top of page

SOC Analyst Roadmap to Success

Writer's picture: Tyler WallTyler Wall

Updated: Dec 8, 2024

soc analyst backgrounds

What’s in this article? This article will discuss background-specific tips for landing your first SOC Analyst role. The four targeted audiences are college graduates, career changers from IT, Veterans, and the Autodidact. Each one has its own nuance to make it worthwhile dedicating this article to your roadmap to success.


SOC Analyst Roadmap to Success

I will repeat myself through these four sections, driving home the idea that you have to prove your interest and back it up with examples, which is in addition to hard technical skills. Veterans have extensive networks of people and partnerships just waiting for them to plug into, college graduates have career services with their school to leverage, people transitioning from other areas of IT already have real-life experience often in domains that overlap with cybersecurity, and lastly, the auto didactic’s most vital selling point is their personal projects and involvement with the community at large.


I recommend to students of all backgrounds who are worried they don’t have much to talk about in an interview to deploy The Modern Honey Network as a project to Azure with a few honeypots. Take the data from it and analyze it. In the article The SOC Analyst Method, I explain how to analyze a security event. Practice this method on the honeypot attackers and find interesting things to discuss in the interview.


Recent Graduate

Congratulations! You have graduated from college or are about to graduate. It’s a monumental achievement, and I hope you’ve learned a lot. Maybe you had an internship, and that’s great because what you’re fighting now is a lack of experience. Getting experience with commercial tools is one of the most difficult things to do. They cost millions of dollars and work in highly complex enterprise environments, but the hiring manager knows that.


What he’s looking for is experience with any projects you may have had while in school, any personal projects you’ve had, and overall checking to ensure you’re not a commodity graduate with zero interest in cybersecurity other than the paycheck. So many people graduate without knowing a thing and have no real passion or interest in cybersecurity. That is the reputation you are fighting against concerning recent college graduates.


Your resume should reflect the projects that you’ve worked on during school. Resume Raiders is a professional resume writing service I would recommend and have used before, but you have options. Explore your career services from your school to see if they have people who know how to write your resume in a way that highlights the experience you gained from your curriculum. This should be your first stop, as they know what you’ve learned while in your program. And then maybe poke Resume Raiders for a revision if you’re not having any luck.


You need a project to talk about. The question of why you like cybersecurity is inevitable, and be fully prepared to give them examples of the projects you’ve been a part of that you truly enjoyed. Eventually, what you want to do in cybersecurity will come up.


One thing you have on your side from formal education is experience with various things, and you probably already know what you like and don’t like. So talk about the classes and projects you truly enjoyed and say you’d like to work in the SOC for a few years to get even more breadth of experience before deciding on a specialty. When you’re finally in the SOC, you’ll see how we do things in the real world. And it’s often much different than the Ivory Tower you’ve learned about in college. Sometimes, it’s messy with lots of red tape, and your dream isn’t what it pans out to be. That is what happened to me as a penetration tester. I absolutely loved hacking around and had been doing it for years. All through college, I thought this was precisely what I wanted to do, and I was so sure of myself. I started in the SOC, worked hard, and became a pentester, but then I learned I wouldn't say I liked it. It was the worst! Luckily, I was already qualified to be a SOC Analyst, so I regrouped and found my way into Security Engineering with nothing lost. I haven’t strayed too far from the SOC ever since.


Your degree is not going to get you a job alone. It’s an important step in any career, but it’s significantly less important today than a while ago. Most big companies have removed the requirement to have a college degree, but there are still some that require it. Those that require it should be your first application while applying for jobs. Fewer people have college degrees, so there might be less competition.


From IT

So, you want to join the exciting world of cybersecurity. As you might know, a SOC Analyst might be a temporary pay cut depending on your seniority in IT. You’re looking at around $80-$100k starting. But you might be considering it because you’ve hit the glass ceiling in IT, done your research, and know the glass ceiling is higher in cybersecurity. You might just be more interested in a domain of cybersecurity and need the SOC Analyst to get there. Whatever the reason, you’re reading this book and being a


SOC Analyst is on your mind. There are a few things you need to know.

