Member story
A female technician standing with a laptop.

Building defences with SOC: a journey to protection

A cyber incident in 2024 prompted Birkbeck, University of London to look at its defences and they found our security operations centre (SOC) to be the right solution.

Cyber security continues to be one of the highest priorities for institutions across higher and further education. Our security operations centre (SOC), powered by the Janet Network, was launched in March 2025 and is the only service of its kind designed for the education and research sectors.

Since launching, six institutions have gone live, 11 are actively onboarding, with five in forward planning and 100 showing strong interest. One of those now up and running with the live service is Birkbeck, University of London.

A 2024 security incident at the university led to the start of conversations with Jisc about the need for better threat detection. When Toz Ali joined Birkbeck as head of information security in January 2025, he started working with our cyber security team just as the beta phase of the service was getting underway.

With the previous incident in mind and not enough resources on his staff to have a team who could focus on threat detection, Toz knew that putting a service in place that he could trust to manage this was essential. The university had worked with Jisc through the security incident and when Toz started to engage with the computer security incident response (CSIRT) team and learn more about the new SOC he found the level of confidence and assurance he was looking for.

As one of the early beta customers, Toz found the onboarding process hugely helpful. He said:

“The fortnightly calls were really useful for us to get to know the different Jisc departments, and the system hardening workshops and assurance testing were so valuable. The prerequisites set as part of the service also made things easier and saved us time as we didn’t have to try and convince our senior leaders; everything we needed was already part of the onboarding process.”

Going live into the threat zone

Talking about why this particular SOC was the right choice for Birkbeck, Toz said it came down to our specialist knowledge of the sector and its needs, the collaborative nature of the relationship from the start, and the competitive cost for the service. He shared that speaking to peers who also had positive feedback about Jisc brought the sector validation that helped cement his choice.

Another factor that Toz and his team found beneficial was getting started while SOC was still in its beta phase.

“In development, nothing will be a perfect service from day one. Even with another provider, I wouldn’t expect the monitoring to be perfect from the start. So, from our point of view, we had nothing, now we have something, and then we're going to look to improve that with Jisc and think of it as a journey together.”

Following a go-live date in February this year, the university had a security incident in early March which was successfully picked up by SOC and rapidly contained, something Toz reiterated the team at Birkbeck would not have had capacity to do before the service was in place.

“Going live gave us confidence that we had the appropriate coverage in place to monitor, detect, and respond to threats effectively. Without the SOC, the incident would very likely have gone undetected, as there was previously no dedicated capability in place to identify such threats proactively.

We have highly talented staff who are well equipped to investigate and remediate threats once identified; however, we did not previously have the dedicated monitoring capability required to detect those threats at the outset.”

The university is currently in what is known as the hyper care stage, where Jisc still monitors the service and provides ongoing reviews to increase coverage. This period provides an opportunity for institutions to discover what is working well, what needs more attention, and also offers us the chance to work on continually tuning the service.

Asked what his advice would be to anyone considering looking into a SOC, Toz said:

“I would definitely suggest that any institution who hasn't previously had a SOC really considers involving senior leadership and communicating the process with them from the start.

Our decision to work with Jisc comes down to their deep understanding of the education sector. They have established connections and are building relationships that providers outside the sector may not be able to replicate. Jisc understands the unique challenges and constraints we face, and that insight is invaluable, particularly when addressing cyber security issues.”

Find out more