This article will discuss background-specific tips for landing your first SOC Analyst role. The four audiences are college graduates, IT career changers, Veterans, and the Autodidact. Each one has its nuance, making it worthwhile dedicating this article to your roadmap to success.

Roadmap to Success

This series has given you insight into what a SOC Analyst does on a day-to-day basis and general strategies for finding your first job in cybersecurity as a SOC Analyst. It was written to target four key audiences: the recent college graduate, those who are career-changing from other areas in IT, the transitioning military, and those who are self-taught. This article will give background-specific tips on things you need to know that apply directly to you.

I will repeat myself through these four sections, driving home the idea that you have to prove your interest and back it up with examples, which is in addition to hard technical skills. Veterans have extensive networks of people and partnerships just waiting for them to plug into, the college graduate has career services with their school to leverage, people transitioning from other areas of IT already have real life experience often in domains that overlap with cybersecurity, and lastly, the auto didactic’s strongest selling point is their projects and involvement with the community at large.

I recommend that students of all backgrounds who are worried they don’t have much to talk about in an interview deploy a few honeypots. Then, take the data from them and analyze it. In the article The SOC Analyst Method, I explain how to analyze a security event. Practice this method on the honeypot attackers and find interesting things to discuss in the interview.

One more plug. I will mention in this article how you should write your resume based on your particular background. Give it your best shot to write your resume, but just starting, it can be difficult to highlight what you know. I have worked out a deal with Resume Raiders on your behalf to offer a 20% discount on services, just use the coupon code SOCANALYSTNOW. I receive zero commissions or discounts, saving you about $60 for a complete resume rewrite. Dave also offers services for resume revision if only smaller changes are needed at a lesser price. He will share your resume on a Google Doc, and you will collaborate back and forth as he asks you questions. You answer them in comments, and then he will pen your resume. I use him myself; that’s the only reason I recommend him.

So let’s get started.

Recent Graduate

Congratulations! You have or are about to graduate from college. It’s a monumental achievement, and I hope you’ve learned a lot. Maybe you had an internship, and that’s great because what you’re fighting now is a lack of experience. Getting experience with commercial tools is one of the most challenging things. They cost millions of dollars and work in highly complex enterprise environments. But the hiring manager knows that. What he’s looking for is experience with any projects you may have had while in school, any personal projects you’ve had, and overall, checking to make sure you’re not a commodity graduate with zero interest in cybersecurity other than the paycheck. So many people graduate, don’t know anything, and have no real passion or interest in cybersecurity. That is the reputation you are fighting against concerning recent college graduates.

Your resume should reflect the projects that you’ve worked on during school. Explore your career services from your school to see if they have people who know how to write your resume in a way that highlights the experience you gained from your curriculum. This should be your first stop, as they see what you’ve learned while in your program. And then maybe poke Resume Raiders for a revision if you’re not having any luck.

You need a project to talk about. The question of why you like cybersecurity is inevitable, and you should be fully prepared to give them examples of the projects you’ve been a part of that you truly enjoyed. Eventually, what you want to do in cybersecurity will come up. One thing you have on your side from a formal education is experience with a variety of things, and you probably already know what you like and don’t like. So talk about the classes and projects you truly enjoyed and say you’d like to work in the SOC for a few years to get even more breadth of experience before deciding on a specialty. When you’re finally in the SOC, you’ll see how we do things in the real world. And it’s often much different than the Ivory Tower you’ve learned about in college. Sometimes it’s messy with lots of red tape, and your dream isn’t what it pans out to be. That is what happened to me as a penetration tester. I loved hacking around and had been doing it for years, and I thought all through college that this was precisely what I wanted to do, and I was so sure of myself. I started in the SOC, worked hard, became a pentester, and then learned I hated it. It was the worst! Luckily, I was already qualified to be a SOC Analyst, so I regrouped and found my way into Security Engineering with nothing lost. I haven’t strayed too far from the SOC ever since.

Your degree is not going to get you a job alone. It’s an essential step in any career, but significantly less critical today than a while ago. Most big companies have removed the requirement to have a college degree but there are still some that require it. Those that require it, they should be your first applications while applying for jobs. Less people have college degrees so there might be less competition.

From IT

So you want to join the exciting world of cybersecurity. As you might know already, a SOC Analyst might be on temporary pay depending on their seniority in IT. You’re looking at around $80- $100k starting. But you might be considering it because you’ve hit the glass ceiling in IT, done your research, and know the glass ceiling is higher in cybersecurity. You might just be more interested in a domain in cybersecurity and need the SOC Analyst to get there. Whatever the reason, you’re reading this piece, and being a SOC Analyst is on your mind. There are a few things you need to know.

It’s a lot like IT. The same problems you’re having in IT, you’re going to have in cybersecurity. On-call is typical; it changes rapidly, and there is a glass ceiling you’ll inevitably hit. After a while, you realize it’s a glorified customer service position.

You might already have certifications that apply to cybersecurity, like any networking or Microsoft certifications, which are a plus; any CompTIA certifications are good, too. In general, you’re familiar with the certification game. You may be past the certification game in your career in IT, but be prepared to start it all over as an SOC Analyst.

It almost sounds like I’m discouraging you from becoming a SOC Analyst, but I’m not. I know how important it is for us to do stuff we like. The only reason I’m writing a book is that I enjoy writing. It’s so challenging to be stuck doing work you don’t like, and to make it worse, you probably won’t be good at it. I would only suggest this path to someone from IT if they like cybersecurity. The reason doesn’t matter; just be prepared to discuss that in an interview.

I recommend going to the ISC2 website, finding the domains of cybersecurity, and writing your resume with skills and experience you gained at your previous employers in those domains. There will be a lot of overlap. Anyone with a significant amount of experience in IT is qualified for a SOC Analyst job, and since you picked up this book, you already know why you’re interested. Out of all the backgrounds this book applies to, your background will be the easiest to find work in cybersecurity.