It’s a lot like IT. The same problems you’re going to have in IT are in cybersecurity. On-call is typical, it changes rapidly, there is a glass ceiling you’re inevitably going to hit, and after a while you realize it’s a glorified customer service position.


You might already have certifications that apply to cybersecurity, like any networking or Microsoft certifications are a plus, any CompTia is good too. In general, you’re familiar with the certification game. You may be past the certification game in your career in IT, but be prepared to start it all over starting as a SOC Analyst.


It almost sounds like I’m discouraging you from becoming a SOC Analyst, but I’m not. I know how important it is for us to do stuff we like. The only reason I’m writing a book is because I enjoy writing. It’s so challenging to be stuck doing work you don’t like, and to make it worse, you probably won’t be good at it. I would only suggest this path to someone from IT only if they like cybersecurity. The reason doesn’t matter; just be prepared to discuss it in an interview.


I recommend going to the ISC2 website, finding the domains of cybersecurity, and writing your resume with skills and experience you gained at your previous employers in those domains. There will be a lot of overlap. Anyone with a significant amount of experience in IT is qualified for a SOC Analyst job, and since you picked up this book, you already know why you’re interested. Out of all the backgrounds this book applies to, your background will be the easiest to find work in cybersecurity.


Experience trumps everything.


Auto didactics

Calling all hackers. You only really end up in this category if you’ve been hacking around at things for years and are sitting around thinking how it’d be great to do this for a living.


Well, good news, it happens all the time, but there are some things to think about.


How do you quantify experience with something you’re not supposed to be doing? First off, congratulations for staying out of jail, assuming you’ve kept your nose clean. If you haven’t, there aren’t many people that will hire you. It does happen, and some companies will employ extremely talented felons, but it’s rare, and what happens is they create their own companies, and other companies hire them as a contractor. But that’s so rare I won’t cover it in detail.


Here’s what you do for those hacking away on your own. You play things like TryHackMe and place in the top percentages. When asked what experience you have, you tell them you set up labs and give the spill about your lab environment before they can even ask. You get a bug bounty and put it on your resume. You contribute to a community project or improve on a standard tool. You write your blog and publish articles about your research.


It’s significantly more difficult for you to get a call back from a job posting and compete with all the other applicants with your resume alone. The tips described in the article Job


Hunting for going out to conferences, hackerspaces, makerspaces, and meetups is absolutely critical. You need to be at every single one and start contributing. Pick a topic and give presentations or make the coffee. Get on LinkedIn and add SOC analysts, join a group, and contribute. You need a resume, but you also need to know someone on the inside to pick your resume from the pile and give you an interview.


Out of all the backgrounds this book covers, it is the most difficult to land a job in cybersecurity because you need twice the skills as a college graduate and good luck. However, you’ll likely succeed in the long run because you can’t teach passion.

You’ll have to do a lot of work for free before you build the reputation to get paid for it.


Veterans

Veterans have the opportunity to access complimentary cybersecurity training and scholarships, enabling them to acquire the necessary knowledge, skills, and abilities (KSAs) for entry into the cybersecurity sector.


The CyberCorps®: Scholarship for Service (SFS) initiative, a collaboration between the

The Department of Homeland Security (DHS) and the National Science Foundation (NSF) extend cybersecurity scholarships to exceptional undergraduate, graduate, and doctoral students. Eligible individuals can receive financial support ranging from $27,000 to $37,000 for their studies at participating institutions.


SFS scholarships cover the typical expenses of full-time students at participating institutions, encompassing tuition and related fees for a maximum of two years. When combined with the Post-9/11 GI Bill, which provides up to 36 months of financial assistance for education and training in various fields, including cybersecurity, veterans may have the opportunity to earn a cybersecurity degree without incurring costs.


