Ready to Start Your Career?Create Free Account
April 27, 2018
State of the Market: The SOC Analyst Career Track
April 27, 2018
April 27, 2018
So you want to be a security operations center (SOC) analyst.At the very least you’re considering the role — you’ve seen the data about emerging cybersecurity skills gaps, you want to know more about defending networks against cyber attacks and you’re willing to take on the challenges of advanced training and certification.But you have questions: What exactly does a SOC analyst do every day? What threats are on the horizon? How is the job changing over time?Let’s dive in and discover the SOC impact.Day to Day OperationsCompanies are under threat. Fileless malware, ransomware and phishing attacks are on the rise, and hackers are smart enough to sidestep common defense strategies by compromising networks and applications in unexpected ways. The result? Security operations centers (SOCs) are now running 24/7, staffed by security engineers, managers, and SOC analysts.And while every company has their own unique take on the role of SOC experts, a typical day in your new job means analyzing threat data, reviewing incident logs and developing new strategies to protect against cyber attacks. Worth noting? This is no easy feat: Recent data shows that 37 percent of SOC analysts handle more than 10,000 alerts every month — and 52 percent are false positives. This means that in addition to high-level threat detection and remediation abilities, analysts need the ability to spot false alerts while prioritizing potential concerns.Emerging ThreatsSOC analysts are also responsible for developing strategies which combat emerging threats. This means finding ways to address new vectors such as account takeover (ATO) and Internet of Things (IoT)-based attacks, which often leverage insecure passwords or stock credentials to compromise devices at the edge of corporate networks. Once in control, cybercriminals move laterally across applications and services until they reach valuable data and begin exfiltrating information.As a result, technical expertise is no longer enough on its own — SOC analysts must play the role of cyber detectives, following both data and intuition when it comes to hunting down cyber threats. Consider: While logging and monitoring tools do a great job of stopping common attacks and aggregating key security data, hackers know enough about how these tools work to sidestep most defenses. And once they’re inside business networks, the tools designed to keep out attackers no longer recognize them as a threat.SOC analysts must, therefore, combine alert reporting data with their own knowledge and experience to identify and remediate threats. Consider the example of a DDoS attack: As traffic starts ramping up, monitoring tools notify SOC teams of the problem and defensive strategies are activated. But hackers may be using DDoS as a screen to infect seemingly non-critical systems which will provide lateral movement across the network. SOC analysts need the cyber-sleuthing skills to think outside the box and ask the hard questions: Is this attack the only attack? Why? What could hackers really be after?Changing NeedsSOC analysts can’t tackle alerts, reports and emerging threats alone. With companies already spending millions of dollars — and over 21,000 hours per year — dealing with false positives, there’s a growing need for automation to help empower SOCs and deliver actionable threat intelligence. Now, enterprises are deploying both machine learning and artificial intelligence (AI) solutions to help reduce the number of false positives and take some of the burden off SOC teams.For SOC candidates, the changing market requires critical skills including:
- Readiness to work with AI — It’s not coming for your job, it’s here to make your job easier. Next-gen SOCs must leverage automation to keep up with the speed of security events.
- 24/7 Preparation — Attackers don’t take the day off, and they know most companies are more vulnerable on evenings and weekends. Network incidents are your domain — anytime, anywhere.
- Drive to understand — It’s not enough to enjoy the concept of improved cybersecurity; effective SOC analysts are driven to discover how networks are being compromised, what can be done to improve defenses and why hackers are leveraging specific attack patterns.
- Willingness to learn — Security isn’t a static marketplace, meaning that regular re-training, upgrading, and re-certification will be required for best job performance. With hackers rapidly adapting to new security techniques, it’s critical for SOC analysts to stay ahead of the curve.