Become a SOC Analyst - Level 3

Overview
What Are Some SOC Analyst Roles and Responsibilities?
In general, the role of the SOC analyst is to plan, monitor, and implement security measures to protect an organization’s computer systems, networks, and data. To do this, SOC analysts must stay up-to-date on the most current intelligence, including hackers’ practices and tactics, to anticipate and prevent security threats and breaches.In addition to the above, as an SOC analyst, you will likely be required to:
What Are Some SOC Analyst Job Requirements?
Each organization that is hiring an SOC analyst will have its own degree and work experience requirements for candidates. However, it’s most common for organizations to require that SOC analyst candidates have a bachelor’s degree in computer science or another relevant field, as well as at least one year of IT work experience.Some of the other common requirements for SOC analyst positions are:
Some of the common technical knowledge requirements include:
What is a Typical SOC Analyst Job Description?
As a security operations center analyst your primary duty is to ensure that the organization’s digital assets are secure and protected from unauthorized access. That means that you are responsible for protecting both online and on-premise infrastructures, monitoring metrics and data to identify suspicious activity, and identifying and mitigating risks before there is a breach. In the event that a breach does occur, an SOC analyst will be on the front line, working to counter the attack.Additionally, SOC analysts must generate reporting for managers and IT administrators to evaluate the effectiveness of current security protocols. Then you will be responsible for making any necessary modifications to establish a more secure network. You may be required to create training programs and curriculum to educate the organization’s employees and network users on proper security policies and procedures.
Candidates for the SOC analyst position must have analytical skills, communication skills, and the desire to stay up-to-date on the latest technology. It’s also important that you are prepared to sift through huge amounts of information to identify threats or other security issues, and to be flexible and available at any time – because threats and attacks can happen at any time, day or night.
A Day in the Life of an SOC Analyst
As an SOC analyst, you will likely find that no two days are alike in a security operations center – hackers and other adversaries don’t follow a specific schedule, and how much time you have to spend on an individual incident can depend on many factors. You may be able to circumvent an attack quickly in some cases, while others much more time and attention.While you will be required to ascertain the weaknesses of hardware, software, and network infrastructure and establish ways to protect it daily, the nature of information security means that each day may bring different situations, tasks, and challenges. When there is a threat or an attack, your team will likely work nonstop to expose the attack, shut down access to your systems, resolve the issue, work to prevent the same type of attack from happening in the future, and document and communicate appropriate information to management or clients.
SOC analysts may have to be willing to work at odd hours, outside of the normal workday, to perform the necessary incident response to protect the digital assets of the organization. You can rest assured that as an SOC analyst, you will not experience boredom or repetition in your daily duties.
How Long Will It Take To Be Job Ready?

CompTIA CASP+ (CAS-004)

Intro to Malware Analysis and Reverse Engineering

Assembly

How to Use binwalk (BSWJ)

MITRE ATT&CK Defender™ (MAD) ATT&CK® Cyber Threat Intelligence Certification Training

Analyze Structured Exception Handler Buffer Overflow Exploit
Students will identify the use of a Buffer Overflow exploit through the use of Wireshark and by analyzing items found in the captured traffic. The students will also find the exploit code and isolate the different aspects of a Buffer Overflow exploit.

Threat Designation
Students will conduct scans against a web server, a file share, a printer and a user's host device. The student will identify specific threats posed to the system. Students will then scan a network and identify potential points of ingress (open ports, etc) that could cause compromise to the system.

Static and Dynamic Malware Analysis Lab
In this lab, students will perform static and dynamic malware analysis. Analyzing malware is important for many reasons. Malware analysis in general is taking steps to find out more information about things like who crafted a malware payload or what types of actions the malware is trying to perform. Static analysis is where you look at the file contents and look at the strings and don’t execute the file. With dynamic malware analysis, you run the file (likely in a virtual environment not connected to a real network) to see the types of network and process actions that happen to the system.

Forensic Analysis of a Linux System Lab
In this lab, you will learn how to search through a forensic disk image in dd format to find artifacts related to an intrusion on a Linux Server. Some of the relevant forensic artifacts from a Linux system include apache log files, the history file, and the secure or auth.log file, which includes valuable information such as SSH connections or user account activity. You will find that forensic analysis of a Linux system is far different than forensics in Windows.

Forensic Analysis of a Windows 10 Client Lab
In this lab, you will learn how to search through a forensic disk image in dd format to find artifacts related to an intrusion on a Windows client machine. Windows’ client machines tend to be a large target for hackers because end users, who may lack knowledge of computer security, can download malicious files or open malicious attachments. Some of the relevant forensic artifacts from a Windows server include Windows event log files, event viewer files, and registry entries.

Forensic Analysis of Windows Server Lab
In this lab, you will learn how to search through a forensic disk image in dd format to find artifacts related to an intrusion on a Windows Server. A hacker’s dream is to compromise a Windows Server, especially a domain controller, because they can leverage the Domain administrator account to control most of the other systems within in the network. The relevant forensic artifacts from a Windows Server include log files, event viewer files, and registry entries.

Denial of Service PCAP Analysis
The student will act as attacker and defender in this scenario. They will receive experience using a custom denial of service python script, and then will switch over to the defensive side. On defense they will need to detect the activity, design firewall rules to block the DoS, implement the rules and then check their effectiveness.

Recover from Web-Based FlashPack Incident
Students will recover a Windows 7 client infected by an unknown payload loaded after exposure to the FlashPack Exploit Kit. The recovery will encompass network traffic analysis to determine infection vector and payload delivery mechanisms as well as system-specific recovery procedures to restore the system to its original functionality.

Respond to Cyber Espionage Against Overseas Corporate Assets in Taiwan
Students will will be introduced to a real world international cyber espionage campaign that has been used to target corporate assets in Taiwan. Students will analyze a packet capture in order to determine the nature of the data being sent between a victim machine and a distant server. Using this information they will have the data needed in order to add valuable content to a cyber incident report. CSXS - 4.1