Lots of great points in the article, I’ve taken a few out below.
https://www.infosecurity-magazine.com/opinions/best-practices-for-the-soc-team/
“Organizations are being forced to hire Tier 1 analysts with little or no experience, and spread their Tier 2 analysts too thin”
To help your Tier1 team, either hire anyone in IT and just do data collection, or use Automation:
” …if there is no judgment to be made, you don’t need a human analyst – you need to automate. “
To help your Tier2 team
“Analysts should be equipped with tools that can help them automatically investigate incident “
Andy