We’ve discussed the skills and expertise required in a SOC, but headcount is also important. The minimum viable SOC is around ten to 12 people. Why? Because a SOC requires 24/7 coverage, with a foundational team of at least ten: a manager, five analysts, two engineers, and two researchers. Small teams quickly face unsustainable workloads and alert fatigue (and many of the alerts may be false positives). This can lead to staff burnout and thus increase the likelihood of missed threats. It is not abnormal for IT-security professionals to make burnout-related errors that lead to security breaches.