04 March 2021

Professional SOC Team World Championship

See the 2021 Winners

the 2021 Competitors:



SOC X™ was not a game or trivia challenge. It was a pure test of a professional team’s ability to detect, investigate, and remediate a hyper-realistic APT level attack on a live-fire enterprise network.

SOC X was not just another local Blue Team competition. It was the Security Operations World Championship bringing together the best professional SOC and IR teams globally.

SOC X was not sponsored by a tool vendor to promote expensive software licenses. It was a demonstration that teams are more important than tools.

SOC X was not an individual competition. It was a test of professionals in the team sport of digital forensics and incident response.
Close X


World Championship

Second Place

Rob Kuiters
Arnim Eijkhoudt
Sebastiaan Groot
Laurens van Dijk
Cristian Mikehazi

First Place

Codi Starks
Ryan Chapman
Chapin Bryce
Will Ikard
Rocky De Wiest

third Place

Nicolas Bareil
Simon Garrelou
Sylvain Peyrefitte
Adam Rocliffe
Luc Roudé

Remaining Top 10 Finishers (in order):

Bell Canada, Bechtel, Yandex LLC, Hacknowledge, Nexthink, USAF 92nd Cyber Operations Squadron, Texas Instruments SOC

Frequently Asked Questions

What was SOC X?

SOC X was the Professional SOC Team World Championships. It brought together the best SOC and IR Teams in the world to compete on what counts: the detection, investigation, and remediation of hyper-realistic APT level attacks on a live-fire enterprise network.

SOC X was unique among “blue team competitions.” It was the world’s premier security operations competition because it was a pure test of a team’s actual response capabilities. It was not a game. There were no puzzles or trivia quizzes or multiple choice questions. It did not promote a vendor’s commercial tool. It was a live enterprise network, a full suite of digital forensics & incident response tools, and authentic APT attacks.

What was the purpose of SOC X?

The purpose of SOC X was to give the best professional SOC and IR teams in the world an opportunity to test their skills and see how they stacked up. More broadly, it was intended to inspire all security operations teams to build their capabilities by demonstrating the art of the possible.

Who could compete?

Professional SOC and IR teams of up to 5 people.

Only one team per organization could compete. This allowed as many organizations as possible to compete and prevents collusion between multiple teams from the same organization.

Who Hosted SOC X?

Recon Infosec, the team that brought you OpenSOC and the Network Defense Range.

Was SOC X the same thing as OpenSOC?

No. The purpose of OpenSOC is to support open source projects and give back to the community. It is designed to encourage people new to security operations to try it out and intermediate and advanced analysts to practice their skills. OpenSOC has a mix of beginner, intermediate, and advanced challenges. It is always free. It is run multiple times throughout the year at events such as DEFCON and BSides.

SOC X was designed to test the best security operations teams on the planet. It was focused on professional teams, and consists only of expert scenarios.

Was SOC X the same thing as the Network Defense Range?

No. SOC X was the Professional SOC Team World Championships and was run on the Recon Network Defense Range (NDR) . NDR is the platform which includes a live enterprise network, a complete set of digital forensics and incident response tools, and hyper-realistic live attacks. The Recon Network Defense Range also enables public and private security operations training courses, the Recon Threat Hunter Academy, Black Hat Trainings, and OpenSOC.

My team is in. Now what?

Review the SOC X Rules, make sure you are familiar with the SOC X digital forensic and incident response tools (See prior FAQ "What tools will I be using"), plan your team strategy, and be ready to roll on March 4th.
© 2020 – 2023  Recon InfoSec, Inc.
 All rights reserved.
Connect on Discord