A decree for the ages. Cybersecurity Certs are Dead After you look through hundreds of resumes from certification factories (people who get one certification after another), they all seem to blur together. This is Cybersecurity Certs are Dead? "How many certs do I need?" or "What kind of certs do I need? The question comes up again and again, and I'm here to tell you that cybersecurity certifications are dead. They won't make you stand out anymore. While they are great achievements, they don't make a hiring manager scream, "THIS IS THE ONE." Two things will make you stand out: A strong personal brand, and Hands-on experience A strong personal brand A hiring manager will review a resume before the interview. Before they know if you have hands-on experience, you have to make them want to email you back. Your two-page resume should scream, "You know you want to talk to me." A link to your blog should be at the very top of your resume. If you have a link there, the hiring manager will click it and briefly scan your blog to see what you've been up to. Your blog should be personable. Against conventional advice, it should show your personality. You should write in a language that is natural to you and avoid sounding too formal. Your blog should have walkthroughs and how-tos of labs you've done here at Cyber NOW®. Pick one of the dozens of labs and write your version. Change it up some, give credit to me (please), but do it. Your blog should also contain reviews of Jump-start Your SOC Analyst Career, SOC Analyst NOW!, and any other training you've done. Write about how you felt the training went, what you learned, and how you will apply it to your career. Your blog should be about your journey to becoming an SOC analyst. Write about your successes and failures. Be honest about areas where you can improve by writing about your shortcomings and what you're doing about them. Write about how difficult it is to land a job in cybersecurity, but it means so much to you. In addition to your blog, you should be attending local meetups. Places like Def Con groups, OWASP, 2600, BSides, hackerspaces, makerspaces, and any conventions that are nearby. Get out of the house once or twice a month and do this. You should find opportunities to present and volunteer at these meetups. There should be a section at the bottom of your resume for Volunteering/Presentations/Publications, whichever fits. This should lure the hiring manager into finding out more about you. You should also create a GitHub page with information about the projects you've worked on, your home lab, and your involvement in the community. There should be a link at the top of your resume next to "blog" that says "GitHub." You can try teaching by making short YouTube videos or creating a course on Udemy. Udemy requires a lot of work, but it's not as bad as you think. Your goal isn't to make a bunch of money; it's to list a course or training on your resume. Who cares if it's not popular? These things will spark the hiring manager's curiosity to want an interview. Hands-on experience You've got the interview now, and this is when your hands-on experience will shine. Wait? What hands-on experience? By now, you should have been participating in the Cyber Range here at Cyber NOW® and completed the dozens of projects that we have walked you through. The muscle memory with security analysis will help you answer questions in the interview about how you know if something is bad. The projects give you much experience with system administration and the cloud. These are all topics they might ask you about in your interview. If you do all of this, you will be recognized as someone who walks the walk and isn't just out to add letters to their name. It's essential to have a few critical certs like the Sec+, even Net+, but more is not better. It's time to change your strategy because the role of certifications and education has changed. The jobs now go to those most qualified to do the work, not necessarily those who could afford a premium education or a bunch of certifications. It doesn't take much money to learn cybersecurity, believe it or not. Be the only one who does a lot more with a lot less; in this declining economy, that is how you will earn the respect of your superiors.

Is the 5-Step SOC Analyst Method a Method or Template? Security analysis is what security analysts do. There's no escaping it. If you aren't interested in security analysis, then a SOC analyst may not be the best role for you. The SOC may just be a stepping stone, but you'll have a hard time moving out of it if you're not good at security analysis and aren't a great SOC analyst. At first glance, the five steps look like a template for documenting a security event. And it is that. But it's more than a template because it teaches you a method for conducting security analysis. Each step comes in a particular order, and inside each step is a way to transform a security log into a conclusion about whether something is malicious activity or not. More than anything else the 5-step SOC analyst method is a training tool to teach you how to do security analysis. Many companies may not even want you to spend the time documenting your analysis in such a verbose way. They might even just care about the conclusion. Many managers just want to see their metrics get better and could care less about analysis (or even if it's any good). Unfortunately, that is the world we live in, where the security posture of an organization is just a number of how many alerts have been analyzed but take no heed of the quality of analysis. This leads to who can close alerts the fastest and an ever-growing number of alerts to be analyzed since no one has the time to improve on the SOC. If you're stuck at one of these companies, my advice to you is to find work elsewhere when you can. You will not learn anything there that is valuable to you in your career moving forward, and it will feel like a dead-end job that's no more than a factory line sweat job. I have worked at companies like these before, and I resigned. If at any point in your career, you're not learning, it's time to move on. For Managers that do value analysis, results, and the overall security posture of the organization they are running, they won't see the 5-step SOC analyst method but see your thoroughness, and they will also see the diligence and care you take to protect the company. Coupled with your recommendations for improvement, they will see you as someone who is capable of producing a more efficient SOC, and you will be picked to help automate the SOC. Automation is what every SOC is trying to do and is the skill most in demand in the SOC, and they won't ever pick someone to help automate who doesn't know how to do a thorough analysis. Is the 5-Step SOC Analyst Method a template? Yes. Is it a method? Yes. But more than anything else it is a training tool for you to practice to become efficient at security analysis. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here

What are the Risks of Cloud Computing? Like any disruptive technology which comes along and shakes things up; cloud computing brings its own unique challenges and risks. Understanding these risks is the first step to putting in a proper mitigation strategy to protect your data in the cloud. Despite the cloud’s obvious advantages, it is a seriously bad idea for companies to jump into cloud adoption without knowing the security risks. This is What are the Risks of Cloud Computing? So, without further delay, let's look at some of the key risks in the cloud Lack of Cloud Security Skills Easily the number one challenge facing most companies is the lack of cloud security skills. The cloud has a learning curve and without investing in training and certifications; cybersecurity teams will not be able to meet the challenge that cloud security brings. Remember that the cloud removes several of the security perimeters which companies take for granted and replaces it with other (and in some cases better) controls. There is already a lack of cloud expertise in the market and an even bigger gap for cloud security. The 2022 Cloud Security Report states that shortage of experienced staff is one of the biggest barriers that stops companies from going all in when it comes to the cloud. This problem becomes even greater in a multi-cloud environment which puts a huge burden on your IT and cybersecurity teams. Securing one cloud is hard enough but imagine trying to secure multiple! Unless CIOs and CISOs think smart and put dedicated cloud training in their roadmaps they will find themselves saddled with a cloud environment that is just