The DHS facilitates training through the Federal Virtual Training Environment (FedVTE) platform, an online, on-demand training resource accessible to government employees and veterans. FedVTE offers over 800 hours of free training on cybersecurity and IT topics, ranging from beginner to advanced levels. The courses cover diverse areas such as ethical hacking, risk management, surveillance, and malware analysis. Additionally, they align with certifications like Network+, Security+, and Certified Information Systems Security Professional (CISSP).


The SANS Institute’s VetSuccess Academy is tailored to support veterans in their cybersecurity endeavors. However, it has been mentioned that this SANS program should be viewed as more of a lottery ticket because they rarely see anyone get picked for any particular cohort. However, there is a success rate in having the GI bill pay for a SANS degree, which bundles individual certifications into a degree program. The certifications themselves are highly regarded in cybersecurity and very expensive.


One problem that is common with military folks is that they focus heavily on certifications but don’t get the hands-on experience and deep theory that they need for entry-level technical positions. To make matters worse, the people I’ve talked with don’t feel that cybersecurity degree programs prepare the transitioning military well either, as they focus on high-level policy.


The military trains you to look for qualifications and meet requirements for service ribbons/medals. And since certifications don’t matter as much as practical hands-on project work, this leads to veterans falling prey to predator boot camps at an above-average rate, leaving them still unqualified to actually do the job or pass the interview.


Note: They recommend a general computer science degree program at a brick and mortar college if you choose to go the degree route.

Before you transition, be aware of Skillbridge. Essentially it allows for military members on active duty to spend the last 180 days of their time on active duty to work (for free to the business) for a company as an intern. They maintain their military pay and benefits. The company gets a free intern. This often can pivot into a full time offer upon separation from the service but if not, it will give you a little experience and someone to vouch for you.


Furthermore, VeteranSec serves as an online community for military veterans engaged in or interested in information technology and cybersecurity. The platform provides a private networking channel of over 7000 veterans, free training videos, partnerships with companies to take advantage of, and an informative cybersecurity blog with tutorials to aid veterans in their professional development.


Summary

I hope this article has provided a few additional valuable strategies for your road to success. Each of these backgrounds presents an opportunity for us to provide insights into the challenges, even reputations, that you are fighting against and need to be aware of as you trudge the road ahead. Use the tools given to you in this book, with the additional insight from this article, to form a plan of attacking your job search and, if you’re lucky, interviews. Not everyone will have the same experience with their journey to success. Some will be more difficult than others. We’re not all on the same playing field. I know that may not be what you want to hear, but corporate America, and capitalism in general, is a game. Once you learn the rules and what moves you forward, you can strategize on what makes you desirable to employers. You build a brand for yourself. For me, it was certifications and education to start with. Still, after some years, I failed to even mention it during interviews, and I’m never asked about it because we’re too busy talking about the experience. If you have experience, it trumps everything. If you don’t yet, you need a formal school, the community, your friends and internships, former employers, and even yourself to vouch for you and provide examples to show your potential value.


And for the lone hackers, the autodidacts, the self-taught, let’s all remember that, whatever the case, they are the underdogs, but they are the few and the proud. Be nice to them and make friends; you’ll thank me later.


ARTICLE QUIZ (ANSWERS FOLLOW)

Which audience is not specifically targeted by the chapter on achieving success as a SOC analyst?

Ⓐ Career changers from healthcare

Ⓑ College graduates

Ⓒ Veterans

Ⓓ The Autodidact


What is a recommended project for interview preparation mentioned in the chapter?

Ⓐ Creating a personal blog

Ⓑ Deploying The Modern Honey Network on AWS

Ⓒ Developing a new cybersecurity tool

Ⓓ Writing a thesis on cybersecurity trends


Which service offers a 20% discount on resume services specifically for aspiring SOC analysts?

Ⓐ LinkedIn Premium

Ⓑ Resume Raiders

Ⓒ Indeed Resume Review

Ⓓ Monster Resume Writing Service


What is identified as the strongest selling point for autodidacts seeking a SOC Analyst role?

