Is it required in your company to conduct a security review before purchasing a firewall? Also, do you need to perform reviews after (how often)?
What are the common materials you use in the review? Do you have any tips or advice?
Any pitfalls to watch out for?
When would you suggest using an internal SOC and when SOC-as-a-Service? What are the pros and cons of each?