Search Results

Searching for the two most important SOC skills. What are the Most Important SOC Skills? As I sat and thought about the two most important SOC analyst skills, I started to write them down, and my list turned into eight items. This is What are the Most Important SOC Skills? This is my list of examples of the content I have covered. Cybersecurity Analysis How to do security analysis Operating System fundamentals & Networking fundamentals SOC Analyst Prerequisite Skills Networking (people) & Effective Communication SOC Analyst JOB Hunting Scripting (not necessarily full development) Cloud Technologies (AWS, Azure, Terraform, Serverless) 30-minute Honeypot Project Azure Cybersecurity Labs SOC Analyst Projects SOC Analyst Projects As I looked over this list, I had to categorize skills into two categories: hard technical skills and soft skills. Then, I had to pick one from each category, as being an SOC analyst is a delicate and equal balance of the two. Hard technical skills can sometimes be trained much faster than soft skills. Technical skills can be taught by reading, studying, and following a clearly defined learning path, whereas learning soft skills is often trial and error and practice over time. Hard Technical Skills The award for the most valuable complex technical skill goes to  networking   because you can get by with not knowing how to use Active Directory for a while, and no employer will expect you to know already how to conduct a security analysis (it will give you the edge!). Both of these require a prerequisite of networking fundamentals. Soft Skills In the age of remote work and the duties of a SOC analyst, the most valuable soft skill award goes to  understanding.  So much of our daily lives consists of reading and writing emails, security analysis, instant messages, text messages, LinkedIn, and everywhere else. Sometimes, getting lost in different understandings with pages of text is easy. People tend to be less verbose with their thoughts over text because it takes longer to type them out than to speak. So much of our lives is directed by a lesser form of understanding other people. Conclusion As you can see, the most essential thing a SOC analyst can learn is how to communicate. Whether that be computers talking to computers or pinging your teammates on chat, you’re communicating all day long. No system can have security when it is open to talking to others; that is the breath of life into cybersecurity. The cybersecurity industry exists because computers are interconnected. Mastering the basics of communication will lead to a foundation built on cement; it doesn’t change much. How to learn these skills Gaining the CompTIA Network+ certification is an excellent start in learning networking. The best way to learn to improve and provide more clarity in reading and writing is to get a blog on Medium. Then, get a subscription to Grammarly and study the changes they suggest. If you continue to use Grammarly as intended, it will force you to start thinking about how you're communicating, and for me, I wrote in more ambiguity than I thought. It wasn't as clear as I thought. Also, as a practice, any word that you come across that you aren’t familiar with, don’t just ignore it… Look it up! Not in the Oxford (Google) but in Merriam-Webster. Merriam-Webster’s word requirements are much stricter, and Merriam-Webster should be your go-to. If the definition doesn’t fit the context, you can try that word on Urban Dictionary, but never let a sentence go by that you didn’t comprehend. As my challenge, I will give you a single magic question to ask others to jump-start your soft skills journey. "How did you come to that conclusion?" Sit for a minute and think about how impactful that would have been in resolving your last misunderstanding and how often you or someone you know has been misunderstood. Don’t breeze over these suggestions. No one wants to hear that networking and understanding are the most essential skills, but they are true, and the time spent studying them will surely pay off. Take your time learning how computers and SOC analysts talk by reading and writing, and remember to ask the magic question every time to ensure you've understood. Communication is a grossly undervalued skill among tech geeks.

How to use ChatGPT as a SOC analyst? This KB will discuss what ChatGPT is, a disclaimer for use, and how to use it as a SOC analyst. This is How to use ChatGPT as a SOC analyst? What Is ChatGPT? ChatGPT is the best chatbot humans have ever seen. There are all sorts of fancy words to describe how it works, like the Large Language Model (LLM), or Generative Pre-trained Transformer (GPT), or Machine Learning Driven Research Stealing Internet Models Without Giving Credit to People (MLDRSIMGCP). I just made the last one up but it sounds right. It’s designed for natural language understanding and generation. You can interact with ChatGPT to ask questions, get information, converse, or seek assistance. The model has been trained on various Internet texts, allowing it to respond to multiple queries. And it’s useful, but limited. It’s important to note that while ChatGPT can provide helpful and informative responses, it may not always be perfectly accurate or contextually appropriate. Almost everything about being an SOC analyst is in real time. ChatGPT 3.5 cannot give you information about website reputation, IP reputation, file reputations, whois information, or any other steps described in The SOC Analyst Method. At the time of this writing, the data used by ChatGPT is only current up to January 2022. Since most indicators of compromise have a short shelf life, it is out of the question to use ChatGPT to verify the reputation of IOCs. But there are a few applications for ChatGPT that you will find very relevant as a new SOC analyst, which can help springboard your career and lessen the water from the firehose you’ll drink in the first year.  Disclaimer on Terms of Service for ChatGPT No one ever reads the terms of service for a product, but you might want to glance over ChatGPT's if you find yourself working for a company and decide to use ChatGPT to analyze some code found on a computer you’re investigating. OpenAI, which created ChatGPT, now has that code saved on its systems. You might ask, “So what?” The code triggered an alert, and you were just doing your job, right? In this scenario, what if you worked for a software company and the code is part of an app under development that hasn’t been released to the public, and you’ve inadvertently given it away to OpenAI? Therefore, some companies have policies against using ChatGPT and other LLM AI models. Before using ChatGPT for official business, be sure to understand your organization’s stance on using it. With that said, let’s have some fun.  