With the mantra “when, not if” being proven true over and over again with an ever-increasing number of security incidents, the need to have an acceptable detection and response capability in place is not only sensible but also being included in more compliance requirements. This talk takes you through the highlights of a move from a mostly compliance based and not well “battle tested” incident response plan, to having a 24×7 SOC capability that deals with incidents on a daily basis. The focus is not on building a “money is no object world leading tactical cyber AI machine learning NFT blockchain based SOC v3.0”, it is about the process of going from not good enough to good enough, and having the improvement be noticed and implemented by other areas of the business to benefit from some of the positive changes.