Professional Documents
Culture Documents
Pathway To Becoming A SOC Analyst
Pathway To Becoming A SOC Analyst
Pathway To Becoming A SOC Analyst
Pathway to Becoming a
SOC Analyst
May 2024
Pathway to becoming a SOC Analyst – May 2024 A Not-for-Profit Support Group for Aspiring and Young
CyberSecurity and Data Privacy Professionals
Agenda
• What Recruiters and Employers look for in a SOC Analyst (online material) – Cameron
Useful Hints/Materials
Free SIEM Lab - https://medium.com/@aali23/a-simple-elastic-siem-lab-6765159ee2b2
• https://standout-cv.com/usa/soc-analyst-resume-example#resume-example
• https://www.livecareer.com/resume-search/r/soc-analyst-1-ce4f719293d44bd393d36c63ebfa7122
• https://www.hireitpeople.com/resume-database/67-quality-assurance-qa-resumes/236621-security-
operation-center-soc-analyst-resume-1
A Day in the Life of a SOC Analyst
The Digital Detectives Protecting Our Cyber World
1. Role and Importance: SOC analysts are crucial in detecting,
analysing, and responding to cybersecurity threats, acting as the
frontline defenders of our digital world.
2. Daily Responsibilities: This presentation will explore the daily
tasks of SOC analysts, including the tools they use and the
challenges they face in their investigative work.
3. Impact on Security: By understanding the work of SOC analysts,
we can appreciate their vital role in enhancing and maintaining
organisational cybersecurity.
1. https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
2. https://www.verizon.com/business/resources/reports/dbir/2024/summary-of-findings/
3. https://horizon.netscout.com/?mapPosition=0.00~0.00~0.00
Introduction: The Cyber Detective - To investigate or not to
● develop
Real-Lifestrategies to prevent
Story: A SOC analystfuture threats.
uncovered a sophisticated phishing
campaign targeting a financial institution, quickly containing the
attack and securing compromised accounts, thereby preventing a
SOC
Organisational Minimised,Identified
Data and remediated
Incidents
Threat intel
GIGO
The SOC functions and Challenges
Incident
Collection Detection Threat hunting
Response
Vulnerability
Investigation Triage Communication
Mgmt
Tools for the Trade
SIEM, SASE, XDR, EDR, CASB, ZTNA
OSINT, MALTEGO
… etc
Behind the Scenes: My SOC Routine
● Starting the Day: Briefing, system login, review emails and alerts
● Monitoring and Analysis: Monitor network traffic, identify and investigate
threats
● Incident Response: Prioritise and investigate alerts, contain and mitigate
threats
● Collaboration and Communication: Coordinate with team, communicate with
stakeholders, document actions
● Continuous Improvement: Threat hunting, update playbooks, participate in
training
● End-of-Day: Prepare handover reports, summarise daily activities, perform
system maintenance
● Learning and Adaptation: Review threat intelligence, optimise tools, provide
feedback
Investigative Action: A Day in the Life - Suspicious Login Attempt
The Alert:
It's a typical Tuesday morning in the SOC. I'm reviewing the SIEM console when a
high-priority alert pops up. It flags a suspicious login attempt on a critical server
used for storing financial data.
1. Geolocation: I use a geolocation tool to pinpoint the origin of the IP address. It confirms the
location as suspicious, further raising concerns.
2. User Account: I investigate the targeted user account. It belongs to a senior finance manager
who rarely logs in remotely.
3. Login Time: The login attempt occurred at 2:30 AM, far outside the manager's usual working
hours.
1. User Activity: I use a User Entity and Behavior Analytics (UEBA) tool to analyze the manager's
past login activity. This confirms the login attempt deviates significantly from the manager's
typical access patterns.
2. IP Reputation: I check the IP address against threat intelligence feeds. The address is not
currently blacklisted, but it shows suspicious activity associated with known botnets.
Escalation and Containment:
Based on the accumulated evidence, the situation appears increasingly likely to be
a malicious attempt. Here's what I do next:
1. Immediate Action: I initiate a temporary account lockout for the targeted user
account to prevent further access attempts.
2. Communication: I immediately contact the finance manager via a secure
channel to confirm or deny the login attempt.
3. Teamwork: I escalate the incident to the security response team for further
investigation. This includes analyzing server logs for any signs of intrusion
and notifying relevant stakeholders.
The Human Side of SOC
● Key Insights:
● SOC analysts are the digital detectives of cybersecurity.
● Effective security requires teamwork and advanced tools.
● Surprising Threats:
● Unexpected and evolving cyber threats demand constant vigilance.
● Real-life incidents reveal the diverse challenges faced daily.
● Value of SOC Analysts:
● SOC analysts play a crucial role in protecting organisations.
● Their work enhances the overall security posture and prevents
significant breaches.