A Not-for-Profit Support Group for

CyberSecurity and Data Privacy Professionals

Pathway to Becoming a
SOC Analyst

May 2024
Pathway to becoming a SOC Analyst – May 2024 A Not-for-Profit Support Group for Aspiring and Young
CyberSecurity and Data Privacy Professionals

Agenda

• Meet and Greet - Soji

• A Day in the life of a SOC Analyst (page 4 onward) – Bavan

• How SIEM Empowers SOC (online material) – Lakshmanan

• What Recruiters and Employers look for in a SOC Analyst (online material) – Cameron

• SOC Analyst Useful Hints/Materials (Slide 3) – Soji

• Q and A and Closing Remarks- Soji

Pathway to becoming a SOC Analyst – May 2024 A Not-for-Profit Support Group for Aspiring and Young
CyberSecurity and Data Privacy Professionals

Useful Hints/Materials
 Free SIEM Lab - https://medium.com/@aali23/a-simple-elastic-siem-lab-6765159ee2b2

 Build-Your-Own-SIEM Youtube – https://www.youtube.com/watch?v=2XLzMb9oZBI

 Other Free SIEM Tools – https://www.comparitech.com/net-admin/open-source-siem-tools/

 SOC Analyst Jobs Analysis – https://www.itjobswatch.co.uk/jobs/uk/soc%20analyst.do

 Sample SOC Analyst CVs –

• https://standout-cv.com/usa/soc-analyst-resume-example#resume-example

• https://www.livecareer.com/resume-search/r/soc-analyst-1-ce4f719293d44bd393d36c63ebfa7122

• https://www.hireitpeople.com/resume-database/67-quality-assurance-qa-resumes/236621-security-
operation-center-soc-analyst-resume-1
A Day in the Life of a SOC Analyst
The Digital Detectives Protecting Our Cyber World
1. Role and Importance: SOC analysts are crucial in detecting,
analysing, and responding to cybersecurity threats, acting as the
frontline defenders of our digital world.
2. Daily Responsibilities: This presentation will explore the daily
tasks of SOC analysts, including the tools they use and the
challenges they face in their investigative work.
3. Impact on Security: By understanding the work of SOC analysts,
we can appreciate their vital role in enhancing and maintaining
organisational cybersecurity.
1. https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
2. https://www.verizon.com/business/resources/reports/dbir/2024/summary-of-findings/
3. https://horizon.netscout.com/?mapPosition=0.00~0.00~0.00
Introduction: The Cyber Detective - To investigate or not to

● Detective Analogy: SOC analysts are like digital detectives,

investigating anomalies, analysing security alerts, and piecing
● together
Role andevidence to protect
Tools: They an organisation's
use sophisticated digital
tools and assets. to
techniques
trace the origins of cyber attacks, understand their impact, and

● develop
Real-Lifestrategies to prevent
Story: A SOC analystfuture threats.
uncovered a sophisticated phishing
campaign targeting a financial institution, quickly containing the
attack and securing compromised accounts, thereby preventing a

major security breach.

What is a SOC
High level SOC

SOC
Organisational Minimised,Identified
Data and remediated
Incidents

Threat intel

GIGO
The SOC functions and Challenges

Incident
Collection Detection Threat hunting
Response

Vulnerability
Investigation Triage Communication
Mgmt
Tools for the Trade
SIEM, SASE, XDR, EDR, CASB, ZTNA

OSINT, MALTEGO

… etc
Behind the Scenes: My SOC Routine

● Starting the Day: Briefing, system login, review emails and alerts
● Monitoring and Analysis: Monitor network traffic, identify and investigate
threats
● Incident Response: Prioritise and investigate alerts, contain and mitigate
threats
● Collaboration and Communication: Coordinate with team, communicate with
stakeholders, document actions
● Continuous Improvement: Threat hunting, update playbooks, participate in
training
● End-of-Day: Prepare handover reports, summarise daily activities, perform
system maintenance
● Learning and Adaptation: Review threat intelligence, optimise tools, provide
feedback
Investigative Action: A Day in the Life - Suspicious Login Attempt

The Alert:
It's a typical Tuesday morning in the SOC. I'm reviewing the SIEM console when a
high-priority alert pops up. It flags a suspicious login attempt on a critical server
used for storing financial data.

