# SOC Analyst Competency: The Assessment Gap That Costs MSSPs $2M/Year
The managed security services market reached $31.2 billion in 2025, but MSSPs face a persistent operational problem: mismatched analyst competency. A Tier 1 analyst handling a Tier 2 incident takes 3.4x longer to resolve it and escalates unnecessarily 58% of the time.
The Competency Measurement Problem
Most MSSPs assess SOC analyst skill through certifications held, years of experience, or informal peer evaluation. None reliably predict operational performance. A SANS study found certification status explained only 23% of the variance in analyst investigation performance — 77% of what makes an analyst effective is unmeasured by credentials alone.
What Competency Assessment Should Measure
**Triage accuracy**: Can the analyst correctly classify true positives, false positives, and items requiring escalation from real alert data?
**Investigation depth**: When an analyst identifies a true positive, do they investigate to root cause or stop at surface indicators?
**Tool proficiency**: Can they construct queries in Splunk, interpret dashboards in Microsoft Sentinel, and execute playbooks in Cortex XSOAR?
**Communication**: Can the analyst produce a clear, structured incident summary that stakeholders can act on?
The Adaptive Advantage
Adaptive engines identify the analyst's competency boundary within 25-35 items instead of 100+. For an MSSP assessing 200 analysts quarterly:
The $2M Math
For a mid-size MSSP with 150 SOC analysts across three tiers:
The assessment itself is not the product. The outcome — correctly tiered analysts handling the right incidents — is the product.
**QLM's adaptive security assessment engine provides IRT-based measurement, simulation item types, and SIEM-integrated scenarios for MSSPs.** Learn more at [quantumlearningmachines.com](https://quantumlearningmachines.com).