CYBERSECURITY JOB HUNTING GUIDE
  • Home
  • Introduction
    • Things you should know
    • The strategy
  • Paths into Cybersecurity
    • First steps
    • SWOT Analysis
    • How much time do you need?
    • Calculate& Evaluate Knowledge
    • Imposter syndrome
    • Time Management
    • Cybersecurity Domains
    • Cloud Security
    • Financial advice >
      • Credit score
    • The salary
    • Advocacy for underrepresented groups
  • Goal Setting & Career paths
    • Find your career in 5 steps
    • Cybersecurity career options
    • Career finding with LinkedIn
    • Transferable Skills (general)
    • Transferable IT Skills
    • Find a path with job descriptions
    • The I do not know path
    • Do you know “garbage” jobs?
    • “Bonus” knowledge
    • Learning & Motivation
    • Particular vs. any job
    • Pentester path (start)
    • Pen Testing as Career
    • SOC Analyst as career
    • Security Engineer as career
    • Compliance & Risk as career
    • How to find a career (IAM Engineer)
    • Find a company
  • Networking
    • Networking like a pro
    • LinkedIn
    • Referrals & Skills
    • LinkedIn Recruiters >
      • Working with a recruiter
    • Cyber Community
    • Networking University
    • Mentoring
    • Build your personal brand
    • Goal of Networking
  • Hands-on
    • The home lab >
      • Designing a home lab
      • Ways to create a home lab
      • Hypervisors >
        • VirtualBox
        • VMWare Player
        • QEMU/KVM
      • Docker
      • Operating Systems >
        • Kali Linux >
          • Installing Kali with VirtualBox
        • Parrot
        • BlackArch
        • Red Hat Enterprise Linux >
          • RHCSA
        • Security Onion >
          • Installation Security Onion
        • Metasploitable2
        • Ubuntu
        • Windows >
          • Windows in a VM
          • Windows with Virtual Machine Manager
          • Preparing Windows logging
          • John Strand's ADHD VM
      • Firewalls >
        • pfSense Installation
        • pfSense configuration for Security Onion
    • Volunteer Work
    • Note Taking
    • Red labs >
      • Cyberseclabs
      • HackTheBox >
        • HackTheBox Academy
      • INE red side
      • RangeForce
      • Offensive Security
      • TryHackMe
      • Virtual Hacking Labs
    • Red tools & techniques >
      • Atomic Red Team
      • DVWA
      • Metasploit
      • OSINT tools
      • OWASP Juice Shop
    • Blue labs >
      • Blue Team Labs Online
      • DetectionLab (free)
      • INE
      • Letsdefend >
        • LetsDefend password stealer
      • Opensecuritytraining (free)
      • PurpleLabs
      • RangeForce
    • Blue tools >
      • Install a Canary Token
      • CyberChef
      • EDR Lima Charlie installation
      • EDR LimaCharlie configuration
      • EDR Velociraptor (free)
      • EDR Bluespawn (free)
      • DeepBlueCLI (logs Powershell, free)
      • Raccine (ransomware protection, free)
      • Install RITA (detects C2 traffic, free)
      • Sandboxes >
        • Joe's Sandbox
      • SIEM ELK Stack
      • SIEM Graylog >
        • Getting started with Graylog
        • Install Graylog
        • Graylog Windows agent
        • Graylog Linux agent
        • Graylog as application
      • Suricata with RangeForce
      • Identifying IoCs with RangeForce
      • What2Log
  • Certifications, Degree & Courses
    • Overview
    • Free & Affordable Resources
    • Pick your cert
    • Skill Assessment
    • Get a cheap degree
  • (Employment) fraud & scams
    • Suspicious Offer