Code Review ChatGPT knows what malicious code looks like with some degree of certainty, and it knows how to analyze it for vulnerabilities, but likely not better than tools designed for this task. You might find an occasion to paste a script into ChatGPT and have it explain its context and nature to you without reading it line by line, even if you know the language. You can also ask if it looks malicious, and take the information it gives you to study it further. This is particularly helpful to an analyst when analyzing PowerShell from your endpoint tool, or perhaps JavaScript from an IPS alert. When you see those alerts, you can pop the script into ChatGPT and ask questions about it. But the reality is, this would rarely be practiced in the real world. If you’re seeing it now, then your endpoint tool, IPS, WAF, or whatever has already alerted you that it looks malicious, and those tools should be used first as a source of truth because that’s what they specialize in. However, if the tools don’t give you enough information, pasting it into ChatGPT might give you additional insight. EXERCISE ONE Go to https://github.com/explore  and find a random, publicly available piece of code and copy it into the ChatGPT message bar and ask, “What does the above code do?” This will give you an example of how ChatGPT can be used effortlessly. It doesn’t matter if the code is 20 lines or 500 lines long; ChatGPTwill explain the purpose of the code in simple language.  File Paths You might find an opportunity to paste a file path into ChatGPT to have it determine if it belongs to a legitimate application. Let’s consider that this data is two years old, so it can only be used to check what it’s seen before, not as evidence that something is malicious because the file path is anomalous. New files come out daily that are entirely legitimate, and old files get new file paths. Sometimes, it’s worth a quick check to confirm a file is in the correct place.  EXERCISE TWO Go to ChatGPTand type in: “Is this file path malicious C:\WINDOWS\System32\Wbem” “What file path does Malwarebytes typically install to?”  Creating Queries for SOC Analysts ChatGPT can be used to write YARA rules, Suricata rules, KQL queries, SPL queries, and many other syntaxes for threat hunting or creating rules or alerts. This is the most effective and helpful way to leverage ChatGPT as an analyst. It does this fairly well; you can describe what you want it to find in natural language. This can be extremely helpful to you as a new SOC analyst because you likely need to gain familiarity with these tools to create custom threat hunts or alerts yourself. It may require editing, but it’s much easier than starting from scratch.  EXERCISE THREE Go to ChatGPT and tell it, "Write a Splunk query that shows me all logs that contain hashes from all indexes" Enter that query into Splunk and the result is all the malware that we've captured so far in the cyber range. - Take the hash and go to VirusTotal and enter it in the search. - Take the hash and Google it for sandbox results. - Any interesting websites with information about it on Google? 1. What is the name of the tool or malware that this hash relates to? 2. What do you think the attacker was looking for? EXERCISE FOUR Go to ChatGPT and tell it, "Write a Splunk query that creates a table of the most source ip addresses descending order over the past 24 hours." Be sure to read the ChatGPT output and change "src_ip" to "src". - Take the IP addresses and go to VirusTotal and enter it in. - Take the IP addresses and go to IPVoid and enter it in. - Now Google the IP address and see what open source intelligence you can gleam - Now do a whois on the IP address to get context on who owns it. 1. Do you think this IP address is malicious? 2. Are there any other things hosted at this IP address? 3. How long do you think this IP address has been used this way? Rewriting One useful function, especially to those writing in their non-native languages, is the ability to leverage ChatGPT to rewrite your sentences. Report writing and rewriting summaries from the SOC Analyst Method are valuable to us as the SOC is often a global workplace. English might not always be our first language, or even if it is, it may benefit you to have ChatGPT make a write-up. I gave it details and asked it to write a formal Root Cause Analysis (RCA). With minimal editing afterward, I could deliver it to a customer, saving time. But be careful, as sometimes ChatGPT can misconstrue the meaning behind your words and add ambiguity and vagueness where there was once clarity. You may be surprised at the result but don’t let it misinterpret your findings.  EXERCISE FIVE Ask ChatGPT to rewrite the Declaration of Independence. Would you allow ChatGPT to rewrite things without approval? ChatGPT as a Weapon We’ve discussed how ChatGPT can aid junior Analysts in their day-to-day work; now, let’s talk about how bad actors can use it for malicious means. In a previous article, we spoke of phishing. To recap, phishing is a crafted email meant for a user to visit an evil website or download a malicious file. Historically, one of the tell-tell signs of a phishing email is typos or grammatical errors. This was because English is likely a second language for the person crafting the email. Now, through the magic of LLMs and ChatGPT, an attacker can write an email in their native language, give it to ChatGPT, and ask it to be translated into any language they want with better accuracy than traditional translators. Let’s give it a try; the following is a short phishing email I wrote in English. “Hello, EvilWebsite.com is committed to providing you with the best possible shopping experience. Our website features the latest products from top brands, and we regularly offer discounts and promotions to help you save money. Click the link below for free shipping on your first order.” Now, let’s see what ChatGPT outputs when I ask for it to be written in Spanish. “Hola, EvilWebsite.com está comprometido a ofrecerte la mejor experiencia de compra posible. Nuestro sitio web presenta los últimos productos de las mejores marcas, y regularmente ofrecemos descuentos y promociones para ayudarte a ahorrar dinero. Haz clic en el enlace de abajo para obtener envío gratuito en tu primer pedido.” How about German? "Hallo, EvilWebsite.com ist dazu verpflichtet, Ihnen das bestmögliche Einkaufserlebnis zu bieten. Unsere Webseite bietet die neuesten Produkte von Top-Marken, und wir bieten regelmäßig Rabatte und Aktionen an, um Ihnen zu helfen, Geld zu sparen. Klicken Sie auf den untenstehenden Link für kostenlosen Versand bei Ihrer ersten Bestellung.”  Regardless of the language, ChatGPT can convert it with minimal effort. Overall, OpenAI has done an excellent job of making ChatGPT a safe tool. In the early days of ChatGPT, someone could have ChatGPT write simple scripts that could destroy a computer’s filesystem. However, ChatGPT is one of many LLM AIs on the Internet. At DEF CON 31, there were multiple demonstrations of locally hosted LLMs that were trained to develop malicious code or run a malware Command and Control server. As AI progresses, we will continue to see it used by hacking groups and scammers.  Summary While ChatGPT is relatively straightforward, knowing when to use it is a little more complex. As we’ve discussed, it does not contain real-time information, limiting its value to us as SOC analysts. Its most valuable use case is that it can write queries for you in languages you haven’t likely come across yet, making security analysis tools faster and more accessible. As ChatGPT continues to improve, even adding the ability to search the Internet, it will increase in relevance to us. However, it will still be limited in the data it can reach without tool licenses. Rewriting is another function of ChatGPT that can help with communication as the SOC is a global workplace, often with challenging barriers for those whose first language isn’t English. Lastly, you can always query ChatGPT for general information about cybersecurity as you would Google. For example, what a particular Windows Event ID might be, and it might save a few minutes of standard Internet searching when it delivers the correct answer immediately.