waiting for a data breach to happen. This relates also to the next risk. Misconfigurations Misconfigurations in the cloud are the primary reason for most data breaches and it grows exponentially with the size of your cloud footprint. This directly ties into the previous risks as staff without proper training are more prone to make these mistakes. The cloud makes it VERY easy to make changes and push them to production thus a simple mistake can lead to your database containing credit card numbers being exposed over the internet. Despite cloud providers putting in numerous controls to prevent these mistakes from happening, customers are frequently unaware of their security obligations. We will discuss this in detail when we go over the Shared Responsibility Model. Most cybersecurity teams also do not take advantage of the cloud’s native security controls and automation resulting in delayed response times. Increased attack surface The public cloud by its nature is accessible outside an organization’s on-premises perimeter and thus becomes a very attractive target for attackers. Poorly configured cloud storage, ingress ports can become the steppingstone they need to access and take over workloads in the cloud. This problem also increases with the common mistake of companies accidentally hard coding and storing their credentials in cloud repos which are regularly scanned by attackers. Security in the cloud requires a mindset change and a focus on identity as the firewall which leads us to the next risk Lack of Focus on Securing Cloud Identities Managing identities on the cloud becomes a major problem if it is not given priority at the beginning. As a cloud environment increases, user management becomes increasingly complex as each cloud usually has its own identity store which is set up differently with different authorization policies and access privileges. AWS Identity and Access Management (IAM) and Azure Active Directory are different from each other and managing identities can become a major hassle unless you have a strategy setup for handling this from the start. The best way to solve this issue is to federate to a Single Sign On solution so you have a single source of truth for your identities. This is much easier than handling each cloud identity differently and allows the centralization of user access policies. We will discuss this in detail when we go over cloud security tools in the coming lectures. Lack of Standardization and Visibility CISOs (pronounced see-so’s) or Chief Information Security Officers who have executive leadership of cybersecurity teams often have two main concerns in the cloud: How do I enforce security controls consistently in all cloud environments? How do I know what is happening where in the cloud? Enforcing your cloud security policies can be a serious challenge in one environment but imagine doing that in several! Azure, AWS, and Google each have different security tooling, and enforcing a cloud security standard uniformly across the same can be a massive challenge if done manually. The lack of visibility and control is further extended in the Platform as a Service and Software as a Service cloud models. Cloud customers often cannot effectively identify and quantify their cloud assets or visualize their cloud environments. Additionally, you can potentially have hundreds to thousands of daily automated changes happening in your environment which are impossible for security teams to secure unless they invest in something like a Cloud Security Posture Management tool (CSPM). In short, a CSPM will automate the detection and remediation of cloud policy violations provided it is implemented properly and give you a centralized dashboard of your cloud security posture. Data Leakage We discussed Broad Network Access earlier as one of the defining characteristics of cloud computing. The cloud was designed to make IT services and systems available at any time and place without the restrictions of physical infrastructure which is amazing. Unfortunately, as a side effect, it also increases the risk of data leakage and exfiltration as the traditional security perimeter went away. The ease at which data can be shared i.e., with a simple URL or button click can become a major cloud security issue if staff are not aware of what they are doing. For example, sharing collaboration links to third parties without putting in restrictions can lead to a cloud folder being accessible over the entire internet. This problem increases with the number of vendors and service providers that usually are provided access to a company’s cloud infrastructure. Around 51% of teams cite accidental over sharing as a major concern for companies considering cloud migrations especially if their workloads contain customer data or PII. One of the best ways to mitigate the risk of data leakage is via implementation of a Cloud Access Security Broker (CASB). Data privacy and compliance Data privacy and compliance is another area that can become a key cloud security risk for companies that rush into cloud adoption. Standards like PCI DSS, HIPAA (pronunced hippa), and GDPR require controls to be put in place or limit access to sensitive data such as card numbers, medical data, PII, etc. and this requires a good understanding of cloud security controls to be effectively done. The cloud operates on a shared responsibility model and compliance is shared between the customer and the cloud service provider. Most providers are usually compliant with standards like PCI DSS, NIST, HIPAA (hippa), GDPR, etc. however customers need to understand where their obligations begin and this changes depending on what model or service they are using. Data Sovereignty, Residence and Control One of the great features of the cloud is how easy it is to move data between geographical regions which makes disaster recovery and continuity much easier than on-prem. However, this same issue can also become a regulatory nightmare for companies who must comply with strict data residency laws. Data residency refers to where data can be stored and is usually governed by a country’s data laws with strict fines for non-compliance. In some cases, it is not allowed to transfer data out of a country’s borders which becomes a problem if a company does not even know where their data is being stored. Make sure you are aware of the fine print in your cloud service provider if you have data residency controls before you start putting customer data in the cloud. Incident Response in the Cloud Less of a risk and more of a mindset change but this is still important enough to be mentioned is incident response and how it changes. In the cloud, changes can happen rapidly and if your company is still relying on email tickets to be raised before the security team investigates anything then you might be putting your environment at serious risk. The cloud lends itself to automation and without using cloud-native controls, the security team will find themselves unable to respond effectively to potential security incidents. Summary We quickly covered cloud computing risks. The majority of these risks are a result of the skills required to effectively manage assets in the cloud. The cloud is fast emerging and even faster adopted and it has so much power to make data available at the click of a button that the majority of risks associated with the cloud are unintended misconfigurations by your own people. In security, our data is often our crown jewel and the cloud, by design, makes it so that data is easily accessed and shared. To complicate things more, formal incident response hasn’t been well ironed out in most cases. Knowing where your data is, and governing who has access to it is among the top concerns of security in the cloud. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here

The following is a list of common interview questions that might be asked during an interview for a junior SOC analyst. Some are very basic and some are harder, but we feel if you can answer these questions you have the required technical knowledge to become a SOC analyst: What is an RFC 1918 address? Do you know them? Define a Class A, B, or C network. What are the seven phases of the cyber kill chain? What is the purpose of the Mitre ATT&CK Framework? What is the difference between TCP and UDP? What are ports 80, 443, 22, 23, 25, and 53? What is data exfiltration? What Windows protocol is commonly used for data exfiltration? Do you have a home lab? Explain it. What is AWS? Azure? Explain how you’ve used it. What is a DMZ, and why is it a common target for cyberattacks? The importance of having technical knowledge cannot be overstated. The above questions are pretty simple, but you might be surprised to learn that seven out of ten candidates don’t know the common TCP/UDP ports used by modern services. I highly suggest using a common study guide to prepare for your interview. An example of this is the website Quizlet.com . They provide a flashcard style learning platform for information technology certifications like Network+ or Security+. Also, Udemy has a few SOC Analyst interview question courses that you can take. Despite the need for a basic understanding of information technology, that only covers half of the requirement to be a SOC analyst. An analyst should be a critical thinker and possess an acumen for problem solving. Interviewers will usually test a candidate’s ability for problem solving with scenario-based questions. Let’s cover some scenarios I’ve seen and used to conduct interviews: “You are a tier 1 SOC analyst, responsible for monitoring the SOC inbox for user-reported incidents. The SOC receives an email from the VP of Human Resources stating that they can’t access their personal cloud drive. The VP knows this is against company policy, but the VP is adamant that this is required for legitimate business requirements.” Do you process the access request for the VP? What is your response to the VP? Who else should you include in the reply email? “You are monitoring the SIEM dashboard for new security events. A network IDS alert is triggered, and you begin investigating. You see a large amount of network traffic over UDP port 161 originating from dozens of internal IP addresses, all with the same, internal destination IP address. Some quick Googling shows that UDP port 161 is used for by the Simple Network Management Protocol and the byte count of the traffic is miniscule.” Do you think this is data exfiltration? If this is not data exfiltration, what legitimate services could cause this alert?, What team could provide an explanation for the traffic? The first scenario is an example of what you might be asked when applying for an entry level analyst role, while the second is a little more advanced. Let’s go over what the interviewer is looking for. Scenario 1 is designed to identify if the applicant can be easily intimidated by senior leadership in your organization. Information security is the responsibility of all members of the organization; it should not be waived for the convenience of one senior leader. The larger lesson here is about making risk-based decisions. A junior analyst should never assume the risk of policy exceptions. The interviewer will ask how the applicant will respond to the VP as it will showcase their experience with customer service. Customer service is another very important task of a SOC analyst. Whether working for an MSSP or for a company internal SOC, there will be times when interfacing with other teams will require the analyst to show a certain level of tact and professionalism. The third question helps the interviewer to understand the prioritization skills of the analyst. If an analyst is working with a VP, there is a high probability there is a procedure around communicating with senior leadership within the org. Scenario 2 is designed to test the applicant’s critical thinking and technical knowledge while also providing the interviewer with insight to the applicant’s investigative reasoning. This scenario also gives insight to the most important quality of a SOC analyst; if you don’t know the answer, admit it. The last thing the SOC team needs is a “know-it-all”; they are dangerous and toxic to the workplace. If this KB teaches you one thing, let it be this lesson. There will be questions you can’t answer, and that’s fine. The worst thing you can do is give a wrong answer with the confidence that you are 100% correct. Remember that the above scenarios are examples only; each interviewer will use their own set of questions. The goal remains the same, to locate and select the best applicant for the position. Our goal is to assist you in becoming that applicant. One last thing to end this KB. You are entering the world of “cybersecurity”. Cybersecurity is defined as , “measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack” This is always correctly spelled as one word to denote a profession, a practice, even an industry. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here

Searching for the two most important SOC skills. What are the Most Important SOC Skills? As I sat and thought about the two most important SOC analyst skills, I started to write them down, and my list turned into eight items. This is What are the Most Important SOC Skills? This is my list of examples of the content I have covered. Cybersecurity Analysis How to do security analysis Operating System fundamentals & Networking fundamentals SOC Analyst Prerequisite Skills Networking (people) & Effective Communication SOC Analyst JOB Hunting Scripting (not necessarily full development) Cloud Technologies (AWS, Azure, Terraform, Serverless) 30-minute Honeypot Project Azure Cybersecurity Labs SOC Analyst Projects SOC Analyst Projects As I looked over this list, I had to categorize skills into two categories: hard technical skills and soft skills. Then, I had to pick one from each category, as being an SOC analyst is a delicate and equal balance of the two. Hard technical skills can sometimes be trained much faster than soft skills. Technical skills can be taught by reading, studying, and following a clearly defined learning path, whereas learning soft skills is often trial and error and practice over time. Hard Technical Skills The award for the most valuable complex technical skill goes to  networking   because you can get by with not knowing how to use Active Directory for a while, and no employer will expect you to know already how to conduct a security analysis (it will give you the edge!). Both of these require a prerequisite of networking fundamentals. Soft Skills In the age of remote work and the duties of a SOC analyst, the most valuable soft skill award goes to  understanding.  So much of our daily lives consists of reading and writing emails, security analysis, instant messages, text messages, LinkedIn, and everywhere else. Sometimes, getting lost in different understandings with pages of text is easy. People tend to be less verbose with their thoughts over text because it takes longer to type them out than to speak. So much of our lives is directed by a lesser form of understanding other people. Conclusion As you can see, the most essential thing a SOC analyst can learn is how to communicate. Whether that be computers talking to computers or pinging your teammates on chat, you’re communicating all day long. No system can have security when it is open to talking to others; that is the breath of life into cybersecurity. The cybersecurity industry exists because computers are interconnected. Mastering the basics of communication will lead to a foundation built on cement; it doesn’t change much. How to learn these skills Gaining the CompTIA Network+ certification is an excellent start in learning networking. The best way to learn to improve and provide more clarity in reading and writing is to get a blog on Medium. Then, get a subscription to Grammarly and study the changes they suggest. If you continue to use Grammarly as intended, it will force you to start thinking about how you're communicating, and for me, I wrote in more ambiguity than I thought. It wasn't as clear as I thought. Also, as a practice, any word that you come across that you aren’t familiar with, don’t just ignore it… Look it up! Not in the Oxford (Google) but in Merriam-Webster. Merriam-Webster’s word requirements are much stricter, and Merriam-Webster should be your go-to. If the definition doesn’t fit the context, you can try that word on Urban Dictionary, but never let a sentence go by that you didn’t comprehend. As my challenge, I will give you a single magic question to ask others to jump-start your soft skills journey. "How did you come to that conclusion?" Sit for a minute and think about how impactful that would have been in resolving your last misunderstanding and how often you or someone you know has been misunderstood. Don’t breeze over these suggestions. No one wants to hear that networking and understanding are the most essential skills, but they are true, and the time spent studying them will surely pay off. Take your time learning how computers and SOC analysts talk by reading and writing, and remember to ask the magic question every time to ensure you've understood. Communication is a grossly undervalued skill among tech geeks.

How to use ChatGPT as a SOC analyst? This KB will discuss what ChatGPT is, a disclaimer for use, and how to use it as a SOC analyst. This is How to use ChatGPT as a SOC analyst? What Is ChatGPT? ChatGPT is the best chatbot humans have ever seen. There are all sorts of fancy words to describe how it works, like the Large Language Model (LLM), or Generative Pre-trained Transformer (GPT), or Machine Learning Driven Research Stealing Internet Models Without Giving Credit to People (MLDRSIMGCP). I just made the last one up but it sounds right. It’s designed for natural language understanding and generation. You can interact with ChatGPT to ask questions, get information, converse, or seek assistance. The model has been trained on various Internet texts, allowing it to respond to multiple queries. And it’s useful, but limited. It’s important to note that while ChatGPT can provide helpful and informative responses, it may not always be perfectly accurate or contextually appropriate. Almost everything about being an SOC analyst is in real time. ChatGPT 3.5 cannot give you information about website reputation, IP reputation, file reputations, whois information, or any other steps described in The SOC Analyst Method. At the time of this writing, the data used by ChatGPT is only current up to January 2022. Since most indicators of compromise have a short shelf life, it is out of the question to use ChatGPT to verify the reputation of IOCs. But there are a few applications for ChatGPT that you will find very relevant as a new SOC analyst, which can help springboard your career and lessen the water from the firehose you’ll drink in the first year.  Disclaimer on Terms of Service for ChatGPT No one ever reads the terms of service for a product, but you might want to glance over ChatGPT's if you find yourself working for a company and decide to use ChatGPT to analyze some code found on a computer you’re investigating. OpenAI, which created ChatGPT, now has that code saved on its systems. You might ask, “So what?” The code triggered an alert, and you were just doing your job, right? In this scenario, what if you worked for a software company and the code is part of an app under development that hasn’t been released to the public, and you’ve inadvertently given it away to OpenAI? Therefore, some companies have policies against using ChatGPT and other LLM AI models. Before using ChatGPT for official business, be sure to understand your organization’s stance on using it. With that said, let’s have some fun.  Code Review ChatGPT knows what malicious code looks like with some degree of certainty, and it knows how to analyze it for vulnerabilities, but likely not better than tools designed for this task. You might find an occasion to paste a script into ChatGPT and have it explain its context and nature to you without reading it line by line, even if you know the language. You can also ask if it looks malicious, and take the information it gives you to study it further. This is particularly helpful to an analyst when analyzing PowerShell from your endpoint tool, or perhaps JavaScript from an IPS alert. When you see those alerts, you can pop the script into ChatGPT and ask questions about it. But the reality is, this would rarely be practiced in the real world. If you’re seeing it now, then your endpoint tool, IPS, WAF, or whatever has already alerted you that it looks malicious, and those tools should be used first as a source of truth because that’s what they specialize in. However, if the tools don’t give you enough information, pasting it into ChatGPT might give you additional insight. EXERCISE ONE Go to https://github.com/explore  and find a random, publicly available piece of code and copy it into the ChatGPT message bar and ask, “What does the above code do?” This will give you an example of how ChatGPT can be used effortlessly. It doesn’t matter if the code is 20 lines or 500 lines long; ChatGPTwill explain the purpose of the code in simple language.  File Paths You might find an opportunity to paste a file path into ChatGPT to have it determine if it belongs to a legitimate application. Let’s consider that this data is two years old, so it can only be used to check what it’s seen before, not as evidence that something is malicious because the file path is anomalous. New files come out daily that are entirely legitimate, and old files get new file paths. Sometimes, it’s worth a quick check to confirm a file is in the correct place.  EXERCISE TWO Go to ChatGPTand type in: “Is this file path malicious C:\WINDOWS\System32\Wbem” “What file path does Malwarebytes typically install to?”  Creating Queries for SOC Analysts ChatGPT can be used to write YARA rules, Suricata rules, KQL queries, SPL queries, and many other syntaxes for threat hunting or creating rules or alerts. This is the most effective and helpful way to leverage ChatGPT as an analyst. It does this fairly well; you can describe what you want it to find in natural language. This can be extremely helpful to you as a new SOC analyst because you likely need to gain familiarity with these tools to create custom threat hunts or alerts yourself. It may require editing, but it’s much easier than starting from scratch.  EXERCISE THREE Go to ChatGPT and tell it, "Write a Splunk query that shows me all logs that contain hashes from all indexes" Enter that query into Splunk and the result is all the malware that we've captured so far in the cyber range. - Take the hash and go to VirusTotal and enter it in the search. - Take the hash and Google it for sandbox results. - Any interesting websites with information about it on Google? 1. What is the name of the tool or malware that this hash relates to? 2. What do you think the attacker was looking for? EXERCISE FOUR Go to ChatGPT and tell it, "Write a Splunk query that creates a table of the most source ip addresses descending order over the past 24 hours." Be sure to read the ChatGPT output and change "src_ip" to "src". - Take the IP addresses and go to VirusTotal and enter it in. - Take the IP addresses and go to IPVoid and enter it in. - Now Google the IP address and see what open source intelligence you can gleam - Now do a whois on the IP address to get context on who owns it. 1. Do you think this IP address is malicious? 2. Are there any other things hosted at this IP address? 3. How long do you think this IP address has been used this way? Rewriting One useful function, especially to those writing in their non-native languages, is the ability to leverage ChatGPT to rewrite your sentences. Report writing and rewriting summaries from the SOC Analyst Method are valuable to us as the SOC is often a global workplace. English might not always be our first language, or even if it is, it may benefit you to have ChatGPT make a write-up. I gave it details and asked it to write a formal Root Cause Analysis (RCA). With minimal editing afterward, I could deliver it to a customer, saving time. But be careful, as sometimes ChatGPT can misconstrue the meaning behind your words and add ambiguity and vagueness where there was once clarity. You may be surprised at the result but don’t let it misinterpret your findings.  EXERCISE FIVE Ask ChatGPT to rewrite the Declaration of Independence. Would you allow ChatGPT to rewrite things without approval? ChatGPT as a Weapon We’ve discussed how ChatGPT can aid junior Analysts in their day-to-day work; now, let’s talk about how bad actors can use it for malicious means. In a previous article, we spoke of phishing. To recap, phishing is a crafted email meant for a user to visit an evil website or download a malicious file. Historically, one of the tell-tell signs of a phishing email is typos or grammatical errors. This was because English is likely a second language for the person crafting the email. Now, through the magic of LLMs and ChatGPT, an attacker can write an email in their native language, give it to ChatGPT, and ask it to be translated into any language they want with better accuracy than traditional translators. Let’s give it a try; the following is a short phishing email I wrote in English. “Hello, EvilWebsite.com is committed to providing you with the best possible shopping experience. Our website features the latest products from top brands, and we regularly offer discounts and promotions to help you save money. Click the link below for free shipping on your first order.” Now, let’s see what ChatGPT outputs when I ask for it to be written in Spanish. “Hola, EvilWebsite.com está comprometido a ofrecerte la mejor experiencia de compra posible. Nuestro sitio web presenta los últimos productos de las mejores marcas, y regularmente ofrecemos descuentos y promociones para ayudarte a ahorrar dinero. Haz clic en el enlace de abajo para obtener envío gratuito en tu primer pedido.” How about German? "Hallo, EvilWebsite.com ist dazu verpflichtet, Ihnen das bestmögliche Einkaufserlebnis zu bieten. Unsere Webseite bietet die neuesten Produkte von Top-Marken, und wir bieten regelmäßig Rabatte und Aktionen an, um Ihnen zu helfen, Geld zu sparen. Klicken Sie auf den untenstehenden Link für kostenlosen Versand bei Ihrer ersten Bestellung.”  Regardless of the language, ChatGPT can convert it with minimal effort. Overall, OpenAI has done an excellent job of making ChatGPT a safe tool. In the early days of ChatGPT, someone could have ChatGPT write simple scripts that could destroy a computer’s filesystem. However, ChatGPT is one of many LLM AIs on the Internet. At DEF CON 31, there were multiple demonstrations of locally hosted LLMs that were trained to develop malicious code or run a malware Command and Control server. As AI progresses, we will continue to see it used by hacking groups and scammers.  Summary While ChatGPT is relatively straightforward, knowing when to use it is a little more complex. As we’ve discussed, it does not contain real-time information, limiting its value to us as SOC analysts. Its most valuable use case is that it can write queries for you in languages you haven’t likely come across yet, making security analysis tools faster and more accessible. As ChatGPT continues to improve, even adding the ability to search the Internet, it will increase in relevance to us. However, it will still be limited in the data it can reach without tool licenses. Rewriting is another function of ChatGPT that can help with communication as the SOC is a global workplace, often with challenging barriers for those whose first language isn’t English. Lastly, you can always query ChatGPT for general information about cybersecurity as you would Google. For example, what a particular Windows Event ID might be, and it might save a few minutes of standard Internet searching when it delivers the correct answer immediately.

How Much Does a SOC Analyst Make I've lived a pretty extraordinary life. I've made a ton of money, and I finally got to the point where money just wasn't making me happy anymore. I had to do something I felt was worth doing. I lost interest in going to work and doing what felt like brainless work for tons of money. I felt like Sisyphus. In fact, I made several posts on Facebook about how I hated my Sisyphean life. And it was true—I hated every single thing about it. This is How Much Does a SOC Analyst Make? Sisyphus comes from Greek mythology. He was to push a boulder up a hill, and then it'd just roll back down, and he'd have to push it back up the hill. So, for eternity, he was just pushing a bolder up a hill in a pointless endeavor with no meaning or purpose, and that's how I felt. I had already traveled the world, bought expensive toys, and bought big houses. Money had no purpose for me anymore other than to let me eat and put a roof over my head, which I figured was a small amount of my actual income. It became more important to me to be fruitful in what I did with my time than to be reimbursed for something meaningless. So, I left a $185,000-a-year job. Well, that's not even entirely accurate. I just gave up on it completely and stopped doing anything. Not by choice; it was more of an intrinsic feeling of what I was doing here that paralyzed me completely. But if you ever do, you probably have a long way to go before you reach the point I have. Most people are quite content with their lifestyle. I lived some amazing years full of bliss, and I believe everyone should go through that in their life. So, I will get personal with you and tell you about my journey. Salaries depend heavily on where you live and are adjusted by the cost of living.  These salaries come from Cumming, Georgia which is a suburb outside of Atlanta. The following information is anecdotal experience based on average salary expectancy outside of a large city. Tyler's Career Trajectory (Atlanta, Georgia) $55k / yr in 2013 as an entry-level SOC analyst $75k / yr 1.5 years later as a SOC analyst at a different company $105k / yr one year later as a Sr. SOC Analyst $135k / yr one year later as a Sr. Security Engineer $135k / yr + 25k in RSUs two years later as a Sr. Security Engineer $160k / yr two years later as a Cybersecurity Architect $140k + 10% bonus/yr six months later as a Cyber Advisor $185k / yr a year and a half later as a SOC consultant Meanwhile, I was flipping houses when the real estate market was hot and made a few million dollars in a year or two. It's typically easier to find a job in an MSSP to start your career as a SOC analyst, but they pay less. Currently, expect to make about $60-$80k at an MSSP. The starting salary of a permanent SOC analyst at a company's internal SOC is $80-$100k. Everyone wants a permanent role, but contracts are becoming more common. Take them. Take the contracts. Take the first job at an MSSP for a decreased salary if you have to.  There is a big pay increase from SOC Analyst to Senior SOC Analyst, which lasts only about two years. Senior SOC Analysts make well over six figures everywhere in the country. So, best of luck to you, and I hope you have some amazing years ahead of you like I did. Don't feel bad for me; I am finally doing something that has a point again: helping you live those amazing years I did. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here

It is CRAZY in the SOC analyst job market right now! There are tons of candidates looking to get their little feet in the door with cybersecurity and those who were recently laid off are also willing to take any job they can get, including junior positions. I believe that when COVID happened, people wanted to work from home so there was a flood of people starting college for cybersecurity then. Now here it is, four years later, they are graduating and all the jobs have been moved back on-site or partially on-site. There are a few things that you can do to stand out to make yourself 'different' than the rest, but in a good way! The first thing is by having a blog. Blogs Medium should be a requirement for anyone starting out in cybersecurity. Most people don't know what they could possibly have to say and I am about to tell you. Write about your experiences becoming a SOC analyst. Things like what motivated you to go down this path, are you having trouble finding work, and what you are doing about it. Kind of like your personal, yet professional, journal. Be a little personal about your life, but keep it well kept. Write reviews about training and learning resources you've watched or used. If you've watched a cool video, write a blog post about what you've learned and what you thought of it. Write about any classes or training programs you've taken, how you liked them, and if you'd take them again. Write how-to's or tutorials. Finished a cool CTF like a TryHackMe lab? Do a write up on it. Write about your projects that you've been working on. Write instructions on how to complete it if one of your colleague's wants to. It doesn't matter if there are 100 ones just like it, write it up anyway. Blogs should be written on Medium, but then shared as an article on LinkedIN. This means copying and pasting the content into a LinkedIN article instead of posting the Medium link. LinkedIN has changed its algorithm and now links get demoted a lot. While this might be OK for you because your interviewer will go to your LinkedIN and would find the link directly, your LinkedIN network would miss out on it because they'd never see it like they would if it was a native LinkedIN article. Medium has a very large built-in audience as well, so at the bottom of every blog include a footer for "About the Author" with a link to your LinkedIN. You want to continue to grow your LinkedIN and Medium. Just keep picking and choosing the most relevant topics for your posts on Medium with large audience sizes and you'll build a following, but it might take a few weeks to see some activity. You want to post at least two articles a week on Medium and cross post them to LinkedIN. GitHubs Another way to stand out is to create GitHub pages for your projects that you are working on and share the resources that you find that others might be interested in. Part of showing passion is showing community spirit. To be a servant leader. To lead is to serve your colleagues. The way you'll rise above your competition is by helping others. Zig Ziglar said it best: Volunteering Volunteering at DEF CON, or BSides, or your local DEF CON group, 2600, OWASP, or a hackerspace is a great addition to your resume. If you have any volunteering experience, you should add that to your resume. It doesn't take much to volunteer, maybe a day or two, and has a high impact on your candidacy. It also helps you get to know people better and puts you in a higher social standing in the community. Its also a way not to feel uncomfortable because you actually have a reason to be there instead of showing up at a conference alone knowing no one. Presenting and Local Groups Kind of in the same category as volunteering but a little more special for you is presenting at local groups. If you show up enough times you might notice them calling for topics and providing opportunities to present at a meeting. This also can be added to your resume and looks really nice and there's no better way to begin making a name for yourself than to stand in front of a group and be an expert at something. SOC Analyst Projects Projects will always make you stand out, and your big ones can be listed on your resume if you don't have a lot of experience. I list the courses I create and my book on my resume. Your projects don't have to be that big but your projects will get noticed if they're on your resume. One that should be on every SOC Analyst resume is the Modern Honey Network , in my humble opinion. Home Lab While your home lab won't make it on your resume, having one is imperative for interviews. It doesn't require a huge investment, in fact, preference for your lab is if its in the cloud. You can spin up a lab, do some work, and destroy it for just a few bucks. But you want to write about it so you never forget what you did. Document, Document, Document. You want to have this story memorized of how you built your home lab in the cloud for your interviews. Keep up with the news You will inevitably get asked the question about what happened in the news recently, and you should be able to tell them the last thing that you saw that stuck out. BUT go the extra mile and explain to them all of the various new sources that you follow including podcasts and blogs. Twitter, LinkedIN, The Hacker News, The Darknet Diaries, Security Weekly,. etc. And what you're favorite one is! All in all, you are wanting to show that you're a more up-to-date and passionate SOC Analyst than the next guy. Impress them with how connected and involved you are. And razzle and dazzle with stories of your home lab and projects. These are the things that are going to make you stand out from your peers that aren't education and certification related. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

What is the SOC Analyst Interview Process You've spent all this time getting training, then you applied for jobs and then finally, you got a call back for a SOC analyst position. The interview is set up. In this article we will talk about how the interview process is going to go. This is What is the SOC Analyst Interview Process? Recruiter Interview for SOC Analyst The first interview is always the recruiter interview. This will be a 15 to 30 minute interview to get your background information and make a few notes about you. Then they will tell you that they will submit your resume to the hiring manager. You don't get a decision during this call, and it's usually is a telephone call, that you're moving forward or not. They just tell you they're going to submit your resume to the hiring manager and its up to the hiring manager to decide after reading the notes whether or not they want to pull you in for an interview. For this interview you want to have your background story recited and straight. You need to know how, when, and why you got started in cybersecurity. What led you to this very point. This spill needs to have fluency so you want to have practiced it. You also want to talk about what you're passionate about and give the spill about your projects and home lab. Don't leave this interview or any interview without talking about your home lab. This information will be used again, and again, throughout your career. Make sure its authentic. The smoother this story goes the better your chances the recruiter actually will forward your resume to the hiring manager instead of just telling you they are and never doing it. The second interview is the team or SOC Manager interview. I have seen it both ways but you'll interview with both. Team Interview The team interview is a technical check. This might be a panel interview with two or more people and their purpose is to see how you interact under pressure and to see how well you know your tech chops. Up until this point you can make it through your degree, through your resume and a job applications, you can make it all way here and not know a thing about the computer. And that's what they're checking here. You might get asked scenario based questions and the purpose is to see how you think, not necessarily that you arrive at the correct answer. Though it's good if you can. While having technical discussions they won't expect you to know everything. They expect you to fail at some questions and you need always be honest. There is nothing more toxic to a SOC member than to be a know-it-all and be 100% confident in an answer that is completely wrong. You simply can't recover from that. So always leave a little room for error and uncertainty in your response even if you're pretty darn sure you're correct. SOC Manager Interview The SOC Manager interview is either the second or third interview typically and this interview is to see if you're a good culture fit and that you won't cause too many problems for him/her. They'll want to know your background and maybe ask you a few high level management and personality questions. You want to be likable and show respect. "Yes sir, no sir." Not "hey, man." This is the person that is ultimately responsible for hiring you, handling your compensation, bonuses, and promotions. It represents one of the hardest and most demanding jobs in cybersecurity. The most important thing to know about this interview is that you want to give the impression that you're going to stick around for awhile. It's not fun to hire people. It's not fun to go through all these interviews. And the last thing they want to do is go through it again in a year. You also want to leave the impression you can use the available resources that you have available to you and grow with them. Ask them about the training available but not put too much pressure on high-cost training. That ship has sailed a few years ago. We used to be able to ask for all sorts of high-priced crazy training and they'd pay for it, too! It was great. But you just be really excited about your subscription to LinkedIN learning and make him feel like you're going to watch every video. CISO/Director Interview This interview is optional but is more common the smaller the company is. This interview is typically the last interview and if you've made it here they've pretty much already made the decision to hire you and the CISO/Director just wants to meet with you so that you know who they are and that they're approachable and you can ask them questions if you need to after you get hired. Some CISO's and Directors just like to meet everyone that's on their team. In every single one of these interviews, you want to show PASSION. What are you doing extracurricular to be involved. Make them feel like this isn't just a 9-5, it's not just a paycheck but its your LIFE. You live and breath cybersecurity. For the first few years, that's exactly what it's going to be for you, too. Never miss an opportunity to talk about your home lab and go into LONG detail about. As much as you can. Preference if its in the cloud. Good luck and godspeed. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

Can You Get a SOC Job Without a Degree? The cybersecurity industry is ripe with candidates applying for jobs. In fact, its almost like the a scene in a movie where it’s havoc and every man is for himself clamoring over each job and every candidate like Gollum in Lord of the Rings. This is Can You Get a SOC Job Without a Degree? The origin of the term “each man for himself” is in The Knight’s Tale by Geoffrey Chaucer (1340–1400). He is known as the Father of English Literature, but his meaning of the phrase was more akin to “If you don’t look out for yourself, no one else will.” It was not meant to be a selfish act. Now days, it describes a situation or crisis in which people do not help each other, and just take care of themselves. That is very selfish. Not only can you not get a job without a degree, but you can’t get a job with a degree because everyone has this same attitude, throwing each other under the bus to be the very best. Let me put this into perspective, a SOC analyst job is an entry level job. No matter how good you are, you don’t know more than the SOC manager, and you don’t know more than your seniors that have been doing this for a decade. To us, you’re someone who needs to be plucked and cultivated and turned into something that is of maximum usefulness. It takes a lot of time to do this, and we have to spend a lot of time developing you. Let me tell you, we don’t want to do this for a d*ck. If you’re out there throwing your peers under the bus to get this job, you’ll throw us under the bus as soon as you think you can. What we want is the very best candidate that we can find that is also a servant leader. A servant leader is someone who prioritizes the needs and development of their team members over their own personal gains or authority. Servant leaders genuinely care about the well-being and personal growth of their team members. They actively listen to understand the needs, concerns, and ideas of others. They focus on helping others achieve their full potential, both personally and professionally and they foster a sense of community and collaboration within their team. When you’re looking to take someone fresh from the farm to prepare them for a career, you want the best person you can find. You wan’t to find someone you like and you can spend a lot of time with and it not be excruciating. Interpersonal skills go a long way but what goes even further in your career is just being a genially decent person to your peers. Now, there are companies that I have worked for where you are in competition with your peers. And if that is what you like, then good luck because these companies like the Big 4 consulting firms will dangle a carrot in front of a huge group of people and you’re right, someone will get that carrot. I hope you’re have an ungodly amount of time to devote to competing against one another, and still not win, but for the rest of us, we’ve found much better balance and success in life competing as a team. Cybersecurity is full. Packed. Crowded. Bursting. Crammed. Glutted. Jammed. Teeming. Saturated. Chock-full. Jam-packed. Brimming. Overflowing. So, you really can’t get a SOC job without a degree because you’re thinking you’re competing by who has the better credentials and you’re just not going to win that way. You’re going to win by being the best person for the job. There are minimum qualifications like a Network+ or Security+ and a baseline of technical skills, but beyond that what is going to make you stand out is your ability to be communal in your pursuits, sharing your success with others, helping to grow the community, sharing your advice, pointers, and projects with your peers. Volunteering where you can. Because these are the people you want to work with. You always want to make your SOC manager look good. They aren’t going to hire you if they think you will make them look bad. When you complete an assignment, your manager is going to take credit for it and he’s going to give it to the entire team. There is no John Smith, SOC analyst, instead there’s Steve Galley, SOC Manager’s, team, of which you’re a part of. Everything you do is for the team and that’s how you need to approach getting a job. Where your team is everyone else who is looking for a job. Its not good enough to be the smartest. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

Connecting the dots. How to learn cybersecurity at home Y ou may be looking for a new career and stumbled upon cybersecurity and are all excited about it now! That makes me happy to think about. Its my job now to explain to you how to start learning cybersecurity at home. There are a few things that make a well-rounded entry-level cybersecurity professional. But first, let me explain the Security Operations Center Analyst. The SOC Analyst is the gateway to cybersecurity because it is the most junior position often available in a company for cybersecurity, and the high turnover rate (usually because of promotions out of the SOC) means the position opens up frequently. SOC Analysts typically come from one of these four areas: The four backgrounds of SOC analysts When we say career changers, we typically mean people from other areas of IT. I am an expert in training for entry-level cybersecurity, and I promise you that 90% of the time, folks find it easiest to land an SOC analyst job and then pivot to the specialties they are most interested in. Now that you know you need to target an SOC analyst, let's discuss the four areas that make a well-rounded SOC analyst. High Level Concepts Hard Technical Skills Business Acumen Culture Fit Culture fit is essential, and that's also a specialty of mine . Not that I’m perfect for every company, because I’m most certainly not, but typically, since I have spent the last 10 years in an SOC, I can speak the language. While not 100% effective, there are ways to maximize your culture fit as an SOC Analyst, but if you want just to be you, there's the right place for you, too. J ust know who you are and what you stand for. High-Level Concepts The high-level concepts everyone should know, not just for cybersecurity experts, but anyone in a professional capacity. What is the separation of duties, least privilege, and the CIA triad? These are fundamentals in cybersecurity, and the best place to learn is CompTIA’s Security+ Certification. Long-standing and well-regarded as the minimum standard for entry-level cybersecurity. For high-level concepts, it should be very structured and maybe even boring, as it's the same information we all get and know (and repeat). Any one of Udemy’s courses for Security+ would be a good start. If you want to test the waters first, I wrote an introduction to SOC Analyst prerequisite skills that serve as fundamentals for what you need to know as a SOC Analyst, the gateway to cybersecurity. Hard Technical Skills Hard technical skills are harder to come by. It's all about projects, projects, projects . They don’t all have to be boring; in fact, I wrote an article about fun projects here . This article is extremely popular  in all circles , including LinkedIn. It has received more  recognition  than almost all of my other work. It consists of three projects that give you some exposure to cybersecurity projects that you can do at home on a weekend. Since everything is moving to the cloud and having cloud exposure is very advantageous, I created a fun project for you to do in the cloud in this article. Visit our Knowledge Base for a complete list of free projects and visit our courses for premium projects. Business Acumen Cybersecurity is a glorious customer service job. Customer service is a huge part of the job. Knowing how to say bad things in a good way will be an essential part of your job. Learning soft skills is a crucial part of business acumen, starting with a healthy dose of understanding. If you feel upset or frustrated with someone you're working with, consider asking them the central question, "How did you arrive at your conclusion?" - it's a fast way to understand each other better. There are a wide variety of cybersecurity tasks. Because all security-related tasks are important, they need to be prioritized appropriately on a case-by-case basis. Determining which elements are important now can be difficult without understanding the business as a whole. In an SOC queue, a big part of someone’s job is  prioritizing  the work for you, but as you become more senior, that will become more and more a part of your own job. I like the  Eisenhower matrix  for prioritizing tasks. It's simple, fast, and crazy effective. The Eisenhower matrix Most of us in cybersecurity work from home at some capacity, and it's an essential part of your career to learn how to communicate with people remotely. That is, knowing how not to  isolate yourself while you are at work when you are working from home. Give this video a watch . Culture Fit Here at Cyber NOW Education, we love the SOC. We love everything about it, including this unique but strangely not unique culture that comes along with it. After you spend some time in the SOC you will realize just how rewarding it is to be on front lines. There is so much action, and we want you to love it like we do. I don’t mean to self-promote, but our course,  SOC Analyst NOW! , is an excellent introduction to the culture of cybersecurity. This is the general SOC culture, but each company is different. I’ve worked at companies where I was not a good cultural fit, which was  miserable for  me. I just didn’t fit in, and it made me feel unwanted and alone. Whether you lean hard left, right, or right down the middle, there are companies for you. I’ve worked on both sides of the spectrum, and I’ve found hard left companies tend to rely on psychology a lot in management style, and hard right companies are more direct to your face, but make no mistake, they both are capitalistic at their very core. It's so important to find a boss you like, and it's often not until you’re there that you really find out if you’re a good culture fit. It takes practice to be a general culture fit but after awhile you’ll catch things like this: FedEx Truck You’ll also have a nice little chuckle when you see that FedEx's logo has an arrow for all the packages it delivers.