    • Second Offer
    • Certification Scams
    • Fraud with courses
  • Analyzing a job ad
    • The Header
    • Building a Bridge
    • The Responsibilities
    • Desired Skills
    • Preferred Qualification
    • Benefits
    • Own skills vs job ad
    • Dealing with poorly written job ads
  • Resume writing
    • Templates
    • Building a draft
    • Resume in Detail
    • Understand the company
    • ATS and tailoring
    • Last Step
  • Cover letter
    • Writing a cover letter
  • Preparation & Interview
    • Organize your job hunt
    • SWOT Again (interview)
    • Twitter
    • The interview
    • Interview Questions Designed To Trick You
    • Post interview tasks
  • I did it all, but...
    • You are not alone
    • Try Something New
    • Why You'll Fail in Cyber Security
  • Yes, I got a job!
    • Two, or more offers?
    • Continued learning
    • Moving up
    • Lessons learned
  • Conclusion
  • Additional things
    • Reviews (labs, courses, certs) >
      • CompTIA A+
      • CompTIA Network+
      • CompTIA Security+
      • CompTIA Server+
      • CompTIA PenTest+
      • DroneSec DSOC
      • Defensive-Security Purple Labs
      • FAA Part 107
      • INE eCPPT & PTP
      • Letsdefend review
      • Microsoft AZ-500
      • RangeForce SOC 1
      • RangeForce SOC 2
    • Work In A Different Country >
      • The Work Permit
      • Working in the US
      • Studying in the US
      • Studying in Germany
      • Work in a different country
    • Other Resources >
      • Useful Links >
        • All about careers
        • Red resources
        • Blue resources
      • YouTube
      • Twitch
      • Podcasts
      • Books
      • Udemy
      • Thanks
    • Contributors
  • Stefan Waldvogel, where can I help?
  • Home
  • Introduction
    • Things you should know
    • The strategy
  • Paths into Cybersecurity
    • First steps
    • SWOT Analysis
    • How much time do you need?
    • Calculate& Evaluate Knowledge
    • Imposter syndrome
    • Time Management
    • Cybersecurity Domains
    • Cloud Security
    • Financial advice >
      • Credit score
    • The salary
    • Advocacy for underrepresented groups
  • Goal Setting & Career paths
    • Find your career in 5 steps
    • Cybersecurity career options
    • Career finding with LinkedIn
    • Transferable Skills (general)
    • Transferable IT Skills
    • Find a path with job descriptions
    • The I do not know path
    • Do you know “garbage” jobs?
    • “Bonus” knowledge
    • Learning & Motivation
    • Particular vs. any job
    • Pentester path (start)
    • Pen Testing as Career
    • SOC Analyst as career
    • Security Engineer as career
    • Compliance & Risk as career
    • How to find a career (IAM Engineer)
    • Find a company
  • Networking
    • Networking like a pro
    • LinkedIn
    • Referrals & Skills
    • LinkedIn Recruiters >
      • Working with a recruiter
    • Cyber Community
    • Networking University
    • Mentoring
    • Build your personal brand
    • Goal of Networking
  • Hands-on
    • The home lab >
      • Designing a home lab
      • Ways to create a home lab
      • Hypervisors >
        • VirtualBox
        • VMWare Player
        • QEMU/KVM
      • Docker
      • Operating Systems >
        • Kali Linux >
          • Installing Kali with VirtualBox
        • Parrot
        • BlackArch
        • Red Hat Enterprise Linux >
          • RHCSA
        • Security Onion >
          • Installation Security Onion
        • Metasploitable2
        • Ubuntu
