Beyond the Tiered Trap: Why MANTECH’s Cell-Based SOC is the Human-Centric Revolution

For years, the Security Operations Center (SOC) model has suffered from a fundamental misalignment. Historically structured in a tiered system based strictly on experience, this model was inherited from the old Network Operations Center (NOC)—a “break-fix” mentality where a Tier One analyst’s job was simply to triage and escalate.

But the life of a modern SOC is not break-fix; it is investigation. It’s about determining: What happened, and what does it mean?

The Problem with the Traditional Tiered Model

The tiered approach creates massive organizational friction and, critically, undermines the human element:

• Critical Decisions by the Least Experienced: The risk is highest at Tier One, where the least experienced people are forced to make the most critical early decisions: Is this something, or is this nothing? A mistake here, especially if a sneaky attack is dismissed, can be catastrophic.
• Process Blindness: Analysts who throw tickets “over the fence” never see the outcome of their initial decision or how their work impacts the overall response. This makes it impossible to naturally evolve and streamline processes.
• The Soul-Killing Cycle & Rampant Turnover: The Tier One job is often “a soul-killing thing.” Analysts sit in a silo, log a ticket, and move on, never seeing the value of their work. They often focus solely on collecting certifications, and then—boom—they leave for a role that better utilizes their new skills, creating massive turnover.

The MANTECH Solution: Organizing by Workflow, Not Experience

At MANTECH, we flipped this model on its head, applying the principles of Lean and Agile operations to the SOC. The result is the Cell-Based SOC—an innovation we’ve executed successfully in classified environments for over a decade and are now bringing to the broader industry (like our current implementation at NOAA).

Instead of organizing by experience, we organize by work stream. This architecture is built on two core beliefs:

1. Empowered Outcomes: We enable small, empowered teams—or “cells”—to work a workflow from beginning to end, leading the incident response from soup to nuts. This provides a measurable, cohesive, and valuable outcome.
2. Instant Expertise Pull: If an incident responder needs advanced capabilities (like malware reverse engineering, threat intelligence, or risk analysis), they pull that experience into their cell—they don’t throw the ticket over a wall.

The Human-Centric Advantage

This cell-based approach proves that innovation is about how you deploy the actual humans. The result is magnificent because it dramatically reduces turnover and aligns perfectly with MANTECH’s human-centric EVP (Employee Value Proposition):

• Accelerated Career Development: The learning is built in. You are working with advanced professionals from day one. Instead of paying your dues in a Tier One silo, you can move personnel where they are truly good. For example, a new hire naturally talented at malware engineering can immediately join a reverse engineering cell with senior mentorship.
• Unlocking Employee Genius: The model allows employees to bring their full selves and their full capability to bear without being artificially constrained. We cultivate the whole person, encouraging them to bring their ideas forward and make positive change.
• Process Owners, Not Ticket Takers: When a cell is responsible for a process from start to finish, those knowledge workers are motivated to fix what’s broken. They streamline their own operations, driving continuous, organic process improvement.

The Cell-Based SOC not only provides faster, more capable responses and reduces backlogs; it is a prime example of how MANTECH is dedicated to unlocking the genius of the employees we have. We empower our people to see something, say something, and then do something about it, ensuring we are Always Advancing both our clients’ security posture and our employees’ careers.