Ⓐ Their formal education

Ⓑ Their professional network

Ⓒ Their personal projects and community involvement

Ⓓ Their military background


For recent college graduates, what is considered a significant challenge when applying for SOC Analyst roles?

Ⓐ Overqualification

Ⓑ Lack of real-world experience

Ⓒ Too many certifications

Ⓓ Excessive specialization


What is a common misconception about certifications according to the veteran’s section?

Ⓐ They guarantee a job in cybersecurity

Ⓑ They are not valued by employers

Ⓒ They replace the need for a college degree

Ⓓ They are more important than hands-on experience


Which online platform is mentioned as a resource for veterans interested in cybersecurity?

Ⓐ Coursera

Ⓑ VeteranSec

Ⓒ Udemy

Ⓓ Khan Academy


What advice is given to those transitioning from IT to cybersecurity regarding their resume?

Ⓐ Highlight all previous job titles, regardless of relevance

Ⓑ Focus exclusively on cybersecurity certifications

Ⓒ Write about skills and experience in domains overlapping with cybersecurity

Ⓓ Downplay any ITexperience to avoid being overqualified


ARTICLE QUIZ SOLUTIONS

Which audience is not specifically targeted by the chapter on achieving success as a SOC analyst?

Ⓐ Career changers from healthcare

The chapter specifically targets college graduates, career changers from IT, veterans, and the autodidact, not those transitioning from healthcare. This highlights the tailored advice for individuals with different backgrounds moving into cybersecurity.


What is a recommended project for interview preparation mentioned in the chapter?

Ⓑ Deploying The Modern Honey Network on AWS

Deploying The Modern Honey Network on AWS with a few honeypots and analyzing the data is recommended as a project to prepare for interviews. This hands-on project demonstrates a candidate’s practical skills and ability to analyze security events, making it a valuable talking point during interviews.


What is identified as the strongest selling point for autodidacts seeking a SOC Analyst role?

Ⓒ Their personal projects and community involvement

For autodidacts, their strongest selling point is their personal projects and involvement with the community at large. This demonstrates their passion and self-motivated learning in the field of cybersecurity, which is highly valued by employers.


For recent college graduates, what is considered a significant challenge when applying for SOC Analyst roles?

Ⓑ Lack of real-world experience

Recent college graduates often face the challenge of lack of real-world experience, especially with commercial tools and complex enterprise environments. Employers look for any projects or personal initiatives that show a candidate’s interest and practical skills in cybersecurity beyond academic achievements.


What is a common misconception about certifications according to the veteran’s section?

Ⓓ They are more important than hands-on experience.

A common misconception addressed in the chapter is the overemphasis on certifications over practical hands-on experience, especially for veterans. While certifications are valuable, the chapter underscores that practical experience and the ability to apply knowledge in real-world situations are more critical for entry-level technical positions.


Which online platform is mentioned as a resource for veterans interested in cybersecurity?

Ⓑ VeteranSec

VeteranSec is mentioned as an online platform providing a private networking channel, free training videos, partnerships, and a cybersecurity blog specifically for military veterans interested in transitioning to cybersecurity. It’s a resource for veterans to connect, learn, and advance in their cybersecurity careers.


What advice is given to those transitioning from IT to cybersecurity regarding their resume?

Ⓒ Write about skills and experience in domains overlapping with cybersecurity

Those transitioning from IT to cybersecurity are advised to write their resumes highlighting skills and experience in domains that overlap with cybersecurity. This strategy leverages their existing IT background, showcasing their relevant skills and making them appealing candidates for SOC Analyst roles.



Cyber NOW Education: How to start a career in cybersecurity


Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts.


You can connect with him on LinkedIn.


You can sign up for a Lifetime Membership of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits.


Download the Azure Security Labs eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing.


Some of our free resources include the Forums, the Knowledge Base, our True Entry Level SOC Analyst Jobs, Job Hunting Application Tracker, Resume Template, and Weekly Networking Checklist. Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer.


Check out my latest book, Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success, 2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here.



Recent Posts

See All

Comments


bottom of page