Posthuman Encounters in the Security Operations Center

A Methodological Recipe

An observational protocol for documenting the machine agencies cybersecurity analysts work with in the SOC. Accepted to 4S 2026, Toronto.
Postphenomenology
Cybersecurity Education
Research Methods
STS
Author

Ryan Straight

Published

Wednesday, October 7, 2026

Accepted to the 4S 2026 Conference (Society for Social Studies of Science), TechnoPower / Technoscientific Futures, October 7–10, 2026, Toronto. Submission #740. A methodological-recipe contribution derived from the Security Operations Center study.

Abstract

Picture a cybersecurity professional’s shift in the security operations center (SOC): an alert queue, an AI summary offering its read of last night’s events, monitoring dashboards reorganizing themselves as new intel arrives, a colleague’s instant message flagging something off. The decision to escalate is woven through these mediations before reasoning intervenes. Yet the field measures analysts as if cognition were theirs alone.

This paper proposes an observational protocol, grounded in postphenomenology and community-of-practice scholarship, for documenting what passes between cybersecurity analysts and the machine agencies with which they work. Tools mediate perception; peer scaffolding shapes what counts as expert judgment. What the SOC transmits is not skill to be apprenticed but mediational dispositions, ways of being-with-tools newcomers acquire through extended participation.

The protocol is prepared for ethnographic fieldwork at two sites: a university-based SOC and a state-agency Regional SOC. Methods include field notes, practitioner interviews, and attention to handovers and onboarding where mediation surfaces. IRB review is in progress.

For the panel’s combined format, this contribution is a methodological recipe: a working protocol (observation schedule, handover prompts) for collective discussion. It documents machine agencies in cybersecurity practice before they are named as performance, productivity, or capability. These namings are the measurement frames of technoscientific capital. The pipeline crisis facing entry-level cyber education, where SOC training fails to convert to SOC employment, is partly these frames naming the wrong things. Documenting what passes between analyst and assemblage resists assetization of cyber expertise into vendor-defined competencies, opening remedies apprenticeship discourse forecloses.

Reuse

Citation

BibTeX citation:
@inproceedings{straight2026,
  author = {Straight, Ryan and Straight, Ryan},
  title = {Posthuman {Encounters} in the {Security} {Operations}
    {Center}},
  booktitle = {4S 2026: TechnoPower / Technoscientific Futures (Society
    for Social Studies of Science)},
  date = {2026},
  url = {https://ryanstraight.com/research/2026-10-07-posthuman-encounters-soc/},
  langid = {en}
}
For attribution, please cite this work as:
Straight, Ryan, and Ryan Straight. 2026. “Posthuman Encounters in the Security Operations Center.” 4S 2026: TechnoPower / Technoscientific Futures (Society for Social Studies of Science), accepted. https://ryanstraight.com/research/2026-10-07-posthuman-encounters-soc/.