24.7 SOC Analyst is an unforgiving job. Long hours and an intense workload, however it's the most common 'entry-level' position available in most metropolitan areas. Depending on the organisation, you may have greater or less freedom of work, able to follow through and conduct incident response yourself. In the end, the job comes back to the same thing: Investigating alerts, triaging and conducting first level analysis to escalate to responder teams.
About your first job:
What was your first job in cybersecurity? When was that, and what were your responsibilities?
My first job was Associate Security Analyst, on a 24/7 roster within a MSSP SOC. I would handle incoming alerts, triage and pass escalations on to on-site resolver teams.
Can you discuss some specific tasks you did, or goals you contributed towards?
Unfortunately not much more to say. 24/7 SOCs are a grind, but something that is still necessary until SOAR capabilities catch up. I would review incoming alerts, validate against our use case guidelines, analyse to determine if it was a likely false positive, and if not would escalate to the relevant resolver team. In my free time I would contribute to Detection Engineering, building new analytic models.
What were the most important technical skills that allowed you to succeed in that role?
Technical Writing. It all comes down to being able to explain problems to different stakeholders, and you want to make sure that the on-site team needs to duplicate as little of your work as possible. Technical Writing is more important than any networking/systems/analysis ability.
What were the most important attributes and personality traits that allowed you to succeed in that role?
Stubbornness. You'll get confusing problems. Being stubborn enough to work through them is essential. Having good imitative is also critical, going out on tangents of your own to find new problems or different solutions to existing problems.
What did you like about that job? Is there anything you didn’t like?
Big introvert, so I loved the solitude of nights and weekends. However when work got busy it got really busy. A lot of problems were compounded by an inefficient technology stack.
About how you broke in:
What degrees, certifications, bootcamps, or field experience did you have at that time?
None, none, none, and none in security. I had 3 years experience working as a Technical Support Officer at various primary and secondary schools.
If you have prior experience: How did your field experience help you at the start of your career in cybersecurity?
My technical experience gave me an insight to the activity that was occurring in the wider enterprise.
Out of degrees, certifications, bootcamps, and field experience: what mattered the most for obtaining your role?
None, to be honest. Having a strong professional network was the most important.
Would you recommend the path you took to get into cybersecurity? Are there cases where you wouldn't recommend it?
My pathway relied on luck. Knowing the right people, at the right time. I would not recommend this pathway.
Giving advice:
What are the top three things you think people considering cybersecurity careers should know about the field?
- You have to be right 100% of the time, someone else only has to be right once. Statistically you're going to fail at some point. Expect to fail, through your own misstep, not enough resources being allocated, etc. Don't let it get to you.
- Try to disconnect yourself from your work. You're not always going to have a blank cheque. Management will make decisions you don't like. It's ok to be passionate, but it will burn you out if you're not careful.
- NIST 800-181. Look at it. Look at all the different careers, look at all the different skills and knowledge and abilities and tasks that make up our field of work. Build a career that you want from that. Don't just think you want to be a Penetration Tester, or an Analyst. Understand what those roles are.
If coding was a big part of your role: What coding languages would you recommend people learn to be best-prepared for SOC Analyst?
PowerShell. In almost all environments, Windows will be the dominant OS. Learn how to administer an environment with PowerShell, and also learn how to make use of PowerShell to do basic automation tasks. Sure, Python is often a lot better language to do so, but if you get used to using PowerShell you'll find it's useful for a lot of strange tasks without having to muck around getting different languages and packages installed (especially if your environment is locked down with a restrictive SOE).
What are some projects you'd recommend for people trying to figure out if SOC Analyst could be right for them?
https://www.malware-traffic-analysis.net/
What do you think readers should take away from this series?
There are many different ways to join CyberSecurity. You literally don't need any skills or experience to join if you know the right people. Don't be disheartened by a lengthy job search.