top of page

What is a Major Frustration of Being a SOC Analyst

Writer's picture: Tyler WallTyler Wall

Updated: Dec 8, 2024

What is a major frustration of being a soc analyst

What is a Major Frustration of Being a SOC Analyst

This job isn’t without its moments, but those great moments come with a price tag of frustrating things you might encounter as a SOC analyst. This is What is a Major Frustration of Being a SOC Analyst?


Here is the big one that is on my list from having worked at so many SOCs:


The larger the company the more they can pay but the less they can move.

It is frustrating to spend a lot of time on a security event and make recommendations for improvements and not see any results. Small companies can incorporate feedback the same day and you get all the feel goods that you did something positive. That rewarding feedback that you just made the program better.


Whereas you might investigate that same alarm at a large company a hundred times before they are able to make any improvements, if they can incorporate any feedback at all.


Some companies are too big to move at all it would seem.


This leads to alert fatigue where you’re auto closing incidents that look alike and you become a brainless drone in pursuit of good numbers.


Having the ability to close a feedback loop at a large company takes skill, patience, persistence, and the ability to manage without authority.

A feedback loop in a process is when the end result gives feedback to the beginning to improve the process.


For example, a soc analyst concludes in their investigation that this event is a false positive so they take a bunch of time to collect all the evidence of all the previous false positives, write an analysis, and submit it to the team that creates the detection rules so that they can tune it and improve the efficiency of the SOC. In the long run, this saves the company a ton of money but in the short term it hurts your numbers: how many events you’ve worked on that day.


Terrible inexperienced management only sees the numbers and not the impact.


At small companies you tend to know your colleagues better and there is less tape preventing this kind of feedback from improving your work (and mental health) so things get done quickly. They are nimble and agile.


I’ve worked at companies so large that I was convinced they aren’t improving the program on purpose because when I took so much time to gather the evidence and present it in a matter-of-fact and easy-to-understand way it was just ignored.


What I noticed about my peers is they all have tried doing this too, and they just stopped because there wasn’t any improvement.


It was a waste of time.

This results in an incredibly inefficient and dangerous SOC where the team members have zero morale and zero care about their work. They are just brainless sisyphus’ clocking in and clocking out and getting nowhere with their work or their careers.


What’s on your list?




Cyber NOW Education: How to start a career in cybersecurity

Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts.


You can connect with him on LinkedIn.


You can sign up for a Lifetime Membership of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits.


Download the Azure Security Labs eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing.


Some of our free resources include the Forums, the Knowledge Base, our True Entry Level SOC Analyst Jobs, Job Hunting Application Tracker, Resume Template, and Weekly Networking Checklist. Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer.


Check out my latest book, Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success, 2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here.


69 views0 comments

Recent Posts

See All

Comments


bottom of page