SOC Analysts are the front line of defensive security operations and one of the most in-demand roles in cybersecurity. This career path will prepare you for success as an entry-level SOC Analyst.
Learners at 96% of Fortune 1000 companies trust Cybrary
Cybrary’s Security Operations Center (SOC) Analyst career path and associated assessments will equip you with the knowledge and hands-on skills you need to launch your career as a SOC Analyst. Over the course of 20+ courses and hands-on virtual labs, you will learn defensive security fundamentals, log analysis, network-based detection, and host-based detection.
As you proceed through the path, your progress will be measured in real time using Experience Points (XP) that serve as a comprehensive capability score for each topic.
The Leadership and Management Career Path is expected to release in Q2 of 2025. Sign up now to explore our other leadership courses and content.
Start Learning for FreeLearn core concepts and get hands-on with key skills.
In this course, you will learn the basics of defensive security and cyber risk. You will review foundational risk management concepts such as calculating risk and strategies for dealing with risk. You will also explore the NIST CSF as a framework for understanding defensive security.
In this course, you will learn the basics of defensive security operations. You will review the key roles and responsibilities within a Security Operations Center (SOC), as well as enabling technologies for defensive security, including a deep dive on Continuous Monitoring.
In this hands-on lab, you will learn the basics of security ticketing, including the core components of a security ticket and how they can be resolved. You will practice navigating a security ticketing platform, and create, edit, and close tickets in that platform.
In this hands-on lab, you will learn the basics of log analysis, including key terms and basic anatomy. You will practice using the command line to conduct simple analysis techniques on a series of log files, including profiling and search.
In this hands-on lab, you will learn the basics of SIEMs, including basic functionality and practical applications. You will practice analyzing log files using the Wazuh SIEM.
In this hands-on lab, you will learn the basics of Windows Event logs, their format, and different types. You will practice using the Event Viewer and correlating between Event Logs in the Event Viewer and a SIEM
In this hands-on lab, you will learn the basics of using search expressions in a SIEM. You will practice creating a series of search expressions in the Wazuh SIEM.
In this course, you will learn the basics of security monitoring and detection for network traffic.
In this hands-on lab, you will learn the basics of network observables. You will practice researching and documenting observables from a suspicious email using the security ticketing system theHive.
In this hands-on lab, you will learn the basics of SIEM-based detection and alerting. You will practice using the Wazuh SIEM to create, modify, and test custom rules and alerts.
In this hands-on lab, you will learn the basics of web activity logs. You will then practice identifying meaningful events in web proxy (HTTP/HTTPS) and name server (DNS) logs in the context of a new threat intelligence report.
In this course, you will learn the basics of host-based detection and analysis. You will learn about host monitoring strategies, relevant host data, visibility, and content access techniques, as well as types of detection logic.
In this hands-on lab, you will learn the basics of Endpoint Detection and Response tools. You will practice using the Wazuh EDR to install an agent on a Windows endpoint and detect simulated attacks aligned to the MITRE ATT&CK framework.
In this lab, you will learn the basics of SIEM dashboards. You will practice creating your own custom dashboard using the Wazuh SIEM.
In this hands-on lab, you will learn how to analyze spearphishing emails containing malicious links. You will practice analyzing a sample spearphishing email.
In this hands-on lab, you will learn the basics of process analysis and Windows execution. You will practice using Process Explorer and a SIEM to analyze information from collected process dumps.
In this hands-on lab, you will learn the basics of persistence in Windows. You will practice generating data that is representative of common persistence mechanisms, then use a SIEM to identify indicators of persistence.
In this hands-on lab, you will learn the basics of email analysis with a special focus on malicious attachments. You will practice performing triage analysis of a spearphishing email containing a suspicious attachment.
In this hands-on lab, you will learn about local authentication mechanics in the Windows operating system, including user accounts, the authentication process, and different types of authentication. You will practice identifying when a user account has logged on and logged off, including the type of authentication.
In this hands-on lab, you will learn about domain-based authentication mechanics in the Windows operating system, including user accounts, the authentication process, and different types of authentication. You will practice identifying when a domain user account has logged on and logged off, including the type of authentication.
Exercise your problem-solving and creative thinking skills with security-centric puzzles
In this hands-on challenge, you will practice using SIEM search expressions to locate suspicious activity related to XRDP traffic.
In this hands-on challenge, you will practice using SIEM search expressions to locate suspicious activity related to XRDP traffic.
In this hands-on challenge, you practice profiling a suspicious process on a Windows system.
In this hands-on challenge, you will practice analyzing log events related to Windows authentication.
In this hands-on challenge, you will practice researching network observables.
In this hands-on challenge, you will practice researching log events related to a reported spearphishing attack.
Assess your knowledge and skills to identify areas for improvement and measure your growth
Test your Defensive Security Fundamentals knowledge and skills to identify strengths, gaps, and weaknesses in areas like defensive security operations, cyber risk, and security ticketing. Measure your mastery of Host Analysis and advance your career with targeted course and virtual lab recommendations.
Test your Log Analysis knowledge and skills to identify strengths, gaps, and weaknesses in areas like log anatomy, log types, Windows event logs, and SIEM-based log analysis. Measure your mastery of Log Analysis and advance your career with targeted course and virtual lab recommendations.
Test your Host-Based Detection knowledge and skills to identify strengths, gaps, and weaknesses in areas like EDR, process analysis, and authentication.
Test your Network-Based Detection knowledge and skills to identify strengths, gaps, and weaknesses.
Cybrary’s expert-led cybersecurity courses help your team remediate skill gaps and get up-to-date on certifications. Utilize Cybrary to stay ahead of emerging threats and provide team members with clarity on how to learn, grow, and advance their careers within your organization.
Put your skills to the test in virtual labs, challenges, and simulated environments.
Track your skills development from lesson to lesson using the Cybrary Skills Tracker.
Connect with peers and mentors through our supportive community of cybersecurity professionals.
SOC Analysts play a critical role in an organization’s cybersecurity defense by detecting, analyzing, and responding to security threats in real time. SOC Analysts monitor network traffic, investigate suspicious activity, and mitigate potential breaches by implementing security measures.
As cyber threats grow more complex, SOC Analysts help organizations stay ahead of attackers. Their work is critical for minimizing downtime, preventing data loss, and keeping companies compliant with industry cybersecurity regulations.
SOC Analysts monitor, detect, and respond to security incidents, playing a critical role in protecting an organization’s computer systems, networks, and data. SOC Analysts must remain aware of emerging threats, attack techniques, and vulnerabilities.
Common SOC Analyst tasks and responsibilities include:
This career path is designed for learners with a solid grasp of foundational IT and cybersecurity concepts who are interested in pursuing an entry-level defensive security role. This includes current early-career and mid-career IT practitioners looking to transition into a cybersecurity role.
Experienced defensive security practitioners will also benefit from reviewing core concepts and testing their skills in this path's Challenge and Assessment modules.
While this course is focused on the SOC Analyst role and job title, there are other roles with similar responsibilities. Professionals trained in defensive security can pursue a variety of roles, including:
SOC Analysts are employed across every industry, from healthcare and government to manufacturing, finance, retail, and more.