Why should you get into Security Operations Center (SOC)?
Cybersecurity breaches are on the rise. Most of these breaches occur due to the lack of a comprehensive monitoring/surveillance strategy and poor implementation of various security controls.
Fig: Reasons for cybersecurity breaches – https://ssdtechie.com/2020/07/06/the-human-factor-in-cybersecurity-employees/
One of the best ways to mitigate such risks is by having an effective Security Operations Center or SOC.
WHAT IS a SOC?
A SOC is a centralized hub within an organization consisting of people, processes, and technology that help in continuously monitoring and improving an organization’s security posture. A SOC helps in detecting, analyzing, preventing and responding to cybersecurity incidents.
Think of SOC like a central command centre, collecting and analyzing data from across an organization’s entire IT infrastructure and assets. SOC receives logs of from various technologies and creates events based on a set of pre-configured rules. The SOC must decide how each of these events will be acted upon or managed.
Fig: Structure of a SOC – https://www.fool.com/the-blueprint/soc/ [SM1] [S2]
Following are the top responsibilities of a SOC
A SOC Analyst’s role
SOC analysts form the backbone of a SOC. While tools and automation drive most activities in a SOC, the overall management of these tools, telling the tools what to do, and handling all exceptions and escalations is done by SOC analysts.
The critical tasks for a SOC analyst roles include
- Monitoring all perimeter devices
- Analyzing the flow of information
- Creating new rules for observation
- Discussions with clients about requirements
- Reporting
- and most importantly, a lot of learning.
Sometimes, one might have the misunderstanding that the role of a SOC analyst is a routine job. Especially with increasing automation and the advancement of technology, there is a false notion that SOC analysts have lesser work to do. Nothing could be farther from the truth. While it is true that SOCs are getting more and more automated, the complexity of cyber threats is also increasing. Also, with the increasing complexity of tools, there is an increased need for talent to manage these tools. More importantly, while these tools will manage routine tasks, the exceptions need to be handled by SOC analysts who have to use their experience and knowledge to deduce aspects about an event that the tools can’t.
So along with the knowledge of the latest in cybersecurity, network, etc., the following fundamental skills are essential for this role.
- Keen observation
- Ability to analyze in-depth
- Problem-solving skills
- Monitoring skills
- Technical writing skills.
In today’s open-source, digital learning environment, various sources are available for equipping oneself with the skills required for a SOC analyst. In addition, there are also various courses and certification programs by reputed institutions like the Institute of Information Technology that can help you become a certified SOC analyst.
How to prepare for a SOC Analyst role?
Following are a few steps that can help you in your journey towards becoming a SOC analyst.
- Check out job descriptions for SOC analyst roles in job searching platforms like Naukri.com and prepare a learning path.
- Understand ‘networking’ basics (TCP/IP/switching/routing/protocols)
- Learn system administration (Windows/Linux/Active Directory/Hardening)
- Use of Wireshark to do fundamental analyses of traffic and detect the vulnerabilities.
- Understand high-level perimeter devices like Firewalls, Checkpoints.
- Along with certifications, prepare on your own with practical activities like setting up labs, preparing source systems/destination systems, and capturing/analyzing the traffic.
- Build your personal brand by writing blogs on case studies you did by analyzing the traffic in tools like Wireshark.
- Build a LinkedIn network & keep yourself updated with the latest trends in the industry.
Technical skills required:
- Network & Security Fundamentals. (OSI Model, ports, Network Devices, Windows, Linux OS architecture, Firewall rules. )
- SIEM tools. (Qradar, Splunk, Arc Sight)
Free Learning Sources
- https://go.cyberbit.com/free-remote-cyber-range-training-oct-2020/?utm_source=blog&utm_medium=5-free-cyber-security-training
- https://www.coursera.org/learn/fundamentals-network-communications
- https://opensecuritytraining.info/Pcap.html
- https://opensecuritytraining.info/NetworkForensics.html
- https://josephdelgadillo.com/wireshark-course-free/
- https://www.splunk.com/en_us/training.html
- https://wildwesthackinfest.com/training-schedule/
- https://www.activecountermeasures.com/
Other learning sources:
- Interview preparation – https://www.infosectrain.com/blog/20-most-common-soc-analyst-interview-questions-and-answers/
- Blog reference – https://danielmiessler.com/blog/build-successful-infosec-career/
- Security researchers you could follow on YouTube
- https://www.youtube.com/c/BlackPerl/featured
- https://www.youtube.com/c/CybersecurityMeg/featured
- https://www.youtube.com/c/jbravovideos/featured
- eBooks – http://index-of.es/Varios-2/Windows%20System%20Internals%20Part%201.pdf