How Much Does a SOC Analyst Make I've lived a pretty extraordinary life. I've made a ton of money, and I finally got to the point where money just wasn't making me happy anymore. I had to do something I felt was worth doing. I lost interest in going to work and doing what felt like brainless work for tons of money. I felt like Sisyphus. In fact, I made several posts on Facebook about how I hated my Sisyphean life. And it was true—I hated every single thing about it. This is How Much Does a SOC Analyst Make? Sisyphus comes from Greek mythology. He was to push a boulder up a hill, and then it'd just roll back down, and he'd have to push it back up the hill. So, for eternity, he was just pushing a bolder up a hill in a pointless endeavor with no meaning or purpose, and that's how I felt. I had already traveled the world, bought expensive toys, and bought big houses. Money had no purpose for me anymore other than to let me eat and put a roof over my head, which I figured was a small amount of my actual income. It became more important to me to be fruitful in what I did with my time than to be reimbursed for something meaningless. So, I left a $185,000-a-year job. Well, that's not even entirely accurate. I just gave up on it completely and stopped doing anything. Not by choice; it was more of an intrinsic feeling of what I was doing here that paralyzed me completely. But if you ever do, you probably have a long way to go before you reach the point I have. Most people are quite content with their lifestyle. I lived some amazing years full of bliss, and I believe everyone should go through that in their life. So, I will get personal with you and tell you about my journey. Salaries depend heavily on where you live and are adjusted by the cost of living.  These salaries come from Cumming, Georgia which is a suburb outside of Atlanta. The following information is anecdotal experience based on average salary expectancy outside of a large city. Tyler's Career Trajectory (Atlanta, Georgia) $55k / yr in 2013 as an entry-level SOC analyst $75k / yr 1.5 years later as a SOC analyst at a different company $105k / yr one year later as a Sr. SOC Analyst $135k / yr one year later as a Sr. Security Engineer $135k / yr + 25k in RSUs two years later as a Sr. Security Engineer $160k / yr two years later as a Cybersecurity Architect $140k + 10% bonus/yr six months later as a Cyber Advisor $185k / yr a year and a half later as a SOC consultant Meanwhile, I was flipping houses when the real estate market was hot and made a few million dollars in a year or two. It's typically easier to find a job in an MSSP to start your career as a SOC analyst, but they pay less. Currently, expect to make about $60-$80k at an MSSP. The starting salary of a permanent SOC analyst at a company's internal SOC is $80-$100k. Everyone wants a permanent role, but contracts are becoming more common. Take them. Take the contracts. Take the first job at an MSSP for a decreased salary if you have to.  There is a big pay increase from SOC Analyst to Senior SOC Analyst, which lasts only about two years. Senior SOC Analysts make well over six figures everywhere in the country. So, best of luck to you, and I hope you have some amazing years ahead of you like I did. Don't feel bad for me; I am finally doing something that has a point again: helping you live those amazing years I did. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here

It is CRAZY in the SOC analyst job market right now! There are tons of candidates looking to get their little feet in the door with cybersecurity and those who were recently laid off are also willing to take any job they can get, including junior positions. I believe that when COVID happened, people wanted to work from home so there was a flood of people starting college for cybersecurity then. Now here it is, four years later, they are graduating and all the jobs have been moved back on-site or partially on-site. There are a few things that you can do to stand out to make yourself 'different' than the rest, but in a good way! The first thing is by having a blog. Blogs Medium should be a requirement for anyone starting out in cybersecurity. Most people don't know what they could possibly have to say and I am about to tell you. Write about your experiences becoming a SOC analyst. Things like what motivated you to go down this path, are you having trouble finding work, and what you are doing about it. Kind of like your personal, yet professional, journal. Be a little personal about your life, but keep it well kept. Write reviews about training and learning resources you've watched or used. If you've watched a cool video, write a blog post about what you've learned and what you thought of it. Write about any classes or training programs you've taken, how you liked them, and if you'd take them again. Write how-to's or tutorials. Finished a cool CTF like a TryHackMe lab? Do a write up on it. Write about your projects that you've been working on. Write instructions on how to complete it if one of your colleague's wants to. It doesn't matter if there are 100 ones just like it, write it up anyway. Blogs should be written on Medium, but then shared as an article on LinkedIN. This means copying and pasting the content into a LinkedIN article instead of posting the Medium link. LinkedIN has changed its algorithm and now links get demoted a lot. While this might be OK for you because your interviewer will go to your LinkedIN and would find the link directly, your LinkedIN network would miss out on it because they'd never see it like they would if it was a native LinkedIN article. Medium has a very large built-in audience as well, so at the bottom of every blog include a footer for "About the Author" with a link to your LinkedIN. You want to continue to grow your LinkedIN and Medium. Just keep picking and choosing the most relevant topics for your posts on Medium with large audience sizes and you'll build a following, but it might take a few weeks to see some activity. You want to post at least two articles a week on Medium and cross post them to LinkedIN. GitHubs Another way to stand out is to create GitHub pages for your projects that you are working on and share the resources that you find that others might be interested in. Part of showing passion is showing community spirit. To be a servant leader. To lead is to serve your colleagues. The way you'll rise above your competition is by helping others. Zig Ziglar said it best: Volunteering Volunteering at DEF CON, or BSides, or your local DEF CON group, 2600, OWASP, or a hackerspace is a great addition to your resume. If you have any volunteering experience, you should add that to your resume. It doesn't take much to volunteer, maybe a day or two, and has a high impact on your candidacy. It also helps you get to know people better and puts you in a higher social standing in the community. Its also a way not to feel uncomfortable because you actually have a reason to be there instead of showing up at a conference alone knowing no one. Presenting and Local Groups Kind of in the same category as volunteering but a little more special for you is presenting at local groups. If you show up enough times you might notice them calling for topics and providing opportunities to present at a meeting. This also can be added to your resume and looks really nice and there's no better way to begin making a name for yourself than to stand in front of a group and be an expert at something. SOC Analyst Projects Projects will always make you stand out, and your big ones can be listed on your resume if you don't have a lot of experience. I list the courses I create and my book on my resume. Your projects don't have to be that big but your projects will get noticed if they're on your resume. One that should be on every SOC Analyst resume is the Modern Honey Network , in my humble opinion. Home Lab While your home lab won't make it on your resume, having one is imperative for interviews. It doesn't require a huge investment, in fact, preference for your lab is if its in the cloud. You can spin up a lab, do some work, and destroy it for just a few bucks. But you want to write about it so you never forget what you did. Document, Document, Document. You want to have this story memorized of how you built your home lab in the cloud for your interviews. Keep up with the news You will inevitably get asked the question about what happened in the news recently, and you should be able to tell them the last thing that you saw that stuck out. BUT go the extra mile and explain to them all of the various new sources that you follow including podcasts and blogs. Twitter, LinkedIN, The Hacker News, The Darknet Diaries, Security Weekly,. etc. And what you're favorite one is! All in all, you are wanting to show that you're a more up-to-date and passionate SOC Analyst than the next guy. Impress them with how connected and involved you are. And razzle and dazzle with stories of your home lab and projects. These are the things that are going to make you stand out from your peers that aren't education and certification related. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

