SOC Analyst as career
Author: Stefan Waldvogel
For a SOC Analyst career, IT experience is an advantage. You should have the ability to look into details.
First, let us have a look what people in the field say about things you should have for this career:
Source: www.linkedin.com/posts/stefan-wa_cybersecurity-education-activity-6811828172686966784-isdZ
Each SOC is different, therefore each opinion is somewhat different. The list gives you two main things:
- the technical part
- the personal part
You need understanding, knowledge about a technical subject and some good soft skills.
Take this list and build your learning path. There are many ways to get the knowledge.
Is this the reality? Let us have a look at a very good job description.
Each SOC is different, therefore each opinion is somewhat different. The list gives you two main things:
- the technical part
- the personal part
You need understanding, knowledge about a technical subject and some good soft skills.
Take this list and build your learning path. There are many ways to get the knowledge.
Is this the reality? Let us have a look at a very good job description.
Such a job description is cool! Why, look at the wording and the certification requirements. It talks about interest in something and where are the certs? CISSP is not on the list -> This list is solid and describes a real entry-level job.
If you study this list, you see tools like suricata, Wireshark and many others. Where do you get the skills?
Possible path:
Start with the free things like RangeForce community edition and do the 20 free modules. Later, you can add INE's Starter pass (for the basics in networking, Python, etc and the into into the red side) or do all free relevant Cyberdefenders.org modules.
TryHackMe's Cyber Defense path is a different option. Some modules are free, and others are part of the pro subscription. The pro is about $10 a month, and you need between one and two months to finish it. This path gives you an excellent understanding, and the path is guided. Try to understand all topics, do not rush.
If you study this list, you see tools like suricata, Wireshark and many others. Where do you get the skills?
Possible path:
Start with the free things like RangeForce community edition and do the 20 free modules. Later, you can add INE's Starter pass (for the basics in networking, Python, etc and the into into the red side) or do all free relevant Cyberdefenders.org modules.
TryHackMe's Cyber Defense path is a different option. Some modules are free, and others are part of the pro subscription. The pro is about $10 a month, and you need between one and two months to finish it. This path gives you an excellent understanding, and the path is guided. Try to understand all topics, do not rush.
https://tryhackme.com/path/outline/blueteam
If you really like it, try to get hands-on and the understanding.
Some options are:
You love playing video games and want to learn things for your career?
Try this gaming platform: threatgen.com/
Some options are:
- BTLO (free and paid content) blueteamlabs.online/
- BHIS ANTISYPHON CYBER RANGE www.blackhillsinfosec.com/services/cyber-range/
Both options are about $30 a month. - John Strand's pay-as-you-can courses (start with SOC core -> Mitre -> Active Defense) wildwesthackinfest.com/training-schedule/ John Strand is high-end and his training is great. He is a former SANS instructor and if you do not have income, it is okay to take his courses for free.
- cyberdefenders.org/ -> a brand new company with a large amount of free labs and challenges (>40). It is for becoming SOC Analysts and higher. Ali Hadi, a well-known INE course developer is an instructor. It is the hidden gem under all the free resources I know.
- letsdefend.io/ -> The free version has 5 free cases per month and it simulates a SOC environment. It is simplified, but you get the idea before you are doing the first steps. It is the most realistic SOC simulator on the market.
You love playing video games and want to learn things for your career?
Try this gaming platform: threatgen.com/
https://threatgen.com/
You can attack and defend an industrial complex and you learn a lot about hacking and defending. Gerald Auger made a video about it: youtu.be/SOW3-CsuUUk -> At the end is a hint for a 40% bonus code on steam.
Maybe it is time for some certifications like CompTIA Network+, Security+ and CySA+, BTL1 (BlueTeamLabs), or SOC1, SOC2 (RangeForce). The last two certs/companies aren't HR relevant, but you can use them on your resume. The next level for an HR relevant cert is GCIH, but this cert is not affordable ($1,500 to $7,000).
A different option is a INE/eLearnSecurity subscription. It is about $749 per year (the certs are extra).
Other options are:
https://securityonionsolutions.com/training/ (free, a lot of pcaps)
Build a home lab and attack the own machine with Kali and Security Onion -> Spinning up a full home lab needs time. It is far beyond what you will do as a SOC Analyst and you need a powerful machine to install Security Onion.
Random other resources:
Technical stuff on YouTube, high end, really good. This is not SOC 1 level but if you do not get a job, why not learning for the next step?
https://www.youtube.com/channel/UCqVIVdF5lwb3uMhiS0XM4XQ (Archan Choudhury with BlackPerl)
The next level
If you get a job, it is a good idea to get the knowledge for the next level, but some do not get a job and can move on with learning. The following picture shows the next level.
Some things do not change, but you get more points:
Maybe it is time for some certifications like CompTIA Network+, Security+ and CySA+, BTL1 (BlueTeamLabs), or SOC1, SOC2 (RangeForce). The last two certs/companies aren't HR relevant, but you can use them on your resume. The next level for an HR relevant cert is GCIH, but this cert is not affordable ($1,500 to $7,000).
A different option is a INE/eLearnSecurity subscription. It is about $749 per year (the certs are extra).
Other options are:
https://securityonionsolutions.com/training/ (free, a lot of pcaps)
Build a home lab and attack the own machine with Kali and Security Onion -> Spinning up a full home lab needs time. It is far beyond what you will do as a SOC Analyst and you need a powerful machine to install Security Onion.
Random other resources:
- SANS DFIR
- Chris Sanders courses (usually 4 to 6 hours, free)
- the Mortal projects cyberwardog
- Chris Long detection lab (quick)
- Chris Sanders’ networkdefense.io — The Mordor Project by Cyberwardog — and the Detection Lab project by Chris Long
- Gerald Auger has a ton of videos (15?)
- www.youtube.com/watch?v=p9RsKDIGKvc&list=PL4Q-ttyNIRAoV4nJqiDh5v1exHbIL291g
Technical stuff on YouTube, high end, really good. This is not SOC 1 level but if you do not get a job, why not learning for the next step?
https://www.youtube.com/channel/UCqVIVdF5lwb3uMhiS0XM4XQ (Archan Choudhury with BlackPerl)
The next level
If you get a job, it is a good idea to get the knowledge for the next level, but some do not get a job and can move on with learning. The following picture shows the next level.
Some things do not change, but you get more points:
Conclusion
The main problem is not the wanted knowledge it is more the limited job availability. It will take time to get such a job. It is a good idea to get the basics and add some things to stand out.
Maybe start with the free / affordable material like Cyberdefenders, RangeForce, INE, BTLO (first modules are free), TryHackMe's Defender path. Now, add some certs for HR like Security+, Network+ and maybe CySA+.
If you have Security+, you can apply for jobs and in the meanwhile you learn more.
Other resources
www.linkedin.com/pulse/what-soc-analyst-jay-jay-davey-/?trackingId=yJqDRKiprYzGAuynzRWfiQ%3D%3D
The main problem is not the wanted knowledge it is more the limited job availability. It will take time to get such a job. It is a good idea to get the basics and add some things to stand out.
Maybe start with the free / affordable material like Cyberdefenders, RangeForce, INE, BTLO (first modules are free), TryHackMe's Defender path. Now, add some certs for HR like Security+, Network+ and maybe CySA+.
If you have Security+, you can apply for jobs and in the meanwhile you learn more.
Other resources
www.linkedin.com/pulse/what-soc-analyst-jay-jay-davey-/?trackingId=yJqDRKiprYzGAuynzRWfiQ%3D%3D
© 2021. This work is licensed under a CC BY-SA 4.0 license