The SecOps Manifesto: Why control is the ultimate coverage

Every founder story starts with a realization. Ours started with a hard truth we couldn’t ignore. Between the three of us, we have seen security operations from every possible angle. I spent years modernizing SOCs through Google and Siemplify directly with SOC teams. Roy spent his time running offensive exercises and breaking into those very same environments at Cymulate. Nir spent his career building the products these teams rely on daily at Siemplify and Cymulate.
We spent thousands of hours in the trenches with SecOps analysts and engineers. We shared their challenges, understood their pains, and spoke their language. We originally set out to build an entirely different product. But the more genuine, emotional discussions we had with these teams, the clearer the actual problem became.
Before SecOps teams need another shiny security solution, they need absolute control over what they already have. Because without control, they are simply blind to threats. The industry is obsessed with expanding coverage, but coverage means nothing if your existing detection and response flows silently break with every routine IT change.

The Modernization Trap

We are at a critical inflection point. The SOC is undergoing its most dramatic modernization in decades. AI, smart data pipelines, and next-gen data lakes are flooding into security operations, promising to make things faster, cheaper, and better.
But there is a fatal catch. Driving these massive changes without underlying control breaks the SOC. We have seen it happen with every migration project and new tech implementation.
Today, SecOps engineers are expected to manage incredibly complex, interdependent infrastructures, yet they are left completely without the proper tools to do so. Meanwhile, the broader software engineering world solved these exact infrastructure challenges years ago.

The Core Idea: DevOps for SecOps

We built Fig to bridge this exact gap. We are bringing the foundational concepts of DevOps, observability, and CI/CD directly into Security Operations engineering, and making them accessible and plug-and-play.
We believe that robust development practices shouldn’t be a luxury reserved only for the largest, most advanced security engineering teams. They must be democratized and widely implemented to make true SOC modernization a reality.
Let’s reframe the reality of security operations: a broken parser or a misconfigured data pipeline is not an IT engineering problem. It is a critical security problem. Because at the end of the day, if a detection rule that should trigger fails silently due to a plumbing issue, your organization misses a breach.

The Future of the SOC

The SOC of the future does not have one face. Different organizations will adopt different technologies, data stores, and varying levels of AI automation to fit their specific business needs.
But one absolute truth will remain constant: the infrastructure has to work, all the time.
In this near future, SecOps professionals will evolve. They will become the orchestrators and engineers of massive, highly customized, almost self-driving tech stacks. To remain focused on defending the business at threat-speed, they need rock-solid confidence that their infrastructure is doing exactly what it was designed to do, without exception.
This is why Fig exists. We are operating the SecOps infrastructure for reliable and optimized detection and response.
Welcome to the era of proven protection. Welcome to Fig.