Identifying the Threat:

The alert details show a login attempt originating from an unfamiliar IP address
located in a country where our company has no known operations. Additionally,
the attempt occurred outside of our usual business hours.
Research and Initial Investigation:

1. Geolocation: I use a geolocation tool to pinpoint the origin of the IP address. It confirms the
location as suspicious, further raising concerns.
2. User Account: I investigate the targeted user account. It belongs to a senior finance manager
who rarely logs in remotely.
3. Login Time: The login attempt occurred at 2:30 AM, far outside the manager's usual working
hours.

Utilising Investigation Tools:

1. User Activity: I use a User Entity and Behavior Analytics (UEBA) tool to analyze the manager's
past login activity. This confirms the login attempt deviates significantly from the manager's
typical access patterns.
2. IP Reputation: I check the IP address against threat intelligence feeds. The address is not
currently blacklisted, but it shows suspicious activity associated with known botnets.
Escalation and Containment:
Based on the accumulated evidence, the situation appears increasingly likely to be
a malicious attempt. Here's what I do next:
1. Immediate Action: I initiate a temporary account lockout for the targeted user
account to prevent further access attempts.
2. Communication: I immediately contact the finance manager via a secure
channel to confirm or deny the login attempt.
3. Teamwork: I escalate the incident to the security response team for further
investigation. This includes analyzing server logs for any signs of intrusion
and notifying relevant stakeholders.
The Human Side of SOC

● Thought Process and Pressure: Constant vigilance and quick decision-making,

sifting through data under tight time constraints. High pressure to avoid missing
critical alerts, staying calm, focused, and methodical in high-stress situations.
● Personal Anecdote: Received a high-risk alert for a suspicious login attempt.
Methodically reviewed login history and patterns, discovered and blocked a
coordinated attack.
● Satisfaction of Stopping an Attack: Immense satisfaction in successful
interventions. Example: Detected and isolated a sophisticated phishing attempt,
protected sensitive information, and reinforced the importance of cybersecurity.
● Emotional Resilience and Team Support: Handling constant stress and high
stakes, relying on the team for advice and collaborative problem-solving. Regular
debriefs and team-building activities to maintain morale.
Teamwork Makes the Dream Work

● Why Collaboration Matters: Effective security requires teamwork across IT,

Network, and Dev departments.
● Working Together: SOC analysts collaborate on threat identification, incident
response, and remediation efforts.
● Collaborative Incident Example: SOC detects suspicious activity; SOC and Network
team trace and contain threat; IT patches vulnerabilities and restores systems.
Result: Swift isolation, minimal downtime.
● Communication is Key: Use secure chat platforms for real-time updates, ticketing
systems for tracking investigations, and regular meetings and debriefs for
knowledge sharing.
The Bigger Picture: Why SOC Matters
● Value of SOC Analysts:
● SOC analysts are the immune system of an organisation, constantly
patrolling for cyber threats.
● Impact on Organisation’s Cybersecurity:
● A skilled SOC team fortifies cybersecurity, preventing threats from
escalating into major breaches.
● Contribution to Security Posture:
● SOC analysts enhance resilience against evolving threats and improve
security policies and practices.
● Overall Security Benefits:
● Ensures regulatory compliance, maintains customer trust, and protects
organisational assets, leading to a secure and stable environment.
Conclusion: Lessons Learned and Takeaways

● Key Insights:
● SOC analysts are the digital detectives of cybersecurity.
● Effective security requires teamwork and advanced tools.
● Surprising Threats:
● Unexpected and evolving cyber threats demand constant vigilance.
● Real-life incidents reveal the diverse challenges faced daily.
● Value of SOC Analysts:
● SOC analysts play a crucial role in protecting organisations.
● Their work enhances the overall security posture and prevents
significant breaches.