Zangardi: SOC optimizations on track at DHS

TSA's Transportation Security Operations Center 

TSA's Transportation Security Operations Center

The Department of Homeland Security's journey to simplify its complex network of Security Operations Centers (SOCs) around the country is picking up momentum, according to the agency's CIO.

"We spent a lot of time over the last two years looking at our SOCs," John Zangardi said in panel remarks at the Sept. 5 Billington Cybersecurity Summit in Washington, D.C.

SOCs are the nerve centers from where DHS assesses and defends its websites, apps, databases, data centers, networks and desktop computers from cyber intrusion and attacks. Most of the centers operate independently from each other.

"We have 17 SOCs," Zangardi said. "We started a long road here in a 'crawl, walk, run' strategy. We're beginning to get into our 'walk' phase."

The SOC operations consolidation, he added, is part of a wider DHS effort to simplify and amplify cybersecurity.  That effort involves contracting, operations and tools, such as Continuous Diagnostics and Mitigation (CDM).

Zangardi said the Secret Service has been developing the single multiple award contract that will provide a central pool of services from which all DHS SOCs can pick and choose. That vehicle will be out for bid in the coming weeks, he said: "Knock on wood, we'll have an RFP out this fall."

The August RFI for cybersecurity support said the coming solicitation would leverage DHS' EAGLE Next Generation IT contract for almost two dozen sets of services, from network and email monitoring to cyber incident response and staffing.

The agency, Zangardi said, has also been honing its SOC operations using the Defense Departments' Cyber Security Service Program to address DHS-specific needs.

DHS finished its first analysis using that process in June, at its SOC in Chandler, Ariz., he said. The center that supports the Transportation Security Administration will probably be done in December or January, he said.

That process will rope in as many CDM tools as possible, but not have a one-size-fits-all approach, Zangardi said. "The idea is not to have the same tools throughout all of DHS, because some of us have started on different paths. The real question is how do we integrate things and roll it up to the [CDM] dashboard to give us the insight into what's happening."

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


  • Government Innovation Awards
    Government Innovation Awards -

    Congratulations to the 2021 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Acquisition
    Shutterstock ID 169474442 By Maxx-Studio

    The growing importance of GWACs

    One of the government's most popular methods for buying emerging technologies and critical IT services faces significant challenges in an ever-changing marketplace

Stay Connected