        • Windows >
          • Windows in a VM
          • Windows with Virtual Machine Manager
          • Preparing Windows logging
          • John Strand's ADHD VM
      • Firewalls >
        • pfSense Installation
        • pfSense configuration for Security Onion
    • Volunteer Work
    • Note Taking
    • Red labs >
      • Cyberseclabs
      • HackTheBox >
        • HackTheBox Academy
      • INE red side
      • RangeForce
      • Offensive Security
      • TryHackMe
      • Virtual Hacking Labs
    • Red tools & techniques >
      • Atomic Red Team
      • DVWA
      • Metasploit
      • OSINT tools
      • OWASP Juice Shop
    • Blue labs >
      • Blue Team Labs Online
      • DetectionLab (free)
      • INE
      • Letsdefend >
        • LetsDefend password stealer
      • Opensecuritytraining (free)
      • PurpleLabs
      • RangeForce
    • Blue tools >
      • Install a Canary Token
      • CyberChef
      • EDR Lima Charlie installation
      • EDR LimaCharlie configuration
      • EDR Velociraptor (free)
      • EDR Bluespawn (free)
      • DeepBlueCLI (logs Powershell, free)
      • Raccine (ransomware protection, free)
      • Install RITA (detects C2 traffic, free)
      • Sandboxes >
        • Joe's Sandbox
      • SIEM ELK Stack
      • SIEM Graylog >
        • Getting started with Graylog
        • Install Graylog
        • Graylog Windows agent
        • Graylog Linux agent
        • Graylog as application
      • Suricata with RangeForce
      • Identifying IoCs with RangeForce
      • What2Log
  • Certifications, Degree & Courses
    • Overview
    • Free & Affordable Resources
    • Pick your cert
    • Skill Assessment
    • Get a cheap degree
  • (Employment) fraud & scams
    • Suspicious Offer
    • Second Offer
    • Certification Scams
    • Fraud with courses
  • Analyzing a job ad
    • The Header
    • Building a Bridge
    • The Responsibilities
    • Desired Skills
    • Preferred Qualification
    • Benefits
    • Own skills vs job ad
    • Dealing with poorly written job ads
  • Resume writing
    • Templates
    • Building a draft
    • Resume in Detail
    • Understand the company
    • ATS and tailoring
    • Last Step
  • Cover letter
    • Writing a cover letter
  • Preparation & Interview
    • Organize your job hunt
    • SWOT Again (interview)
    • Twitter
    • The interview
    • Interview Questions Designed To Trick You
    • Post interview tasks
  • I did it all, but...
    • You are not alone
    • Try Something New
    • Why You'll Fail in Cyber Security
  • Yes, I got a job!
    • Two, or more offers?
    • Continued learning
    • Moving up
    • Lessons learned
  • Conclusion
  • Additional things
    • Reviews (labs, courses, certs) >
      • CompTIA A+
      • CompTIA Network+
      • CompTIA Security+
      • CompTIA Server+
      • CompTIA PenTest+
      • DroneSec DSOC
      • Defensive-Security Purple Labs
      • FAA Part 107
      • INE eCPPT & PTP
      • Letsdefend review
      • Microsoft AZ-500
      • RangeForce SOC 1
      • RangeForce SOC 2
    • Work In A Different Country >
      • The Work Permit
      • Working in the US
      • Studying in the US
      • Studying in Germany
      • Work in a different country
    • Other Resources >
      • Useful Links >
        • All about careers
        • Red resources
        • Blue resources
      • YouTube
      • Twitch
      • Podcasts
      • Books
      • Udemy
      • Thanks
    • Contributors
  • Stefan Waldvogel, where can I help?
  CYBERSECURITY JOB HUNTING GUIDE

