Lessons from 10 years in the SOC
I started in the cybersecurity scene in the early 2000s. I was 12 or 13 years old hanging out on AIM, IRC and Yahoo! chat rooms. I discovered warez and learned my first hack, the ping of death. I’d hop on AIM and netstat for your IP address and send you a packet too large for your dialup to handle and it’d kick you off line. I was a prankster; just a bit mischievous but never malicious. I dove headfirst into the Linux subculture and went to Walmart where I found Mandrake for sale on CD. Now, most people think you can’t sell Linux but you can. This is Lessons from 10 years in the SOC?
You’re selling the distribution of Linux and you used to be able to walk into stores and buy it. This was a time when it’d take you days to download it and a quarter of your hard drive. It led to Knoppix Linux, which was the first live Linux distribution. I would take it to school pop it in the computer and all of the restrictions were lifted and I could jump back into my IRC chats. Always a chatter which has become troublesome because I treat Facebook and social media as an informal chat room and people take it very seriously.
I went to a really bad high school so I dropped out in 10th grade and went directly to get my GED. I walked in and passed it without any classes. In fact the year before in 9th grade I tested post graduate of high school in all the standardized tests. I started college at 16 in the only place that’d take me, DeVry, and I had the whole college experience. I stayed in dorms, hung out doing nerdy things on campus, delivered pizza to pay for my living money. My grandmother paid for my student housing but the rest of living was up to me. I look back very fondly at my time at DeVry in Decatur, Ga. It was a good education, too. I took my classes on-site and learned a lot. Some of my classes were online but it wasn’t the same learning experience. I think the reason why DeVry gets so much of a bad rep is that people start and they never finish, and it is expensive. The classes can be difficult. It really all depends on the Professor, and some take their jobs very seriously and do care a lot about the subject.
I graduated college and I had the full graduation experience. For the first time in my life I graduated. I walked across the stage at the Georgia Dome in front of all of my family and friends there to support me. Got pictures, threw my cap, and everything. It was the very first thing I accomplished in life. Prior to that I wasn’t much of a finisher.
I started out after college working IT support at a local community college. I spent eight months there and then started my career in cybersecurity at Dell SecureWorks in the SOC in December of 2013. I had so much fun working with my peers in this SOC that I’ve spent my entire career trying to find a place with the camaraderie that was the unique culture.
Since December of 2013 I’ve worked at several companies with an average tenure of 2–3 years so I’ve seen a lot of different environments. These are the lessons that I’ve learned in my 10 years working in cybersecurity.
Becoming SOC mature is about learning what to ignore.
I saw on LinkedIn recently someone said becoming mature in cybersecurity is about learning what to ignore and I just loved it. It resonated so well with me. When you first start out everything is a crisis. Everything is new and everything is critical. Once you have time in your seat long enough you learn what is expected and what is a unique occurrence. What’s an anomaly in the industry, and what seemingly happens all the time. This is important because knowing this helps you determine if there is an established process at the company you’re at for seeing this type of thing.
If you’re new at a company, but you’ve seen this often before, there’s likely a playbook for this.
Zeal fades as you slowly learn how compliance and regulation works. And how everyone gets paid.
Zeal is incredibly important for you starting out. Its the fountain of motivation to learn how everything works. Its a blessing and its a curse. Not everything works the way it should work for whatever reason and this creates conflicts of interest that really put a damper on how you feel about the importance of your work.
Not everyone is going to care about cybersecurity as much as you do, even the people paying you to do your work. Ideally, cybersecurity exists so businesses can take risks responsibly, but in some places cybersecurity exists just to say cybersecurity exists here.
When breaches were in the news everyday, cybersecurity was at the top of the agenda for executives. Breaches rarely meet the news cycles anymore, the public has been desensitized, controls have been put into place to protect people, and overall there has been improvement in the cybersecurity industry. Its a different place today where a breach isn’t likely to affect your stock very much. There was a period about five years ago that a breach would even make your stock go up.
Boy, was that difficult to deal with. Try going into work everyday to protect a company when a breach would make them more money.
Now its just become daily life.
There’s a gray area of perception. What you see on the outside of a company isn’t what is true and that’s accepted.
As I’ve become a business owner I’ve been viewed as not an individual but a company trying to promote/sell something to an audience. Its really made me feel compassion for the community because they are predisposed today to be skeptical of everything because they’ve been manipulated so much by marketing schemes. Marketing exists to make you want something, and to get your product to the people that want it. In this effort things get misconstrued that is often borderline untrue. Your company has a marketing team and your company strategizes on how to get the product as it is the right spin on it to make people buy it. I’ve worked at companies that had really great marketing teams and the perception is that this company really has its stuff together, and then I go to work there and they’re announcing how great their new product is that I know now hasn’t even finished developing. It doesn’t exist! It can leave a bad taste on your mouth about the company you work for thinking they are all just talking BS, but just know this is what marketing teams are supposed to do. Their doing their jobs really great, and now everyone else needs to do their jobs to catch up. This is normal and happens at every company. This is the product people want, now we need to make it.
You’re paid to protect a company from itself. If I paid someone to protect you from yourself, how would you feel if you kept being told to correct yourself. That’s how it looks as a CEO.
I said that right. You aren’t protecting your company from the bad guys out there hacking your company, that just par for the course. You’re protecting your company from users who do something to let them in. As a CEO, you are your company. When addressing executives use tact and empathy when explaining one of their indirect reports just caused a security incident. Its not important to punish anyone for bad behavior in most cases outside of insider threat, its important to come up with solutions on things we can do to prevent this from happening again. Live in the solution.
These are some of the things I’ve struggled with over the years, often causing periods of depression in my work when my idea of what cybersecurity should be isn’t what it truly is. The world didn’t meet my expectations in what I was led to believe would be my purpose and its sad. When this happens, its time to get comfortable in Corporate America and play this game the way its played.
Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts.
You can connect with him on LinkedIn.
You can sign up for a Lifetime Membership of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits.
Download the Azure Security Labs eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing.
Some of our free resources include the Forums, the Knowledge Base, our True Entry Level SOC Analyst Jobs, Job Hunting Application Tracker, Resume Template, and Weekly Networking Checklist. Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer.
Check out my latest book, Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success, 2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here.
Comments