Experience trumps everything.

Auto didactics

Calling all hackers. You only really end up in this category if you’ve been hacking around at things for years and are sitting around thinking how it’d be great to do this for a living. Well, good news - it happens constantly, but there are some things to consider.

How do you quantify experience with something you’re not supposed to be doing? First off, congratulations on staying out of jail, and I say that assuming you’ve kept your nose clean. If you haven’t, there aren’t many people who will hire you. It does happen, and some companies will employ extremely talented felons, but it’s rare, and what happens is they create their own companies, and other companies hire them as contractors. But that’s so rare, I won’t cover it in detail.

Here’s what you do for those hacking away on their own. You play Capture the Flag competitions and set up labs. When asked what experience you have, tell them you set up labs and give the spiel about your lab environment before they can ask. You get a bug bounty and put it on your resume. You contribute to a community project or improve on a standard tool. You write your blog and publish articles about your research.

It’s significantly more difficult for you to get a call back from a job posting and compete with all the other applicants with your resume alone. The tips for attending conferences, hackerspaces, makerspaces, and meetups are critical. You need to be at every single one and start contributing. Pick a topic and give presentations, or just make the coffee. Get on LinkedIn and add SOC Analysts, join a group, and contribute. You need a resume, but you also need to know someone on the inside to pick your resume from the pile and give you an interview.

Out of all the backgrounds this book covers, it is the most difficult to land a job in cybersecurity because you need twice the skills as a college graduate, and excellent luck. However, you’ll likely succeed in the long run because you can’t teach passion.

You’ll have to do a lot of work for free before you build the reputation to get paid for it.

Veterans

Veterans can access complimentary cybersecurity training and scholarships, enabling them to acquire the necessary knowledge, skills, and abilities (KSAs) for entry into the cybersecurity sector.

The CyberCorps®: Scholarship for Service (SFS) initiative, a collaboration between the Department of Homeland Security (DHS) and the National Science Foundation (NSF), extends cybersecurity scholarships to exceptional undergraduate, graduate, and doctoral students. Eligible individuals can receive financial support ranging from $27,000 to $37,000 for their studies at participating institutions.

SFS scholarships cover the typical expenses of full-time students at participating institutions, encompassing tuition and related fees for a maximum of two years. When combined with the Post-9/11 GI Bill, which provides up to 36 months of financial assistance for education and training in various fields, including cybersecurity, veterans may have the opportunity to earn a cybersecurity degree without incurring costs.

The DHS facilitates training through the Federal Virtual Training Environment (FedVTE) platform, an online, on-demand training resource accessible to government employees and veterans. FedVTE offers over 800 hours of free training on cybersecurity and IT topics, ranging from beginner to advanced levels. The courses cover diverse areas such as ethical hacking, risk management, surveillance, and malware analysis. Additionally, they align with certifications like Network+, Security+, and Certified Information Systems Security Professional (CISSP).

The SANS Institute’s VetSuccess Academy is tailored to support veterans in their cybersecurity endeavors; however, it has been mentioned that this SANS program should be viewed as more of a lottery ticket because they rarely see anyone get picked for any particular cohort. However, there is a success rate to have the GI bill pay for a SANS degree, which bundles individual certifications into a degree program. The certifications themselves are highly regarded in cybersecurity and very expensive. However, I have recently heard that the GI bill may no longer pay for SANS courses.

One problem that is common with military folks is that they focus heavily on certifications but don’t get the hands-on experience and deep theory that they need for entry-level technical positions. To make matters worse, the people I’ve talked with don’t feel that cybersecurity degree programs prepare the transitioning military well, as they focus on high-level policy.

The military trains you to look for qualifications and meet service ribbons/medals requirements. And since certifications don’t matter as much as practical hands-on project work, veterans fall prey to predatory bootcamps at an above-average rate, leaving them still unqualified to do the work or pass the interview.

Before you transition, be aware of Skillbridge. Essentially, it allows military members on active duty to spend the last 180 days of their time on active duty working (for free to the business) for a company as an intern. They maintain their military pay and benefits. The company gets a free intern. This often can pivot into a full-time offer upon separation from the service, but if not, it will give you a little experience and someone to vouch for you.

Furthermore, VeteranSec serves as an online community for military veterans engaged in or interested in information technology and cybersecurity. The platform provides a private networking channel of over 7000 veterans, free training videos, partnerships with companies to take advantage of, and an informative cybersecurity blog with tutorials to aid veterans in their professional development.

Summary

I hope this article has provided a few additional helpful strategies for your road to success. Each of these backgrounds presents an opportunity for us to provide insights into the challenges, even reputations, that you are fighting against and need to be aware of as you trudge the road ahead. Use the tools given to you in this book, with the additional insight from this article to form a plan of attacking your job search and if you’re lucky, interviews. Not everyone will have the same experience with their journey to success. Some will be more difficult than others. We’re not all on the same playing field. I know that may not be what you want to hear, but corporate America, and capitalism in general, is a game. Once you learn the rules and what moves you forward, you can strategize what makes you desirable to employers. You build a brand for yourself. For me, it was certifications and education to start with, but after some years, I fail even to mention it during interviews, and I’m never asked about it because we’re too busy talking about experience. If you have experience, it trumps everything. If you don’t yet, you need a formal school, the community, your friends, any internships, former employers, and even yourself to vouch for you and provide examples to show your potential value.

And for the lone hackers, the autodidacts, the self-taught, let’s all remember that, for whatever the case may be, they are the underdogs, but they are the few and the proud. Be nice to them and make friends, you’ll thank me later.