What is the SOC Analyst Interview Process You've spent all this time getting training, then you applied for jobs and then finally, you got a call back for a SOC analyst position. The interview is set up. In this article we will talk about how the interview process is going to go. This is What is the SOC Analyst Interview Process? Recruiter Interview for SOC Analyst The first interview is always the recruiter interview. This will be a 15 to 30 minute interview to get your background information and make a few notes about you. Then they will tell you that they will submit your resume to the hiring manager. You don't get a decision during this call, and it's usually is a telephone call, that you're moving forward or not. They just tell you they're going to submit your resume to the hiring manager and its up to the hiring manager to decide after reading the notes whether or not they want to pull you in for an interview. For this interview you want to have your background story recited and straight. You need to know how, when, and why you got started in cybersecurity. What led you to this very point. This spill needs to have fluency so you want to have practiced it. You also want to talk about what you're passionate about and give the spill about your projects and home lab. Don't leave this interview or any interview without talking about your home lab. This information will be used again, and again, throughout your career. Make sure its authentic. The smoother this story goes the better your chances the recruiter actually will forward your resume to the hiring manager instead of just telling you they are and never doing it. The second interview is the team or SOC Manager interview. I have seen it both ways but you'll interview with both. Team Interview The team interview is a technical check. This might be a panel interview with two or more people and their purpose is to see how you interact under pressure and to see how well you know your tech chops. Up until this point you can make it through your degree, through your resume and a job applications, you can make it all way here and not know a thing about the computer. And that's what they're checking here. You might get asked scenario based questions and the purpose is to see how you think, not necessarily that you arrive at the correct answer. Though it's good if you can. While having technical discussions they won't expect you to know everything. They expect you to fail at some questions and you need always be honest. There is nothing more toxic to a SOC member than to be a know-it-all and be 100% confident in an answer that is completely wrong. You simply can't recover from that. So always leave a little room for error and uncertainty in your response even if you're pretty darn sure you're correct. SOC Manager Interview The SOC Manager interview is either the second or third interview typically and this interview is to see if you're a good culture fit and that you won't cause too many problems for him/her. They'll want to know your background and maybe ask you a few high level management and personality questions. You want to be likable and show respect. "Yes sir, no sir." Not "hey, man." This is the person that is ultimately responsible for hiring you, handling your compensation, bonuses, and promotions. It represents one of the hardest and most demanding jobs in cybersecurity. The most important thing to know about this interview is that you want to give the impression that you're going to stick around for awhile. It's not fun to hire people. It's not fun to go through all these interviews. And the last thing they want to do is go through it again in a year. You also want to leave the impression you can use the available resources that you have available to you and grow with them. Ask them about the training available but not put too much pressure on high-cost training. That ship has sailed a few years ago. We used to be able to ask for all sorts of high-priced crazy training and they'd pay for it, too! It was great. But you just be really excited about your subscription to LinkedIN learning and make him feel like you're going to watch every video. CISO/Director Interview This interview is optional but is more common the smaller the company is. This interview is typically the last interview and if you've made it here they've pretty much already made the decision to hire you and the CISO/Director just wants to meet with you so that you know who they are and that they're approachable and you can ask them questions if you need to after you get hired. Some CISO's and Directors just like to meet everyone that's on their team. In every single one of these interviews, you want to show PASSION. What are you doing extracurricular to be involved. Make them feel like this isn't just a 9-5, it's not just a paycheck but its your LIFE. You live and breath cybersecurity. For the first few years, that's exactly what it's going to be for you, too. Never miss an opportunity to talk about your home lab and go into LONG detail about. As much as you can. Preference if its in the cloud. Good luck and godspeed. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

Can You Get a SOC Job Without a Degree? The cybersecurity industry is ripe with candidates applying for jobs. In fact, its almost like the a scene in a movie where it’s havoc and every man is for himself clamoring over each job and every candidate like Gollum in Lord of the Rings. This is Can You Get a SOC Job Without a Degree? The origin of the term “each man for himself” is in The Knight’s Tale by Geoffrey Chaucer (1340–1400). He is known as the Father of English Literature, but his meaning of the phrase was more akin to “If you don’t look out for yourself, no one else will.” It was not meant to be a selfish act. Now days, it describes a situation or crisis in which people do not help each other, and just take care of themselves. That is very selfish. Not only can you not get a job without a degree, but you can’t get a job with a degree because everyone has this same attitude, throwing each other under the bus to be the very best. Let me put this into perspective, a SOC analyst job is an entry level job. No matter how good you are, you don’t know more than the SOC manager, and you don’t know more than your seniors that have been doing this for a decade. To us, you’re someone who needs to be plucked and cultivated and turned into something that is of maximum usefulness. It takes a lot of time to do this, and we have to spend a lot of time developing you. Let me tell you, we don’t want to do this for a d*ck. If you’re out there throwing your peers under the bus to get this job, you’ll throw us under the bus as soon as you think you can. What we want is the very best candidate that we can find that is also a servant leader. A servant leader is someone who prioritizes the needs and development of their team members over their own personal gains or authority. Servant leaders genuinely care about the well-being and personal growth of their team members. They actively listen to understand the needs, concerns, and ideas of others. They focus on helping others achieve their full potential, both personally and professionally and