By: Shimon Brathwaite
May 26, 2021
Career Paths In A SOC
By: Shimon Brathwaite
May 26, 2021
Security Operation Centers (SOCs) is the central unit that handles all security issues on an organization level. SOCs receive alerts from all the SIEMs and other security monitoring tools that an organization has in place and analyzes those alerts to determine what is going on within the company network. It is a great place to begin your cybersecurity career because you will be exposed to the entire incident response process from the ground up and you will have the opportunity to work with many different tools. To maximize your career it is important to consider what area of cybersecurity you would like to specialize in, so you can develop skills and gain expertise. Here are some of the main areas you should consider specializing in if you want to work in a SOC environment:
The first and most common specialty that you can expect to encounter in a SOC is the incident responder track. Incident response is all about resolving security incidents that occur with the company. As a SOC analyst, you will encounter numerous amounts of security incidents per week. At first, your job will consist of conducting analysis and then sending it to senior-level analysts to manage the incident. At every SOC level, you can begin obtaining experience working on different types of incidents and turning that focus into a specialty. Level 2 or level 3 incident responders can receive higher pay in salary as they obtain experience in handling different types of incidents, which turns into a full-time role.
Cybersecurity professionals that focus on security analytics work mostly with security tools like SIEMs to monitor the cybersecurity environment. These tools are used to identify trends and patterns that may indicate a potential attack as well as direct the cybersecurity operations within a company. In many SOC environments, you will receive access to SIEM tools like Splunk and utilize that time to obtain experience using the tools, running queries, pulling information, and assisting in security investigations from that aspect.
Forensic work is a pivotal part of a cybersecurity investigation. Computer forensics helps you understand what was done on a machine, identify what is needed to resolve the incident, and helps verify that the actions taken were sufficient in removing the malware from a machine. Given the number of incidents that SOC analysts deal with, you will have opportunities to perform forensic work as part of the overall investigation; this can be useful to grow within the SOC environment or move into a purely technical role.
Threat hunting is one of the proactive aspects of the SOC; it is the practice of looking for any signs of compromise or vulnerabilities from within the company. If you are someone that likes solving puzzles or finding things that others cannot, you may enjoy threat hunting. It is a very in-demand field and many people find it rewarding because you can find bugs before they have a chance to affect the company, in the case of vulnerabilities. In the case of exploitation, you may find that your company was already hacked and no one even noticed.
While working in a security operations center, you have several options for specialization. Every option previously listed is an in-demand area and has a potential for growth in the future. Almost every large company has a SOC and therefore having experience in any of these areas will provide you with an advantage over your competitors in the future. The important thing is to plan out your career by selecting an area of focus and starting to get experience within that specialty. However, do not feel the need to just work in one of these areas; most good professionals have a wide breadth of knowledge, but they market themselves as an expert in one area.