CSOC is a team; and as in every winning team, all rules must be fulfilled properly. Leadership will be needed, while engineering roles, analyst roles, and operations roles will have to be covered. Many functions must be carried out and analysts will be assigned to two or three tiers. Primary functions provided by the team members will be the analysis grounded on the real-monitoring of events, detection of security incidents or data breaches, the response to these incidents and, at last, remediation of the consequences of every detected incident. All of the actions must be coordinated: collaboration, timing, and efficiency must be paramount for CSOC overall organization. Each member of the team must be fully aware of both the mission and the strategy of the CSOC; therefore, an effective leadership has an enormous impact. CSOC manager must be able to build team, motivate members, retain people and make them willing to create value for the business and for themselves. It is not an easy task for a CSOC manager: “machine” must run 7 seven days a week, 24 hours a day, so stress will be a likely risk factor. Selecting the right team members for the right tasks is a highly challenging assignment, as the range of required competences is quite wide, spacing from vulnerability management to computer forensics through malware analysis. Establishing the proper number of staff members is another hard and demanding charge; while no unnecessary workers should be hired and a defined level of budget will have to be respected, the risk of being undermanned must be avoided. The adoption of a hybrid model envisioning the cooperation between the internal and outsourced managed service providers is a viable choice.