they foster a sense of community and collaboration within their team. When you’re looking to take someone fresh from the farm to prepare them for a career, you want the best person you can find. You wan’t to find someone you like and you can spend a lot of time with and it not be excruciating. Interpersonal skills go a long way but what goes even further in your career is just being a genially decent person to your peers. Now, there are companies that I have worked for where you are in competition with your peers. And if that is what you like, then good luck because these companies like the Big 4 consulting firms will dangle a carrot in front of a huge group of people and you’re right, someone will get that carrot. I hope you’re have an ungodly amount of time to devote to competing against one another, and still not win, but for the rest of us, we’ve found much better balance and success in life competing as a team. Cybersecurity is full. Packed. Crowded. Bursting. Crammed. Glutted. Jammed. Teeming. Saturated. Chock-full. Jam-packed. Brimming. Overflowing. So, you really can’t get a SOC job without a degree because you’re thinking you’re competing by who has the better credentials and you’re just not going to win that way. You’re going to win by being the best person for the job. There are minimum qualifications like a Network+ or Security+ and a baseline of technical skills, but beyond that what is going to make you stand out is your ability to be communal in your pursuits, sharing your success with others, helping to grow the community, sharing your advice, pointers, and projects with your peers. Volunteering where you can. Because these are the people you want to work with. You always want to make your SOC manager look good. They aren’t going to hire you if they think you will make them look bad. When you complete an assignment, your manager is going to take credit for it and he’s going to give it to the entire team. There is no John Smith, SOC analyst, instead there’s Steve Galley, SOC Manager’s, team, of which you’re a part of. Everything you do is for the team and that’s how you need to approach getting a job. Where your team is everyone else who is looking for a job. Its not good enough to be the smartest. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

Connecting the dots. How to learn cybersecurity at home Y ou may be looking for a new career and stumbled upon cybersecurity and are all excited about it now! That makes me happy to think about. Its my job now to explain to you how to start learning cybersecurity at home. There are a few things that make a well-rounded entry-level cybersecurity professional. But first, let me explain the Security Operations Center Analyst. The SOC Analyst is the gateway to cybersecurity because it is the most junior position often available in a company for cybersecurity, and the high turnover rate (usually because of promotions out of the SOC) means the position opens up frequently. SOC Analysts typically come from one of these four areas: The four backgrounds of SOC analysts When we say career changers, we typically mean people from other areas of IT. I am an expert in training for entry-level cybersecurity, and I promise you that 90% of the time, folks find it easiest to land an SOC analyst job and then pivot to the specialties they are most interested in. Now that you know you need to target an SOC analyst, let's discuss the four areas that make a well-rounded SOC analyst. High Level Concepts Hard Technical Skills Business Acumen Culture Fit Culture fit is essential, and that's also a specialty of mine . Not that I’m perfect for every company, because I’m most certainly not, but typically, since I have spent the last 10 years in an SOC, I can speak the language. While not 100% effective, there are ways to maximize your culture fit as an SOC Analyst, but if you want just to be you, there's the right place for you, too. J ust know who you are and what you stand for. High-Level Concepts The high-level concepts everyone should know, not just for cybersecurity experts, but anyone in a professional capacity. What is the separation of duties, least privilege, and the CIA triad? These are fundamentals in cybersecurity, and the best place to learn is CompTIA’s Security+ Certification. Long-standing and well-regarded as the minimum standard for entry-level cybersecurity. For high-level concepts, it should be very structured and maybe even boring, as it's the same information we all get and know (and repeat). Any one of Udemy’s courses for Security+ would be a good start. If you want to test the waters first, I wrote an introduction to SOC Analyst prerequisite skills that serve as fundamentals for what you need to know as a SOC Analyst, the gateway to cybersecurity. Hard Technical Skills Hard technical skills are harder to come by. It's all about projects, projects, projects . They don’t all have to be boring; in fact, I wrote an article about fun projects here . This article is extremely popular  in all circles , including LinkedIn. It has received more  recognition  than almost all of my other work. It consists of three projects that give you some exposure to cybersecurity projects that you can do at home on a weekend. Since everything is moving to the cloud and having cloud exposure is very advantageous, I created a fun project for you to do in the cloud in this article. Visit our Knowledge Base for a complete list of free projects and visit our courses for premium projects. Business Acumen Cybersecurity is a glorious customer service job. Customer service is a huge part of the job. Knowing how to say bad things in a good way will be an essential part of your job. Learning soft skills is a crucial part of business acumen, starting with a healthy dose of understanding. If you feel upset or frustrated with someone you're working with, consider asking them the central question, "How did you arrive at your conclusion?" - it's a fast way to understand each other better. There are a wide variety of cybersecurity tasks. Because all security-related tasks are important, they need to be prioritized appropriately on a case-by-case basis. Determining which elements are important now can be difficult without understanding the business as a whole. In an SOC queue, a big part of someone’s job is  prioritizing  the work for you, but as you become more senior, that will become more and more a part of your own job. I like the  Eisenhower matrix  for prioritizing tasks. It's simple, fast, and crazy effective. The Eisenhower matrix Most of us in cybersecurity work from home at some capacity, and it's an essential part of your career to learn how to communicate with people remotely. That is, knowing how not to  isolate yourself while you are at work when you are working from home. Give this video a watch . Culture Fit Here at Cyber NOW Education, we love the SOC. We love everything about it, including this unique but strangely not unique culture that comes along with it. After you spend some time in the SOC you will realize just how rewarding it is to be on front lines. There is so much action, and we want you to love it like we do. I don’t mean to self-promote, but our course,  SOC Analyst NOW! , is an excellent introduction to the culture of cybersecurity. This is the general SOC culture, but each company is different. I’ve worked at companies where I was not a good cultural fit, which was  miserable for  me. I just didn’t fit in, and it made me feel unwanted and alone. Whether you lean hard left, right, or right down the middle, there are companies for you. I’ve worked on both sides of the spectrum, and I’ve found hard left companies tend to rely on psychology a lot in management style, and hard right companies are more direct to your face, but make no mistake, they both are capitalistic at their very core. It's so important to find a boss you like, and it's often not until you’re there that you really find out if you’re a good culture fit. It takes practice to be a general culture fit but after awhile you’ll catch things like this: FedEx Truck You’ll also have a nice little chuckle when you see that FedEx's logo has an arrow for all the packages it delivers.

