Is the 5-Step SOC Analyst Method a Method or Template?
Security analysis is what security analysts do. There's no escaping it. If you aren't interested in security analysis, then a SOC analyst may not be the best role for you. The SOC may just be a stepping stone, but you'll have a hard time moving out of it if you're not good at security analysis and aren't a great SOC analyst.
At first glance, the five steps look like a template for documenting a security event. And it is that. But it's more than a template because it teaches you a method for conducting security analysis. Each step comes in a particular order, and inside each step is a way to transform a security log into a conclusion about whether something is malicious activity or not.
More than anything else the 5-step SOC analyst method is a training tool to teach you how to do security analysis. Many companies may not even want you to spend the time documenting your analysis in such a verbose way. They might even just care about the conclusion. Many managers just want to see their metrics get better and could care less about analysis (or even if it's any good). Unfortunately, that is the world we live in, where the security posture of an organization is just a number of how many alerts have been analyzed but take no heed of the quality of analysis. This leads to who can close alerts the fastest and an ever-growing number of alerts to be analyzed since no one has the time to improve on the SOC. If you're stuck at one of these companies, my advice to you is to find work elsewhere when you can. You will not learn anything there that is valuable to you in your career moving forward, and it will feel like a dead-end job that's no more than a factory line sweat job. I have worked at companies like these before, and I resigned.
If at any point in your career, you're not learning, it's time to move on.
For Managers that do value analysis, results, and the overall security posture of the organization they are running, they won't see the 5-step SOC analyst method but see your thoroughness, and they will also see the diligence and care you take to protect the company. Coupled with your recommendations for improvement, they will see you as someone who is capable of producing a more efficient SOC, and you will be picked to help automate the SOC. Automation is what every SOC is trying to do and is the skill most in demand in the SOC, and they won't ever pick someone to help automate who doesn't know how to do a thorough analysis.
Is the 5-Step SOC Analyst Method a template? Yes. Is it a method? Yes. But more than anything else it is a training tool for you to practice to become efficient at security analysis.
Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts.
You can connect with him on LinkedIn.
You can sign up for a Lifetime Membership of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits.
Download the Azure Security Labs eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing.
Some of our free resources include the Forums, the Knowledge Base, our True Entry Level SOC Analyst Jobs, Job Hunting Application Tracker, Resume Template, and Weekly Networking Checklist. Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer.
Check out my latest book, Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success, 2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here
Comentários