SOC Analyst as career

Author: Stefan Waldvogel

For a SOC Analyst career, IT experience is an advantage. You should have the ability to look into details.

First, let us have a look what people in the field say about things you should have for this career:
Picture
Source: www.linkedin.com/posts/stefan-wa_cybersecurity-education-activity-6811828172686966784-isdZ

​Each SOC is different, therefore each opinion is somewhat different. The list gives you two main things:
- the technical part
- the personal part

You need understanding, knowledge about a technical subject and some good soft skills.

Take this list and build your learning path. There are many ways to get the knowledge.

Is this the reality? Let us have a look at a very good job description. 
Picture
Such a job description is cool! Why, look at the wording and the certification requirements. It talks about interest in something and where are the certs? CISSP is not on the list -> This list is solid and describes a real entry-level job.

If you study this list, you see tools like suricata, Wireshark and many others. Where do you get the skills?​

Possible path:
Start with the free things like RangeForce community edition and do the 20 free modules. Later, you can add INE's Starter pass (for the basics in networking, Python, etc and the into into the red side) or do all free relevant Cyberdefenders.org modules.
TryHackMe's Cyber Defense path is a different option. Some modules are free, and others are part of the pro subscription. The pro is about $10 a month, and you need between one and two months to finish it. This path gives you an excellent understanding, and the path is guided. Try to understand all topics, do not rush.​
Picture
https://tryhackme.com/path/outline/blueteam
If you really like it, try to get hands-on and the understanding.
Some options are:
  • BTLO (free and paid content) blueteamlabs.online/
  • BHIS ANTISYPHON CYBER RANGE www.blackhillsinfosec.com/services/cyber-range/ 
    ​Both options are about $30 a month.
  • John Strand's pay-as-you-can courses (start with SOC core -> Mitre -> Active Defense) wildwesthackinfest.com/training-schedule/ John Strand is high-end and his training is great. He is a former SANS instructor and if you do not have income, it is okay to take his courses for free.
  • cyberdefenders.org/ -> a brand new company with a large amount of free labs and challenges (>40). It is for becoming SOC Analysts and higher. Ali Hadi, a well-known INE course developer is an instructor. It is the hidden gem under all the free resources I know.
  • letsdefend.io/ -> The free version has 5 free cases per month and it simulates a SOC environment. It is simplified, but you get the idea before you are doing the first steps. It is the most realistic SOC simulator on the market.

You love playing video games and want to learn things for your career?
Try this gaming platform: threatgen.com/
Picture
https://threatgen.com/
You can attack and defend an industrial complex and you learn a lot about hacking and defending. Gerald Auger made a video about it: youtu.be/SOW3-CsuUUk -> At the end is a hint for a 40% bonus code on steam.

Maybe it is time for some certifications like CompTIA Network+, Security+ and CySA+, BTL1 (BlueTeamLabs), or SOC1, SOC2 (RangeForce). The last two certs/companies aren't HR relevant, but you can use them on your resume. The next level for an HR relevant cert is GCIH, but this cert is not affordable ($1,500 to $7,000).
A different option is a INE/eLearnSecurity subscription. It is about $749 per year (the certs are extra). 

Other options are:
https://securityonionsolutions.com/training/ (free, a lot of pcaps)
Build a home lab and attack the own machine with Kali and Security Onion -> Spinning up a full home lab needs time. It is far beyond what you will do as a SOC Analyst and you need a powerful machine to install Security Onion.

Random other resources:
  • SANS DFIR
  • Chris Sanders courses (usually 4 to 6 hours, free)
  • the Mortal projects cyberwardog
  • Chris Long detection lab (quick)
  • Chris Sanders’ networkdefense.io — The Mordor Project by Cyberwardog — and the Detection Lab project by Chris Long
  • Gerald Auger has a ton of videos (15?)
  • www.youtube.com/watch?v=p9RsKDIGKvc&list=PL4Q-ttyNIRAoV4nJqiDh5v1exHbIL291g

Technical stuff on YouTube, high end, really good. This is not SOC 1 level but if you do not get a job, why not learning for the next step?
https://www.youtube.com/channel/UCqVIVdF5lwb3uMhiS0XM4XQ (Archan Choudhury with BlackPerl)

The next level
If you get a job, it is a good idea to get the knowledge for the next level, but some do not get a job and can move on with learning. The following picture shows the next level.
Some things do not change, but you get more points:
Picture
Conclusion
The main problem is not the wanted knowledge it is more the limited job availability. It will take time to get such a job. It is a good idea to get the basics and add some things to stand out.
Maybe start with the free / affordable material like Cyberdefenders, RangeForce, INE, BTLO (first modules are free), TryHackMe's Defender path. Now, add some certs for HR like Security+, Network+ and maybe CySA+.
If you have Security+, you can apply for jobs and in the meanwhile you learn more.

Other resources
www.linkedin.com/pulse/what-soc-analyst-jay-jay-davey-/?trackingId=yJqDRKiprYzGAuynzRWfiQ%3D%3D
Next: Find a good company
© 2021. This work is licensed under a CC BY-SA 4.0 license​