What is a Major Frustration of Being a SOC Analyst This job isn’t without its moments, but those great moments come with a price tag of frustrating things you might encounter as a SOC analyst. This is What is a Major Frustration of Being a SOC Analyst? Here is the big one that is on my list from having worked at so many SOCs: The larger the company the more they can pay but the less they can move. It is frustrating to spend a lot of time on a security event and make recommendations for improvements and not see any results. Small companies can incorporate feedback the same day and you get all the feel goods that you did something positive. That rewarding feedback that you just made the program better. Whereas you might investigate that same alarm at a large company a hundred times before they are able to make any improvements, if they can incorporate any feedback at all. Some companies are too big to move at all it would seem. This leads to alert fatigue where you’re auto closing incidents that look alike and you become a brainless drone in pursuit of good numbers. Having the ability to close a feedback loop at a large company takes skill, patience, persistence, and the ability to manage without authority. A feedback loop in a process is when the end result gives feedback to the beginning to improve the process. For example, a soc analyst concludes in their investigation that this event is a false positive so they take a bunch of time to collect all the evidence of all the previous false positives, write an analysis, and submit it to the team that creates the detection rules so that they can tune it and improve the efficiency of the SOC. In the long run, this saves the company a ton of money but in the short term it hurts your numbers: how many events you’ve worked on that day. Terrible inexperienced management only sees the numbers and not the impact. At small companies you tend to know your colleagues better and there is less tape preventing this kind of feedback from improving your work (and mental health) so things get done quickly. They are nimble and agile. I’ve worked at companies so large that I was convinced they aren’t improving the program on purpose because when I took so much time to gather the evidence and present it in a matter-of-fact and easy-to-understand way it was just ignored. What I noticed about my peers is they all have tried doing this too, and they just stopped because there wasn’t any improvement. It was a waste of time. This results in an incredibly inefficient and dangerous SOC where the team members have zero morale and zero care about their work. They are just brainless sisyphus’ clocking in and clocking out and getting nowhere with their work or their careers. What’s on your list? Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

Looking for the Ideal SOC Analyst I need success stories. But who can I find to help get a job? It'd need to be someone with the right education that doesn't have the zing that I can give it. Someone with a bachelor's degree and a sec+ would do. If they have help desk experience that's a bonus. Any experience in IT certainly makes finding a job as an Ideal SOC Analyst easier. They'd need to live near a large city but not one with a high cost of living. Salaries are too high there and employers are moving away from them because of the cost of living. They say it's the taxes and that's partially true but really it's because they can't pay triple their labor costs and they can't come out and say "we want to pay people less". Dallas, Texas is good. Atlanta, Georgia. There's a large list of places companies are migrating to or growing where they already have a location. Somewhere where there's opportunity but not too expensive. Is that where you live? A masters degree is too much. It's counterintuitive but employers might think you'll find something better too quickly when you get experience. If you have one, that's fine, but a Bachelor's degree is better for the short term. Ideally it'd be a computer science degree. Cybersecurity degrees teach high level policy that not applicable for years and years and you have to be really technical for entry level roles. Gender, race, sexual identity doesn't matter. There's an equal amount of employers looking for a balance to their teams than there is to fit their culture I would think. Must be US citizen. That's important. Must have blog and show that the community means something to you. The hiring manager will look at your blog if you link it on your resume. Blog your journey to becoming a SOC analyst. Any how-tos and walk throughs of things you've learned. Write reviews of resources you've consumed (books, courses, etc..) giving honest feedback for your peers. Must attend local cybersecurity groups. 2600, Def Con groups, OWASP, maker spaces, and hacker spaces. Must be building your network, making the coffee, and building your contacts. Sharing your resume and taking other people's resume to share with others. If you've presented something, put it on your resume. Great places to pick a topic you know something about and present about it for a resume addition. Must be in online discords. Show personality and uniqueness. Be supportive of your peers and help contribute to those that need help. Don't be a d*ck. Must be modest about LinkedIN. You should have one, but you shouldn't be too personal, kept professional. Shouldn't be an embarrassment but should contribute occasionally and show support to your colleagues. You want to show teamwork and that you can get along with your peers. Don't want to show "Look at me" unless you've really just accomplished something sparingly like a degree or certification. Must have a home lab, preference if its in the cloud and they can read about your projects on your blog. Chances are this doesn't sound like you And this person is super difficult to find. While you can't change things like where you live so easily, you can improve your odds to becoming the passionate security nerd they're looking for. The hiring process is always going to require a fair amount of sheer luck. Suppose you just wake up feeling a million bucks that day and ace the interviews. You'd have a better chance. Not every day is a perfect day and bad interviews happen. But on paper, before the interviews, these are some of the things that you can think about doing that will increase your odds of becoming the ideal SOC analyst candidate. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

