This document discusses Travis Perkins' transition from a legacy security operations center (SOC) to a lean SOC using Splunk software. It describes the challenges of Travis Perkins' complex IT environment and their goal of building security solutions for the cloud. The document outlines Travis Perkins' process for incrementally implementing their SOC using Splunk and focusing on incident handling, investigations, and compliance. It provides examples of how Travis Perkins uses risk-based alerting, incident response workflows, and analytics in Splunk to analyze security events.