A year after launching our security operations centre (SOC), David Batho, our director of security, reflects on the anniversary and looks ahead.
It’s been a busy 12 months since we launched our security operations centre (SOC) in response to the unique needs of the education and research sectors.
We launched our SOC back in March 2025 as a response to what we describe as the toughest challenge in cyber security – protecting the education and research sector from digital attackers.
Working from initial whiteboard plans drawn up in 2023, in March 2025 we successfully launched a SOC that is actively supporting members and customers, preventing breaches, evolving technically, and maturing operationally.
It’s been a year in which we achieved what we set out to do – provide the only SOC built for education and research. Thanks to the power of the Janet Network, our SOC has unique visibility of threats across the UK’s FE, HE and research institutions.
However, our work is by no means complete. The sector is a uniquely challenging and vulnerable environment due to a history of under-investment, ageing infrastructure, varying security standards, constantly changing users, diverse systems, and highly valuable research and student data.
With the average cost to an institution of a major incident standing around £2 million, our mission is to adapt and iterate the SOC to respond to ever-evolving threats, onboard more members and strengthen the sector’s ability to defend as one.
Year one: a look back
We’re proud to have seen 100% of our beta customers successfully adopting the live service. We currently have five institutions live on the SOC, with nine actively onboarding, and three in forward planning.
That’s just the beginning, with around 100 more institutions showing strong interest in adopting our SOC in the future. In anticipation of this demand, we have optimised our pre-onboarding processes while maintaining our rigorous, collaborative approach which ensures that each institution’s individual needs and vulnerabilities are fully understood and that best practice is followed.
As a not-for-profit provider of a bespoke service to the sector, our primary driver is not financial and our focus is not on onboarding as many institutions as we can as quickly as possible. Our mission is to improve the overall security posture of institutions and, as a result, strengthen the resilience of the sector as a whole.
Continuous improvement
Customers who onboarded during year one will have already seen our continuous improvement processes in action, including structured service reviews and optimisation cycles. We have improved the efficiency of our data processes, and built new automation capabilities into the incident management workflows.
We are constantly receiving threat intelligence as a result of members being live on the SOC, which we use to protect those members and the wider sector through the Janet Network.
It has been satisfying to see awareness of the SOC build, as evidenced by strong engagement at our Security Conference 2025, where our SOC readiness session was oversubscribed.
What our customers say
Our mission hasn’t changed: strengthen sector‑wide security. We learn from our members to improve services like the SOC—and the feedback shows it. I’d like to share two pieces of feedback from institutions currently using the SOC, which I’m pleased to say reflect the real impact of this collaborative approach.
“We really appreciate what Jisc does for our sector, and I think there’s an instant trust. We know Jisc has got the experience to help us get to a level that may be beyond what we’d got to with a previous provider. This wasn’t a particularly hard sell in terms of passing that on internally.”
– Runshaw College. See the full Runshaw College video on YouTube.
“Jisc is really only focused on our sector. They understand what drives a university, what drives HE and FE, and they’ve been doing an excellent job in terms of securing the Janet Network for a very long time. Don’t be put off that the SOC appears to be new. It is built on all those things. Our experiences of the SOC and the onboarding process and the results we’re getting from it are hugely positive.”
– Swansea University. See the full Swansea University video on YouTube.
Looking ahead to year two
We mark this anniversary with a sense of pride, having created the most advanced security solution for the HE, FE and research sectors, founded on the most secure private network in the country.
However, this isn’t a race that can ever be won, because protecting the sector is about continuous improvement, adaptation and responding to a rapidly evolving threat landscape.
Our roadmap is constantly evolving based on data from the sector and the needs of our customers, but our focus for the year ahead is to enhance, stabilise, and scale our core service foundations, while extending its reach and capabilities.
Further optimisation of our data collection processes, and enhanced cloud detection rules for platforms such as AWS, Azure and Google Cloud are in our development pipeline.
Expanded detection, enhanced external attack surface management (EASM) and improved customer dashboards are also being developed.
Find out more about Jisc's SOC
Our security operations centre (SOC) represents the gold standard in proactive threat prevention and response for the sector.
Our not-for-profit model frees us from commercial constraints and allows us to work constructively with vendors, negotiate collective licensing terms on behalf of members and reinvest into improving services and security capabilities.
Our partnerships with global threat intelligence partners ensure that our SOC matches or exceeds the detection and prevention capabilities of commercial providers and our in-house expertise is enhanced by threat intelligence from a sector-wide cyber community sharing information across institutions.
Further information
About the author