We’ve been hearing for years and I’ve said it, too.“There will always be a need for SOC analysts because there’s somethings that machines cannot do.” This is Am I going to be automated out of a SOC analyst job? But that’s not the hard truth. The hard truth is there’s a dashboard that lists in dollars the amount of how much SOAR tools have saved in labor hours. Some of them even count it in headcount. So this whole debauchery about you shouldn’t be worried about your job is straight garbage. The truth is if you’re just now starting, automation has already automated analysts work just like yours. Instead of leaving the more complex work that machines cannot do to human analysts, they’re accepting the risk and just moving on. Automation has gotten better over the years and what used to take a team of seasoned developers to code now can be configured with just pointing and clicking and dragging and dropping. There used to be a knowledge gap between the developers and the SOC skills they were automating so progress wasn’t quick. The best solution they came up with was to put Senior SOC Analysts in the same room as the coders who are automating. And it worked OK, except that Senior SOC Analyst was in a predicament. They were helping automate their own job. Years ago the car factories went through a similar process where the assembly lines were robotized. They had this figured out. They hired outside consultants to come in and build the automation to avoid the issues of workers having to automate their own jobs. And they successfully automated assembly lines. Did it displace workers? You bet it did. 1.7 million jobs in manufacturing have been lost since just year 2000. It is expected in just the next six years 14% of all jobs in the US will be impacted by AI and Automation. It’s automation as a SOC Analyst that you need to be concerned about. Most of our tasks are repeatable and I hate to say this, but they are brainless to do once you learn how. You can teach a robot to do most of the work and never have to think of it again. The SOC is going to be drastically displaced by machines and it’s already began. Is cybersecurity the right career for someone just starting out and looking for a growing in-demand field? Probably not. That ship has sailed. We’re shrinking now. Does this mean you shouldn’t follow you’re dreams? NOT AT ALL. I’ve said this time and time again since the golden age of cybersecurity when there wasn’t an unemployed soul on earth and it hasn’t changed today. DO NOT PURSUE this career if you don’t like it. It’s an extraordinary commitment that you can only do if you have an interest. This isn’t like taking a job at say a paper mill where it’s just a paycheck. You have to like it so much you are proactive in learning or you’ll be out of a job anyway. So where does this leave you if you like cybersecurity and it’s shrinking? Stick to the cloud. The clouds are the most in-demand area in cybersecurity and in IT in general and it’s less impacted by automation because its so new. Cloud engineering is extremely complex and it’s going to take some time to automate those workflow and you’ll have enough time to work your way out of the SOC. Start now. Start with the cloud NOW! But only if you like it. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

Working from home is new to the SOC. Prior to COVID, almost all employers required you to work from a dedicated room for the SOC. This was in a highly secure area, often times with no windows. I quit a six figure SOC job just because they had us crammed in a room like sardines. It was so hot and there was so much drama about the thermostat it was unbelievable. It was just a tiny narrow windowless room at the center of the building that was designed in a working concept known as a bullpen. A bullpen is where there are just rows of monitors and chairs at a long desk with no dividers or personal space. I left that job and got my own happy little cubical where I spent the next few years. Then I landed my first remote work role. This is How to Work from Home in the SOC? The first thing that I had to learn is about routines. The SOC is mainly shift work so you’ll have set hours that you need to work. This is either morning, day, or night shift. So I am going to stray from calling it a ‘morning routine’. In my most recent roles I have been working with the SOC as an Advisor but I set my own hours and it only becomes increasingly difficult to maintain the boundary of work and personal. Before you work there needs to be a ‘getting started routine’. This could be anything from listening to a podcast for an hour while you eat, putting your favorite pug slippers on, and then logging into work. Or even watching an episode of the Simpsons, filling your water bottle up, and grabbing a snack before sitting down at your desk. It doesn’t really matter what the routine is, but you need to do it every single day to train your brain that this is me going to work. I am commuting now. And the same thing for when you end work. When you end work you might go check your snail mail, take a walk, or cook dinner. Do it everyday. This is you commuting home. What you are practicing is setting boundaries. In Microsoft Teams, or Slack, or other instant messaging clients used for work they have settings for when you’re off work. Use them. When you are not at work, there is no longer an expectation that you can be contacted immediately. If the building burnt down for whatever reason and they needed you, HR and your manager has your phone number. Do this even when you want to work all the time. These are your boundaries and you need to stick to them. I mention this because I have been contacted by colleagues from other countries who for them it is normal business hours, and I have been tired and in bed, and against my best judgement have answered these messages and aside from not answering them correctly, I wasn’t in good spirits. I began to develop a resentment that I was having to ‘work all the time’ but it was my own fault . My manager never had the expectation that I needed to be working then. You must create boundaries. For the first couple of years of remote working, I siloed myself, lived in a desert alone, and as a result I just wasn’t able to get as much done. I had to learn things like how to build rapport with my teammates and that it needs to be intentional. With remote working you don’t get that ‘water cooler’ talking and accidentally bumping into each other in the halls anymore. Its easy not to place an importance on just taking a little time to chat with your coworkers from time to time. It’s easy to get isolated and not feel a part of the team. When you need help with something it’s awkward to ask strangers so you waste more of your time and the companies time trying to figure it out yourself, and strangers don’t know you well enough to know your strengths to ask you for help so you’re not building any leadership or mentoring skills that will help your career in the long run. The biggest thing that I have learned to avoid in remote working is isolation. Appearance does matter and I’ll be the unpopular one to tell you that. And it has a lot to do with lighting which is an easy fix. In my honest experience, and there are a rare few exceptions, nobody cares if you are fat, or skinny, where you come from, or what color you are, and they don’t care how you define yourself. I wouldn’t recommend making it your headliner either or put it on your resume. What they care about is that you look like you take care of yourself. If you don’t take care of yourself the first impression is that they won’t trust you to take care of your work. Bad lighting can make a model look homeless. That is my big tip for improving appearances, other than keeping your hair cut. So you’re welcome. Most people come on camera in T-shirts and most women on your team will only wear makeup the first few meetings then it’s like having a sister. I don’t know if you’ve ever had a sister, but they don’t wear makeup when they’re hanging around the house. I use a small device called a Lume Cube that I just recently found out about. I am mentioning this because I have terrible lighting in my office and I’ve learned the hard way that it plays a role in your work life. Also, on video it looks better to not have to use the automatic background remover with Zoom or Teams, so try facing your desk against a wall if you can but it’s not nearly as big of a deal as lighting. The Lume Cube can suction onto your laptop and you can use it everywhere you go. But note, I haven’t found the suction cup to be all that great so it might be worth getting the stand for it , too. Since I only use it at home I rubbed purple glue stick over the suction cup and put it on the back of my monitor and it hasn’t moved since. Its a simple solution and I’m happy with it. Lighting can get complicated and I just needed something that didn’t make me look like a troll. Other than for work, I use it to record my trainings for my Udemy classes. Note: In your interview wear a button-down t-shirt and wear nice pants, belt, and shoes if youre a guy. You want to feel as confident as you can for interviews. Looking your best even though they don’t know makes you feel good and it shows. I’m not qualified to give advice for ladies, sorry. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

