Today's Cyber Security Operations Centers (CSOCs) should have everything they need to mount a competent defense of the ever-changing IT enterprise: a vast array of sophisticated detection and prevention technologies, a virtual sea of cyber intelligence reporting, and access to an exploding workforce of talented IT professionals. Yet most CSOCs continue to fall short in keeping the adversary ' even the unsophisticated attacker-- out of the enterprise. Why is this? In this talk, Mr. Zimmerman will offer some observations on what it takes to operate and evolve a CSOC in the modern IT enterprise. He will present ten fundamental qualities of an effective CSOC that cut across elements of people, process, and technology.