Agenda

Note:: THIS IS NOT A ROADMAP TO BE A SOC , THIS SHOULD GIVE YOU A MORE REALISTIC IMAGINATION ABOUT THE ROLE AND ITS ACTIVITIES.

What’s SOC

Security Operation Center, it refers for an Analyst which monitor and anaylsis All network and orginaization operation in prespactive to Secuirty from a centralized place or software. It’s an important part and the first line of defense of every blue team for any organization. Its responsiblities to keep an eye on the daily baseline of your organization, also detect and identify any unusual behavior maybe unwanted or malicious to your business and has bad effect on your operation.

What we study

As it’s cybersecurity catogrized role , so first things first , cyber security fundmentals is a must. Gain Knoweldge about security concepts as CIA, zero-trust,…etc. Know various types of sensitive data, Types of Cyber Attacks. Know difference between Risk, Threats and Vulnerabilities. Cryptography, Forensics and “Security Architecture and Design”

Such topics needed to be known even not in deep , just reading ,understanding and exploring these concepts and approches to have a bigger picture of why important cybersecurity is and how it may apply in real-life scenarios.

Also other Topics to be aware of:

  • Network and Network Security
  • Programming Fundamentals , not a specific language any may help automate your daily tasks.
  • Linux Fundamentals also is a plus will ease how to deal with any Linux machines later on.

Skill Set You should have to be a good SOC Analyist:

  • Analysis and investigation.
  • Problem solving.
  • Critical and Logical Thinking
  • Adapt with work environments and Team Work

For sure besides of your soft skills which is needed for most of jobs outthere.

Daily Routine and Responsiblities

Let’s say our main role here is to : Monitor , Detect and Report , break them down :

Monitoring is required a 24/7 visibilty , so as a SOC TEAM need to have a rotitional shifts to cover all day monitoring and never miss out any behavior or activity may occured at any time. Also required to watch many charts , Bars , Events , Dashboards and your organization baseline. Such as monitoring Incoming/Outgoing Emails , Connections , Web Browesing , URLS, Attachments …etc.

Detect is required a knowledge of what’s normal and what’s NOT normal, SO you can detect upnormal behavior or activity. Also Dashboards and the indicators of your products will ease such thing for you.

Report is the action that should come after a finding of any activity you would suspect, informing your direct manager or for SOC Analyst Level (tier) 2. Also that may lead you to deal and contact other IT Departments in your Organization.

Here is a simple hierarchy that illustrate more where are you and other teams.

soc-hierarchy

Tools and Products Used

Let’s Breakdown one tools and products through your job and also your daily activity tools might help organize your thoughts and study.

Personal

Starting with your personal usefull tool to study or taking notes and daily tasks managament like Notion or any alternatives, this might help you write down all your thoughts and List to DO , that help you have a clear mind and focus on the current and needed task to be done.

Also I prefer Pen and Paper (Old school), Taking notes, making lists in notebook is a lot easier and i see it’s perfect to have a break even while making progress in time and tasks managament.

Job Tools

For our Monitoring of all network and all of these factors to notice, we have some helping tools and products make it easier to detect any unwanted activity.

Such as : SIEM (Security information and event management) and it’s almost the most important tool you will deal with everywhere, which is software solution that collects, correlates, and analyzes security-related data from various sources within an organization’s network.

Many Vendors for SIEM like: IBM Qradar, Splunk, Elastic ELK, FortiNet… etc.

You will use its dashboards to analyze logs, track incidents, and escalate critical issues to higher tiers for further investigation and detect any upnormal event.

Also EDR (Endpoint Detection and Response) is solution focus on monitoring and securing endpoints (such as workstations, servers, and mobile devices),They provide real-time visibility to you into endpoint activities, detect threats, and respond to incidents.

Many Vendors like: CrowdStrike Falcon , TrednMicro , SentinelOne… etc

Antivirus is main tool will use to detect any virus patterns or downloaded contect that maybe malware so it detect and prevent them. Also offers real-time scanning, heuristic analysis, and proactive defense against cyber threats.

One of most famous is Kaspersky , Bitdefender, Norton …etc.

And to be honest you may deal with more other tools like XDR , SOAR or even Cloud Products like MailGateways or AWS Security Hub. But you no need to have tons of knowledge to end dealing with one of them. I Keep my knowldege efficient and related to needed.

Platforms and Certificates

YOU have to be Certified to match SOC

is a myth.

No one need to pay to be qualified for any job. Certificates is just one way of showing your skills and credibility. But you have all the other ways to do that may be better if you give the time and the effort.

But if you are ready to have a punch of certificates that supports you in your path. or Give you a boost while you starting, Here is some of them that may help:

  • ISC2 CC ( FREE CERTIFICATION)

  • CompTIA CySA+ (Cyber Security Analyst)

  • Certified SOC Analyst (EC-CSA) From EC-Council Also if you already started and even working as SOC T1, you can look for

  • Certified Incident Responder (eCIR from INE )

  • Certified Incident Handler (EC-CIH)

But For me considering practicing investigation, analysis and your practical skills through platforms to solve challenges in cybersecurity, for me I practiced on most of these platforms, Such as :

  • Lets Defend
  • Cyberdefenders
  • Try Hack Me
  • CyberTalents
  • PicoCTF
  • Pentesterlab
  • CTF101

For sure these are a lot of websites, don’t overwhelmed that you create account for all of them and start practice all. Be realistic to can achieve more,Maybe explore all, but choose one of them and start practing.

At End Hope you enjoy reading some of my daily activity as SOC and if you are intereseted in Field , I am glad to connect.

LinkedIn . Our Page