If you can take one very big hairy audacious goal (BHAG) and break it down its many smaller goals the result is what’s called the snowball effect. Once you complete the first small goal, you get a mental boost to complete the next. And then the next. Before you know it, you’ve accomplished something and it doesn’t feel all that big anymore. Often times you’ll look back and think the hardest part about the BHAG was getting started. It really, truly is about micro goals. This is How to Set SOC Analyst Goals? I would also tell you that a successful career is about choosing your tasks and the time you spend on them with tact. What I mean by that is everyone seems to be always overworked and those who excel are those who can prioritize and deliver on the tasks that give the most bang for the buck. There isn’t enough time in a two lifetimes to complete everything that I’ve been asked to do in my career. At times I’ve been asked to do things that no one cares about and that’s the last I ever hear about it. It would take me days to do it and it would interfere with more important things to do. Then I get asked to do something that is easy to do that ultimately lands on the CEO’s desk. Which one of those two do you do? Its a no brainier, you smash the task and over deliver on the vision of the executives. The Eisenhower Matrix is a task management tool that helps you organize and prioritize tasks by urgency and importance. Using the tool, you’ll divide your tasks into four boxes based on the tasks you’ll do first, the tasks you’ll schedule for later, the tasks you’ll delegate, and the tasks you’ll delete. In this piece, we’ll explain how to set up an Eisenhower Matrix and provide tips for task prioritization. Making a to-do list is the first step toward getting work done. But how do you determine what to tackle first when you don’t have enough time to do everything in one day? With effective prioritization, you can increase your productivity and ensure that your most urgent tasks get immediate attention. The Eisenhower Matrix is a task management tool that helps you distinguish between urgent and important tasks so you can establish an efficient workflow. Dwight D. Eisenhower — the 34th President of the United States and a five-star general during World War II — presented the idea that would later lead to the Eisenhower Matrix. In a 1954 speech, Eisenhower quoted an unnamed university president when he said, “I have two kinds of problems, the urgent and the important. The urgent are not important, and the important are never urgent.” Stephen Covey, author of The 7 Habits of Highly Effective People , took Eisenhower’s words and used them to develop the now-popular task management tool known as the Eisenhower Matrix. The Eisenhower Matrix is also known as the time management matrix, the Eisenhower Box, and the urgent-important matrix. This tool helps you divide your tasks into four categories: the tasks you’ll do first, the tasks you’ll schedule for later, the tasks you’ll delegate, and the tasks you’ll delete. Urgent tasks require your immediate attention. When something is urgent, it must be done now, and there are clear consequences if you don’t complete these tasks within a certain timeline. These are tasks you can’t avoid, and the longer you delay these tasks, the more stress you’ll likely experience, which can lead to burnout. Like the Executive high-visibility request above. OVER deliver on that. Important tasks may not require immediate attention, but these tasks help you achieve your long-term goals. Just because these tasks are less urgent doesn’t mean they don’t matter. You’ll need to thoughtfully plan for these tasks so you can use your resources efficiently. Quadrant 1: Do Quadrant one is the “do” quadrant, and this is where you’ll place any tasks that are both urgent and important. When you see a task on your to-do list that must be done now, has clear consequences, and affects your long-term goals, place it in this quadrant. There should be no question about which tasks fall into this quadrant, because these are the tasks that are at the front of your mind and are likely stressing you out the most. These are the phishing emails to executives. Quadrant 2: Schedule Quadrant two is the “schedule” quadrant, and this is where you’ll place any tasks that are not urgent but are still important. Because these tasks affect your long-term goals but don’t need to be done right away, you can schedule these tasks for later. You’ll tackle these tasks right after you tackle the tasks in quadrant one. You can use various time management tips to help you accomplish the tasks in this quadrant. Some helpful strategies may include the Pareto principle or the Pomodoro method . These are your development goals. Quadrant 3: Delegate Quadrant three is the “delegate” quadrant, and this is where you’ll place any tasks that are urgent but not important. These tasks must be completed now, but they don’t affect your long-term goals. Because you don’t have a personal attachment to these tasks and they likely don’t require your specific skill set to complete, you can delegate these tasks to other members of your team. Delegating tasks is one of the most efficient ways to manage your workload and give your team the opportunity to expand their skill set. As a junior SOC analyst, theres no one below you. If you have an MSSP, it would be a good time to see if the tasks can be delegated to them. But, you do have teammates, and you should act like a team. If you pick up a ticket and someone else is already halfway through working on a similar ticket, don’t be shy and ask them if they’d like to work on this one too. It makes their metrics look better and keeps the SOC efficient. This is queue management Quadrant 4: Delete Once you’ve gone through your to-do list and added tasks to the first three quadrants, you’ll notice that a handful of tasks are left over. The tasks left over are tasks that weren’t urgent or important. These unimportant, non-urgent distractions are simply getting in the way of you accomplishing your goals. Place these remaining items on your to-do list in the fourth quadrant, which is the “delete” quadrant. But remember, if something you deleted keeps popping back up on your radar, its time to reevaluate the importance of the task. These are special projects that you don’t have any time for Zig Zigler will say “You can have everything you want in life, if you will just help other people get what they want.” I will always encourage people to ask me for things because I believe in the motto, “If you never ask the answer is always no”, and I’m not afraid to say no. So prioritize correctly, get more done, and push the envelope sometimes in your career if you deserve it. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .