Search Results

This piece will cover the strategies on how to find a SOC analyst job including common job titles, what job boards to use, resume tips, networking with other professionals, and common interview questions. This is How to Get a SOC Analyst Job? If you find yourself at the crossroads of your old life and finding a new career in cybersecurity, then this article will give you tips and tools to find a job in the cybersecurity industry. This might mean that you are graduating from college and looking to start your career, or this might mean that you have been in IT for a while and you are looking to dive into cybersecurity, or maybe it means you are an honored vet looking to transition into civilian space. Whatever the case may be, there are a few things you should know. Networking Conferences & Meetups Word of mouth is your friend! It is important to grow your network. Having a broad network of people that you can talk to professionally not only opens you up to new opportunities but gives you people to discuss your new ideas with. Professional connections help you stay on top of the latest trends such as news or technical techniques that will benefit you greatly. There are many opportunities to get involved in projects or communities local to your area. Some of these include: 2600 : 2600 is an organization that has deep roots in hacker culture. Today, it exists as a website, meetup space, conference, and magazine to name a few. The history of hacking is fascinating, and their name comes from 2600hz, which is the frequency at which a plastic whistle found inside a Captain Crunch box sounded when you blew it. Blown into a payphone and it allowed the hacker to make free phone calls. DEF CON : The crown jewel of hacking conferences. The DEF CON conference is traditionally held annually in the summer in Las Vegas, NV. It is considered a pilgrimage for anyone in infosec! There is so much to do, so many knobs to twist, bells to ding, and big red buttons to push; you will never have time to do it all. What makes this conference great for your career is that recruiters love it! I have heard so many stories of people getting job offers on the spot at DEF CON. DEF CON is even better if you volunteer at the events. You will meet more people and at a deeper level. Additionally, DEF CON has “DEF CON groups,” which are smaller DEF CON meetings in your local areas, usually on a monthly basis. This is also a great way to network with your regional infosec peers to see what is happening in your local infosec industry and hopefully pick up a lead! BSides : BSides is a popular conference held locally in many cities and during the same time frame as Defcon in Las Vegas. It is relatively popular and offers a lot of value. Tickets are cheap (and free if you volunteer), giving you access to what is going on and the people in your area. OWASP : Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. Through community-led open source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the Web. Hackerspaces and Makerspaces: These meetups in your local areas are a great way to meet people, tinker, pull knobs, and push buttons. Sometimes these meetings will allow their members to give presentations in a show and tell format, and that is a great way to build your presentation skills. If you have been attending meetings in your surrounding areas, don’t forget to take a pencil and notepad with you to write down emails and contact info of the people you meet. It is not weird and doesn’t feel uncomfortable, everyone there is there for the same reason, and you’d be the lucky one with a notepad. Most people would feel flattered if you cared enough to write their information on the notepad. Tell your new friends you want to keep in contact and be on the lookout for them. Follow up with everyone the day after, and send them your resume to share with others. Competitions This article wouldn’t be complete if we didn’t take a minute to talk about capture-the-flag (CTF) competitions. Capture-the-flag has been around since the very beginning and how it started is with vulnerable applications and systems that have a text string hidden inside of them. The participant finds the text string and submits it to the judges and they get points for every proof that they’ve hacked it. It started in 1996 at DEF CON (mentioned above) and today, has evolved into all sorts of various capture-the-flag challenges inside and outside of conferences. In fact, Tyler’s favorite challenge is the DEF CON Blue Team Village capture-the-flag but has competed in Ghost in the Shellcode, SANS Netwars and Holiday Hack, CSAW and was a mentor for highschoolers for the CyberPatriot program. Tyler was never really fantastic at them but always competed on a team and that was the fun of it. Most bigger conferences other than DEF CON will have their own capture-the-flag competitions. For instance, the Splunk conference, Splunk.conf, hosts a popular capture-the-flag called BOTS, for Boss of the SOC, that is very challenging and popular (congrats VMware for taking 3rd in 2023!). If you are in college, there are many student oriented capture-the-flag competitions and perhaps the biggest one that should be on your radar is the Collegiate Cyber Defense Competition (CCDC). In addition to these, there are many online CTF competitions and challenges that not only have communities that you can join and participate in to enhance your networking by finding common ground with new people, but also provide awards, credentials, and overall bragging rights. Probably the most popular online CTF platform today that I would certainly recommend you taking a look at is TryHackMe. TryHackMe’s popularity has skyrocketed for being the premier hacking challenge and it’s common to look around on LinkedIn and see analysts advertising that they are “Top 2% in TryHackMe” or “Top 5% TryHackMe”. If you get serious about playing the game and showing off your skills, you can purchase the subscription to make your learning and earning points faster. On the other hand, for defense (blue team) challenges, LetsDefend is rising in popularity. They have a free option but for the SOC Analyst track it’s a subscription. They have some neat challenges that would give you some hands-on exposure to some of the things we do on a daily basis and even give you a certificate to share on LinkedIn. Medium If you want to start building a brand as a cybersecurity expert, then Medium is where you need to go to start doing it. Creating a blog can be one of the most rewarding things any professional can do, not only does Medium have a huge built-in audience of technology professionals, teaching and writing about a topic improves retention of the information. You’re going to find out sooner or later that if you don’t use the information you lose it. Teaching something to someone else helps you retain that knowledge for longer. Choose a few topics on the SOC and cybersecurity, maybe about your latest project or something you’ve studied that you’ve found interesting and teach it. One of your audience members might be your new manager! Write at least two articles every week and share them on all of your social media outlets, including LinkedIn. And always remember to learn, do, teach to retain. And it helps others. We will talk more about that later. A blog will establish you as someone who knows something about cybersecurity. Make sure you leave a banner at the end of every Medium article connecting to your LinkedIn profile. This way any person interested in you can reach out and connect ! Creating a Course Online courses are all the rage nowadays and websites like Udemy make it very easy to create and sell online courses. Creating an online course is one of the best ways to establish your credentials in the field. Set up an instructor account on Udemy for free and create a simple course on cybersecurity concepts and add it to your resume. Reach out to Tyler Wall on LinkedIn for opportunities to collaborate. It takes a village to create a good Udemy course and Tyler knows some people and has a few resources to build your reputation and even make a couple bucks in the process. Whether you’re a writer, technical demonstrator, or just have a cool idea for a cloud or security course he’s all ears to hear it. Come join the team and get your name out there. Once you have attended a few meetings, optionally built a course, and are blogging, you can start to build a network of like-minded community members to associate with. Once you have started to build your network, you might have a few leads, but you also want to not have all your eggs in one basket. You will want to apply for jobs on traditional job posting boards. Where to Search for Jobs The Information Security world has embraced social media to locate and recruit top talent. With LinkedIn standing out as a clear place to start. Not only can you find job postings, you can get connected with headhunters and recruiters looking to find top talent. LinkedIn offers a premium subscription that can be used to find and connect with recruiters. They offer free trials of LinkedIn Premium and I highly recommend using it when job searching. If your LinkedIN is uninteresting, then you aren’t attracting the attention you need no matter how good your cybersecurity knowledge is. Other than putting in your certifications and credentials in the headline, there are a few tips to keep in mind. LinkedIN Profile Tips LinkedIn is not the only website to consolidate job postings, Indeed and Monster are worth investigating too. Once you’ve accumulated a few technical certifications, sites like Credly.com have job boards that are looking for talented people with the certifications you’ve attained. Finally, you can’t go wrong by looking at the careers section of a company’s website. This will show you what open positions are available and provide you insight into what they are looking for in an applicant. Note: Don’t be afraid to apply even if you don’t meet all of the requirements in the job posting. To quote the great Wayne Gretzky, “You miss 100% of the shots you don’t take.” Applying for Jobs We would like to explain to you how to perform a job hunt. First off, you need to get your resume together. It takes a lot of trial and error to perfect a resume, but you can also have a professional help you build a good one. A resume can take form in many styles, but it will have the same basic information: Resume Components Keep your resume to under three pages to prevent over skimming by the readers. We offer a resume workshop service where we will share a document with you and probe you with questions until we get all of the information out of you about your previous experience and then write it in a way that is quickly and easily consumed.. Once your resume is together, you can move forward to a job search. There are several job posting websites that have proven successful for us; however, I have had the most success with LinkedIn. When I am searching for a job, I usually purchase their premium membership so that I am able to see the statistics for each job I am applying for, send InMail messages to hiring managers or recruiters for a company I am interested in, and see who is looking at my profile. Also, Google has a good aggregation of jobs to search through. Using Google, you are able to set up and configure job alerts specifically for cybersecurity jobs. The security analyst position is the job that you will be able to land the easiest as a first step into information security. There is a revolving door in most SOCs, and the position for security analyst opens frequently. The titles that you want to look for first are: SOC Analyst Job Titles If you are mobile and can move anywhere, your odds for finding a good fit quickly are pretty good. If you live far outside of a big city, then your options may be more limited. Most SOCs require you to be on-site for security purposes, during COVID everyone moved remote, and now more companies are returning to a hybrid work model. Common Interview Questions The following is a list of common interview questions that might be asked during an interview for a junior SOC analyst. Some are very basic and some are harder, but we feel if you can answer these questions you have the required knowledge to become a SOC analyst: What is an RFC 1918 address? Do you know them? Define a Class A, B, or C network. What are the seven phases of the cyber kill chain? What is the purpose of the Mitre ATT&CK Framework? What is the difference between TCP and UDP? What are ports 80, 443, 22, 23, 25, and 53? What is data exfiltration? What Windows protocol is commonly used for data exfiltration? Do you have a home lab? Explain it. What is AWS? Azure? Explain how you’ve used it. What is a DMZ, and why is it a common target for cyberattacks? The importance of having technical knowledge cannot be overstated. The above questions are pretty simple, but you might be surprised to learn that seven out of ten candidates don’t know the common TCP/UDP ports used by modern services. I highly suggest using a common study guide to prepare for your interview. An example of this is the website Quizlet.com . They provide a flashcard style learning platform for information technology certifications like Network+ or Security+. Also, Udemy has a few SOC Analyst interview question courses that you can take. Despite the need for a basic understanding of information technology, that only covers half of the requirement to be a SOC analyst. An analyst should be a critical thinker and possess an acumen for problem solving. Interviewers will usually test a candidate’s ability for problem solving with scenario-based questions. Let’s cover some scenarios I’ve seen and used to conduct interviews: “You are a tier 1 SOC analyst, responsible for monitoring the SOC inbox for user-reported incidents. The SOC receives an email from the VP of Human Resources stating that they can’t access their personal cloud drive. The VP knows this is against company policy, but the VP is adamant that this is required for legitimate business requirements.” Do you process the access request for the VP? What is your response to the VP? Who else should you include in the reply email? “You are monitoring the SIEM dashboard for new security events. A network IDS alert is triggered, and you begin investigating. You see a large amount of network traffic over UDP port 161 originating from dozens of internal IP addresses, all with the same, internal destination IP address. Some quick Googling shows that UDP port 161 is used for by the Simple Network Management Protocol and the byte count of the traffic is miniscule.” Do you think this is data exfiltration? If this is not data exfiltration, what legitimate services could cause this alert? What team could provide an explanation for the traffic? The first scenario is an example of what you might be asked when applying for an entry level analyst role, while the second is a little more advanced. Let’s go over what the interviewer is looking for. Scenario 1 is designed to identify if the applicant can be easily intimidated by senior leadership in your organization. Information security is the responsibility of all members of the organization; it should not be waived for the convenience of one senior leader. The larger lesson here is about making risk-based decisions. A junior analyst should never assume the risk of policy exceptions. The interviewer will ask how the applicant will respond to the VP as it will showcase their experience with customer service. Customer service is another very important task of a SOC analyst. Whether working for an MSSP or for a company internal SOC, there will be times when interfacing with other teams will require the analyst to show a certain level of tact and professionalism. The third question helps the interviewer to understand the prioritization skills of the analyst. If an analyst is working with a VP, there is a high probability there is a procedure around communicating with senior leadership within the org. Scenario 2 is designed to test the applicant’s critical thinking and technical knowledge while also providing the interviewer with insight to the applicant’s investigative reasoning. This scenario also gives insight to the most important quality of a SOC analyst; if you don’t know the answer, admit it. The last thing the SOC team needs is a “know-it-all”; they are dangerous and toxic to the workplace. If this article teaches you one thing, let it be this lesson. There will be questions you can’t answer, and that’s fine. The worst thing you can do is give a wrong answer with the confidence that you are 100% correct. Remember that the above scenarios are examples only; each interviewer will use their own set of questions. The goal remains the same, to locate and select the best applicant for the position. Our goal is to assist you in becoming that applicant. The following are a few tricks and tips to help you become that “best applicant” for the position: Interview Tips Summary The most important thing we want you to take out of this article is that you have tools to help you find a job. Use job boards, network with others in your area and online, and study to understand the answers to the common interview questions. The job market is growing fast, but in the future, the skills for analysts will change as SOC automation and the cloud begin to mature. The resources that I’ve explained will be even more valuable to you as you move forward in time. One last thing to end this article. You are entering the world of “cybersecurity”. Cybersecurity is defined as , “measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack” This is always correctly spelled as one word to denote a profession, a practice, even an industry. ARTICLE QUIZ (ANSWERS FOLLOW) For an online community of support in the hacker culture that includes meetup spaces, a conference, and a magazine whose namesake is from a Captain Crunch toy check out _______. Ⓐ 2600.org Ⓑ DEF CON Ⓒ Bsides Ⓓ OWASP This relatively affordable conference meets in Las Vegas each year and draws recruiters looking for qualified IT professionals and is the pilgrimage for anyone in cybersecurity. Ⓐ Bsides Ⓑ OWASP Ⓒ DEF CON Ⓓ Hackerspaces _______ is a nonprofit foundation that strives to improve the security of software. Ⓐ DEF CON Ⓑ OWASP Ⓒ BSides Ⓓ 2600 All the following items should be included on your resume for a SOC analyst position except: Ⓐ Unrelated certifications Ⓑ Experience related to IT Ⓒ Skills that line up to the job listing Ⓓ Phone and email address When searching for open analyst positions, use all the following titles except: Ⓐ Information Security Analyst Ⓑ Security Operations Center Analyst Ⓒ Security Analyst Ⓓ Software Analyst Which of the following is not a reason to include your LinkedIn profile on your resume? Ⓐ LinkedIn provides an overview of you as a professional Ⓑ LinkedIn enables you to upload multiple pictures of yourself Ⓒ LinkedIn gives personalized information about yourself Ⓓ LinkedIn allows you to provide more information about yourself All the following are questions you might be asked in an interview except: Ⓐ What’s the difference between TCPand UDP? Ⓑ What are the ports 80,443,22,23,25, and 53? Ⓒ What’s an RFC1928 address? Ⓓ What is a DMZ, and why is it a common target for cyberattacks? Which of the following was not on the list of questions you might be asked in a SOC Analyst interview? Ⓐ What is ASW? Ⓑ Define a Class A, B, or C network? Ⓒ What are the seven phases of the cyber kill chain? Ⓓ What’s the purpose of the MITREATT&CK Framework? In an interview, you should do all the following when it comes to body language except: Ⓐ Use brief affirmations like “Isee.” Ⓑ Make eye contact. Ⓒ Maintain good posture. Ⓓ Show signs of restlessness or boredom. The authors of this course recommend a premium membership on _______ to view statistics for jobs you apply to. Ⓐ Indeed Ⓑ Monster Ⓒ LinkedIn Ⓓ Glassdoor ARTICLE QUIZ SOLUTIONS For an online community of support in the hacker culture that includes meetup spaces, a conference, and a magazine whose namesake is from a Captain Crunch toy check out _______. Ⓐ 32% Abit of “hacker history” but in some cities 2600 meetings are very much alive and well. This relatively affordable conference meets in Las Vegas each year and draws recruiters looking for qualified IT professionals and is the pilgrimage for anyone in cybersecurity. Ⓒ DEF CON DEF CONis held in the summer in Las Vegas every year. Agreat place to get involved! _______ is a nonprofit foundation that strives to improve the security of software. Ⓑ OWASP The Open Web Application Security Project is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the field of web application security. All the following items should be included on your resume for a SOC analyst position except: Ⓐ Unrelated certifications Do not include unrelated certifications on your resume. When searching for open analyst positions, use all the following titles except: Ⓐ Software Analyst Software Analyst isn’t a typical cybersecurity job title. Which of the following is not a reason to include your LinkedIn profile on your resume? Ⓑ LinkedIn enables you to upload multiple pictures of yourself Uploading multiple pictures of yourself shouldn’t be a reason to use LinkedIn in cybersecurity. All the following are questions you might be asked in an interview except: Ⓒ What’s an RFC1928 address? RFC1918 is the standard, not RFC1928. Which of the following was not on the list of questions you might be asked in a SOC Analyst interview? Ⓐ What is ASW? ASW isn’t a common acronym in cybersecurity. In an interview, you should do all the following when it comes to body language except: Ⓓ Show signs of restlessness or boredom. The answer to this question should be very obvious but should spark your research, “What are signs of restlessness or boredom?” The authors of this course recommend a premium membership on _______ to view statistics for jobs you apply to. Ⓒ LinkedIn The Authors of this course have found value with premium LinkedIn memberships while they were applying for jobs Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

Working from home is new to the SOC. Prior to COVID, almost all employers required you to work from a dedicated room for the SOC. This was in a highly secure area, often times with no windows. I quit a six figure SOC job just because they had us crammed in a room like sardines. It was so hot and there was so much drama about the thermostat it was unbelievable. It was just a tiny narrow windowless room at the center of the building that was designed in a working concept known as a bullpen. A bullpen is where there are just rows of monitors and chairs at a long desk with no dividers or personal space. I left that job and got my own happy little cubical where I spent the next few years. Then I landed my first remote work role. This is How to Work from Home in the SOC? The first thing that I had to learn is about routines. The SOC is mainly shift work so you’ll have set hours that you need to work. This is either morning, day, or night shift. So I am going to stray from calling it a ‘morning routine’. In my most recent roles I have been working with the SOC as an Advisor but I set my own hours and it only becomes increasingly difficult to maintain the boundary of work and personal. Before you work there needs to be a ‘getting started routine’. This could be anything from listening to a podcast for an hour while you eat, putting your favorite pug slippers on, and then logging into work. Or even watching an episode of the Simpsons, filling your water bottle up, and grabbing a snack before sitting down at your desk. It doesn’t really matter what the routine is, but you need to do it every single day to train your brain that this is me going to work. I am commuting now. And the same thing for when you end work. When you end work you might go check your snail mail, take a walk, or cook dinner. Do it everyday. This is you commuting home. What you are practicing is setting boundaries. In Microsoft Teams, or Slack, or other instant messaging clients used for work they have settings for when you’re off work. Use them. When you are not at work, there is no longer an expectation that you can be contacted immediately. If the building burnt down for whatever reason and they needed you, HR and your manager has your phone number. Do this even when you want to work all the time. These are your boundaries and you need to stick to them. I mention this because I have been contacted by colleagues from other countries who for them it is normal business hours, and I have been tired and in bed, and against my best judgement have answered these messages and aside from not answering them correctly, I wasn’t in good spirits. I began to develop a resentment that I was having to ‘work all the time’ but it was my own fault . My manager never had the expectation that I needed to be working then. You must create boundaries. For the first couple of years of remote working, I siloed myself, lived in a desert alone, and as a result I just wasn’t able to get as much done. I had to learn things like how to build rapport with my teammates and that it needs to be intentional. With remote working you don’t get that ‘water cooler’ talking and accidentally bumping into each other in the halls anymore. Its easy not to place an importance on just taking a little time to chat with your coworkers from time to time. It’s easy to get isolated and not feel a part of the team. When you need help with something it’s awkward to ask strangers so you waste more of your time and the companies time trying to figure it out yourself, and strangers don’t know you well enough to know your strengths to ask you for help so you’re not building any leadership or mentoring skills that will help your career in the long run. The biggest thing that I have learned to avoid in remote working is isolation. Appearance does matter and I’ll be the unpopular one to tell you that. And it has a lot to do with lighting which is an easy fix. In my honest experience, and there are a rare few exceptions, nobody cares if you are fat, or skinny, where you come from, or what color you are, and they don’t care how you define yourself. I wouldn’t recommend making it your headliner either or put it on your resume. What they care about is that you look like you take care of yourself. If you don’t take care of yourself the first impression is that they won’t trust you to take care of your work. Bad lighting can make a model look homeless. That is my big tip for improving appearances, other than keeping your hair cut. So you’re welcome. Most people come on camera in T-shirts and most women on your team will only wear makeup the first few meetings then it’s like having a sister. I don’t know if you’ve ever had a sister, but they don’t wear makeup when they’re hanging around the house. I use a small device called a Lume Cube that I just recently found out about. I am mentioning this because I have terrible lighting in my office and I’ve learned the hard way that it plays a role in your work life. Also, on video it looks better to not have to use the automatic background remover with Zoom or Teams, so try facing your desk against a wall if you can but it’s not nearly as big of a deal as lighting. The Lume Cube can suction onto your laptop and you can use it everywhere you go. But note, I haven’t found the suction cup to be all that great so it might be worth getting the stand for it , too. Since I only use it at home I rubbed purple glue stick over the suction cup and put it on the back of my monitor and it hasn’t moved since. Its a simple solution and I’m happy with it. Lighting can get complicated and I just needed something that didn’t make me look like a troll. Other than for work, I use it to record my trainings for my Udemy classes. Note: In your interview wear a button-down t-shirt and wear nice pants, belt, and shoes if youre a guy. You want to feel as confident as you can for interviews. Looking your best even though they don’t know makes you feel good and it shows. I’m not qualified to give advice for ladies, sorry. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

We’ve been hearing for years and I’ve said it, too.“There will always be a need for SOC analysts because there’s somethings that machines cannot do.” This is Am I going to be automated out of a SOC analyst job? But that’s not the hard truth. The hard truth is there’s a dashboard that lists in dollars the amount of how much SOAR tools have saved in labor hours. Some of them even count it in headcount. So this whole debauchery about you shouldn’t be worried about your job is straight garbage. The truth is if you’re just now starting, automation has already automated analysts work just like yours. Instead of leaving the more complex work that machines cannot do to human analysts, they’re accepting the risk and just moving on. Automation has gotten better over the years and what used to take a team of seasoned developers to code now can be configured with just pointing and clicking and dragging and dropping. There used to be a knowledge gap between the developers and the SOC skills they were automating so progress wasn’t quick. The best solution they came up with was to put Senior SOC Analysts in the same room as the coders who are automating. And it worked OK, except that Senior SOC Analyst was in a predicament. They were helping automate their own job. Years ago the car factories went through a similar process where the assembly lines were robotized. They had this figured out. They hired outside consultants to come in and build the automation to avoid the issues of workers having to automate their own jobs. And they successfully automated assembly lines. Did it displace workers? You bet it did. 1.7 million jobs in manufacturing have been lost since just year 2000. It is expected in just the next six years 14% of all jobs in the US will be impacted by AI and Automation. It’s automation as a SOC Analyst that you need to be concerned about. Most of our tasks are repeatable and I hate to say this, but they are brainless to do once you learn how. You can teach a robot to do most of the work and never have to think of it again. The SOC is going to be drastically displaced by machines and it’s already began. Is cybersecurity the right career for someone just starting out and looking for a growing in-demand field? Probably not. That ship has sailed. We’re shrinking now. Does this mean you shouldn’t follow you’re dreams? NOT AT ALL. I’ve said this time and time again since the golden age of cybersecurity when there wasn’t an unemployed soul on earth and it hasn’t changed today. DO NOT PURSUE this career if you don’t like it. It’s an extraordinary commitment that you can only do if you have an interest. This isn’t like taking a job at say a paper mill where it’s just a paycheck. You have to like it so much you are proactive in learning or you’ll be out of a job anyway. So where does this leave you if you like cybersecurity and it’s shrinking? Stick to the cloud. The clouds are the most in-demand area in cybersecurity and in IT in general and it’s less impacted by automation because its so new. Cloud engineering is extremely complex and it’s going to take some time to automate those workflow and you’ll have enough time to work your way out of the SOC. Start now. Start with the cloud NOW! But only if you like it. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

How to Setup a Honeypot in 30 minutes This 30-minute Azure honeypot project is a fake computer system or network that looks real but isn’t actually used for any important work. It’s designed to attract hackers who are up to no good. This is How to Setup a Honeypot in 30-minutes? Just like a bee is drawn to honey, hackers are drawn to these honeypots because they seem like easy targets. Once they try to break in, cybersecurity experts can watch what the hackers are doing. Think of it as a decoy house in a neighborhood. Burglars might try to break in, thinking it’s an easy target, but instead, they get caught in the act! Most all of the activity you’ll see in the honeypot is automated bots, billions of them, scanning the internet nonstop looking for vulnerable hosts. It doesn’t take 5 seconds after your host is deployed on the internet to start seeing voracious attacks in every direction. That is what we’re doing here, we’re going to create a Debian VM on Azure, install T-pot , and open up the gates to let anyone and anything in to contact it. Then I’m going to let you poke around and toy with all the features of T-pot. Creating a Virtual Machine The first thing you’re going to do is go to the Azure Portal and sign up for an account if you already don’t have one. Once you do, you will get $200 free credits added to your account. That will more than cover the charges of this lab. Once you have created an account, at the top search bar type in “Virtual Machine” and you will be brought to the screen in Figure 1–1. Click the button to create a new virtual machine. Figure 1–1 Create a New VM Then create a new resource group and name it “tpot-rg” as shown in Figure 1–2. A resource is the individual service that you will be consuming, and a resource group is a group of these resources together. This project will have a few resources like the Virtual Machine, Public IP address, Network Security Group,… etc that will be inside of this resource group. When you are finish with the lab all that you need to do is delete the resource group to delete this entire project. Figure 1–2 Create New Resource Group Name the virtual machine, “tpot-vm” Set the region to "East US" Set the security type to “standard” Click see all images and select “Ubuntu Minimal 24.04 LTS -x64 Gen1” Choose size “Standard_A2m_v2 — 2 vcpus, 16 GiB memory” Figure 1–4 Select Region, VM name, Security Type, Image and Size Select password authentication type Choose username ‘azureuser’ and type a password Click “Next: Disks” Figure 1–5 Choose Password, Enter Username and Password, Click Next Change the disk size to 128GiB Click Next Figure 1–6 Change Disk Size to 128GiB, Click Next Check the box to delete public IP and NIC when VM is deleted Click “Next: Management” Figure 1–7 Check Box, Click Next Click “Review + create” at the top Click “Create” to create your new VM Figure 1–8 Click Review and Create and then Create Wait for your VM deployment to finish Figure 1–9 Deployment Finished Open Traffic Flow Now we need to open up the gates and create a rule to allow all communication in to the honeypot. This will allow the adversaries to be able to attack the honeypot so you can collect the data. At the top search bar, type in “tpot-vm-nsg” and select the network security group resource Figure 2–1 Select the Network Security Group We Created Select “Inbound security rules” on the left Figure 2–2 Select Inbound Security Rules Click “Add” Figure 2–3 Click Add Change Destination port ranges to start “*” Change Priority to “100” Change Name to “DANGER_ALLOW_ALL” Click “Add” This rule on the Network Security Group applies to all resources in the network security group and allows ALL traffic on ALL ports inside. This is not recommended anywhere at anytime except right now. Figure 2–4 Change Destination Port Range, Priority, and Name then Click Add Configuring the honeypot Now we need to go grab the public IP address for the VM, as its time to log into the VM. Type in “tpot-vm” in the search bar at the top and select the resource Figure 3–1 Go to the tpot-vm resource Copy the Public IP address to the clipboard Figure 3–2 copy the Public IP address Windows now has the ability to SSH from the command prompt in Win 10 and Win 11, Mac and Linux also allows SSH from the terminal. Go ahead and SSH into the host: ssh azureuser@ Figure 3–3 SSH into honeypot Execute these commands env bash -c "$(curl -sL https://github.com/telekom-security/tpotce/raw/master/install.sh)" Select "Hive" install sudo reboot (when finished) Note: The installation script changes the port to SSH on, so if you want to ssh to it you have to use this syntax "ssh azureuser@ -p 64295" You can now login to the honeypot web interface via https://:64297 Be sure to delete the resource group to delete all resources when you're finished! Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

Looking for the Ideal SOC Analyst I need success stories. But who can I find to help get a job? It'd need to be someone with the right education that doesn't have the zing that I can give it. Someone with a bachelor's degree and a sec+ would do. If they have help desk experience that's a bonus. Any experience in IT certainly makes finding a job as an Ideal SOC Analyst easier. They'd need to live near a large city but not one with a high cost of living. Salaries are too high there and employers are moving away from them because of the cost of living. They say it's the taxes and that's partially true but really it's because they can't pay triple their labor costs and they can't come out and say "we want to pay people less". Dallas, Texas is good. Atlanta, Georgia. There's a large list of places companies are migrating to or growing where they already have a location. Somewhere where there's opportunity but not too expensive. Is that where you live? A masters degree is too much. It's counterintuitive but employers might think you'll find something better too quickly when you get experience. If you have one, that's fine, but a Bachelor's degree is better for the short term. Ideally it'd be a computer science degree. Cybersecurity degrees teach high level policy that not applicable for years and years and you have to be really technical for entry level roles. Gender, race, sexual identity doesn't matter. There's an equal amount of employers looking for a balance to their teams than there is to fit their culture I would think. Must be US citizen. That's important. Must have blog and show that the community means something to you. The hiring manager will look at your blog if you link it on your resume. Blog your journey to becoming a SOC analyst. Any how-tos and walk throughs of things you've learned. Write reviews of resources you've consumed (books, courses, etc..) giving honest feedback for your peers. Must attend local cybersecurity groups. 2600, Def Con groups, OWASP, maker spaces, and hacker spaces. Must be building your network, making the coffee, and building your contacts. Sharing your resume and taking other people's resume to share with others. If you've presented something, put it on your resume. Great places to pick a topic you know something about and present about it for a resume addition. Must be in online discords. Show personality and uniqueness. Be supportive of your peers and help contribute to those that need help. Don't be a d*ck. Must be modest about LinkedIN. You should have one, but you shouldn't be too personal, kept professional. Shouldn't be an embarrassment but should contribute occasionally and show support to your colleagues. You want to show teamwork and that you can get along with your peers. Don't want to show "Look at me" unless you've really just accomplished something sparingly like a degree or certification. Must have a home lab, preference if its in the cloud and they can read about your projects on your blog. Chances are this doesn't sound like you And this person is super difficult to find. While you can't change things like where you live so easily, you can improve your odds to becoming the passionate security nerd they're looking for. The hiring process is always going to require a fair amount of sheer luck. Suppose you just wake up feeling a million bucks that day and ace the interviews. You'd have a better chance. Not every day is a perfect day and bad interviews happen. But on paper, before the interviews, these are some of the things that you can think about doing that will increase your odds of becoming the ideal SOC analyst candidate. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

Getting your foot in the door with cybersecurity is extremely challenging, especially right now. You may be just graduating college, or a veteran transitioning to the private sector, or you’ve worked in other areas of IT or maybe you’re just self taught. Theres a lot to be learned about the ins and outs of cybersecurity hiring. I’ve written and published entire books on this topic, and here, here I will try to be brief. The first thing to know is what jobs in cybersecurity are considered ‘entry-level’. And the answer is complicated. If you’re coming from other areas of IT, then you may already have overlapping experience in one of the domains in cybersecurity that you could pivot into. Or if you worked intelligence or cyber ops in the Military then you will have some more options available to you. But if you’re self taught, or you are fresh out of college and looking for your first professional job, then there is only one clear winner and that is the Security Operations Center Analyst (SOC analyst). So lets break down the SOC analyst role and why it is a good starting point. When companies embrace the need for cybersecurity, it usually begins with the Security Operations Center or SOC for short. The SOC is responsible for triage, investigation, and response to cybersecurity incidents. This concept is not new. Military and law enforcement agencies have been using Tactical Operations Centers to coordinate operations during conflicts for decades. And like the TOC, the SOC serves as the Command and Control hub for first responders to cybersecurity incidents. Definition: A cybersecurity incident is an adverse network event in an information system or network or the threat of the occurrence of such an event according to the SANS institute. The purpose of this article is to prepare you to become a SOC analyst. Whether you wish to join one of the many specialties of cybersecurity, or work your way up to management, the SOC analyst profession has the lowest barrier of entry for cybersecurity. Becoming a SOC analyst is an excellent strategic position to get your start in the industry. When staffing a SOC, hiring managers have a few challenges that they continuously face. The most prevalent of those challenges is the revolving door of the SOC. After a SOC manager is hired for an open position, it takes them several months to train the new analyst. Once training is complete, retention becomes a problem as the new analysts are “head-hunted” repeatedly by recruiters enticing them with more money. The average tenure of a security analyst is only 1–3 years with a single company. Once a SOC analyst is proficient at their job and feels they are no longer challenged, it might be time for them to seek a higher position. One of the most common paths upward is to become a senior SOC analyst. The “senior” title comes with better pay and additional responsibilities such as mentoring the junior analysts that join the SOC. Senior SOC analysts also handle more complicated work as junior analysts will escalate challenging items to their seniors to resolve. Being in this position allows an analyst to become more technical and gives them the opportunity to learn how to train and mentor others. This role is an excellent way to become a SOC manager, grooming them for their next leadership role in the SOC. Almost everywhere in the United States, the senior SOC analyst pays over six figures. As a new SOC analyst, set stretch goals for yourself to reach this milestone. However, that leaves the hiring manager with your spot open again! Another problem that SOC managers struggle with is burnout or alert fatigue. An example of this could be when analysts are investigating so many alerts that something important is overlooked or “lost in the noise.” SOC analysts usually work in shifts with 8-, 10-, or 12-hour days, sometimes evening and overnight shifts, and at some point, the task might seem brainless. It’s easy to get complacent when the work becomes second nature and can get monotonous. Most everyone in a SOC is brilliant and constantly needs to be challenged. The third challenge that SOC managers face is that the SOC is a 24/7/365 operation, which means they need coverage outside of regular business hours and on holidays. Many international companies utilize the “follow the sun” SOC model. That is when companies build three SOCs in different geographical locations for 24-hour coverage. Typically, companies will have a SOC in the United States, a second in Singapore or Australia, and the third in India or Europe. However, there are use cases where companies require analysts from a specific nationality to work with their data. It’s especially true in staffing a Managed Security Services Provider (MSSP). Figure 1–2: Follow the Sun Model: US/India/Singapore Hiring for early morning and overnight shifts is not an easy task, and the people that fill them don’t stay for long before wanting to move to regular business hours. Tyler’s first security job was working as a second-shift analyst in a SOC at an MSSP. He was in a position in life where it worked out well for him. He had a base salary and was offered a small shift differential on top of it for working the second shift. He was freshly out of college, and who needed to wake up before noon anyway? He credits his career to making that sacrifice because it gave him invaluable experience that still serves him today. He decided he had to take his experience and run after only a year. It was a hard decision because it was a great company, but he couldn’t wait for a day shift to open up. The night hours started to take a toll. It is nobody’s fault, but it is another challenge of the SOC revolving door. So now you know the challenges for hiring and retaining SOC analysts and why the position opens up frequently, let’s talk a little bit about what hiring managers are looking for in a SOC analyst. There are four areas that make a well rounded SOC analyst. High Level Concepts Hard Technical Skills Business Acumen Culture Fit High Level Concepts The high level concepts everyone should know, not just for cybersecurity experts, but anyone in a professional capacity. Things like what is separation of duties, what is least privilege, and what is the CIA triad? These are fundamentals in cybersecurity and the best place to learn is CompTia’s Security+ Certification. Long standing and well regarded as the minimum standard for entry level cybersecurity. For high level concepts it should be very structured, and maybe even boring, as its the same information we all get and know (and repeat). Any one of Udemy’s courses for Security+ would be a good start. I wrote an introductory to SOC Analyst Prerequisite Skills that serve as fundamentals for what you need to know as a SOC Analyst, the gateway to cybersecurity. Hard Technical Skills Hard technical skills are harder to come by. Its all about projects, projects, projects. They don’t all have to be boring, in fact I have three SOC Analyst Projects inside the course SOC Analyst NOW! that are fun and practical. They are extremely popular in all circles, including LinkedIn. Since everything is moving to the cloud and having cloud exposure is very advantageous, I came up with a fun project for you to do in the cloud in this free article. Another project that I have deployed several times to AWS is the Modern Honey Network . Its much more challenging, but if you can complete it, then you absolutely have the technical skills to be a SOC analyst (and more). Pair this with the SOC Analyst Method found in JYSAC and practice security analysis. Business Acumen Cybersecurity is a glorious customer service job. Customer service is a very big part of the job. Knowing how to say bad things in a good way is going to be an important part of your job. Thats where framing comes in. There are a wide variety of tasks related to cybersecurity. And because all security-related tasks are important, they need to be prioritized appropriately on a case-by-case basis. Determining which elements are important now can be difficult without an understanding of the business as a whole. In a SOC queue, a big part of someone’s job is prioritizing the work for you but as you become more senior that will become more and more a part of your own job. I like the Eisenhower matrix for prioritizing tasks. Its simple and fast and crazy effective. Check out this video we made. The Eisenhower Decision Matrix Most of us in cybersecurity work from home at some capacity and its a very important part in your career to learn how to communicate with people remotely. That is, learning how to not isolate yourself while you are at work when you are working from home. Watch this video of ours for tips. Culture Fit Here at Cyber NOW Education we love the SOC. We love everything about it, including this unique but strangely not unique, culture that comes along with it. After you spend some time in the SOC you will realize just how rewarding it is to be on front lines. So much action, and we want you to love it like we do. Whether you lean hard left or right, or right down the middle, there are companies for you. I’ve worked on both sides of the spectrum and I’ve found hard left companies tend to rely on psychology a lot in management style and and hard right companies are more direct to your face, but make no mistake, they both are capitalistic at their very core. Its so important to find a boss that you like and its often not until you’re there do you really find out if you’re a good culture fit or not. It takes practice to be a general culture fit but after awhile you’ll catch things like this: And you’ll have a nice little chuckle that FedEX has an arrow in their logo for all the packages they deliver. Now you understand what makes a qualified SOC analyst. You need a mix of hard technical skills, a company with the right culture, some business acumen, and you need to be able to recite all of the fundamental cybersecurity concepts. Traditionally, a candidate would have a bachelor’s degree, and have a network+ and security+ certification. At least a degree and a security+ before they find themselves gainfully employed. Recently, the competition has gotten more fierce. There seems to be a bunch of folks wanting to make their way into cybersecurity right now and these people are doing ALOT. Its important to note that less companies are requiring degree’s as time goes on because few people who graduate college actually have the skills needed to do the technical entry level work of a SOC analyst. It takes awhile to develop the skills you need to have, and you really have to practice on your own. Just you, the computer, Google, a few projects, online courses and long romantic nights alone. I am going to tell you how to do this the easy way, but it does take time. Online Courses You don’t need to spend a ton of money on online training if you can have a little patience and keep an open mind. Things might be less spoon fed to you and there might be some mistakes in the curriculum, but it requires you to think. Hop on over to Udemy and pick out a nice Security+ course. The fundamentals of cybersecurity don’t require you to be hands on keyboard so you can watch these modules on your own. Before you go to bed every night, lay in bed and watch a couple modules. What I used to do was cast it to my TV and I’d watch it while I’m eating dinner on a TV tray. A month goes by and batta bing batta boom you have a new certification and it wasn’t even hard at all. Didn’t cost much either. Just takes a little persistence. Projects You do need to have significant hands on keyboard muscle memory with a few things. Systems fundamentals is one, and networking is another. Its best if you focus these efforts in the cloud. By the time you’re getting a job in cybersecurity, infrastructure will mostly be in Amazon, Azure, or GCP. Mostly Amazon and Azure. Mostly Azure for large organizations. You need to spin up a few honeypots, create VMs, configure access groups and play around with things. In the articles linked above there are two projects that you can spin up in the cloud, one is the 30m Azure Honeypot project that is super fun and relatively easy to do as an introduction. Play with it some, explore the attacks, Google around and ask yourself questions and answer them. Then move onto the harder project which is the Modern Honey Network. If you can successfully stand up an Modern Honey Network, you’ll have all the prerequisite technical knowledge you need to be a SOC analyst, and more. It can be frustrating and challenging but that’s growth. Once you have the Modern Honey Network stood up, I want you to study the data. Use the 5-step SOC Analyst Methodology found in JYSAC and write sample tickets. If you don’t like doing this, you’re not going to like being a SOC analyst much. Being a SOC analyst is about having sense of curiosity of how things work and why they happen. Not everyone starts out with this curiosity but it can be cultivated if you make it intentional to be investigative. You’re going to be curious for the rest of your career, and probably your life. Its going to change the way you think and if you pursue it long enough, it will change your life and open up a whole new esoteric world of creativity. Competitions This article wouldn’t be complete if we didn’t take a minute to talk about capture-the-flag (CTF) competitions. Capture-the-flag has been around since the very beginning and how it started is with vulnerable applications and systems that have a text string hidden inside of them. The participant finds the text string and submits it to the judges and they get points for every proof that they’ve hacked it. It started in 1996 at DEF CON and today, has evolved into all sorts of various capture-the-flag challenges inside and outside of conferences. In fact, Tyler’s favorite challenge is the DEF CON Blue Team Village capture-the-flag but has competed in Ghost in the Shellcode, SANS Netwars and Holiday Hack, CSAW and was a mentor for high schoolers for the CyberPatriot program. Tyler was never really fantastic at them but always competed on a team and that was the fun of it. Most bigger conferences other than DEF CON will have their own capture-the-flag competitions. For instance, the Splunk conference, Splunk.conf, hosts a popular capture-the-flag called BOTS, for Boss of the SOC, that is very challenging and popular. If you are in college, there are many student oriented capture-the-flag competitions and perhaps the biggest one that should be on your radar is the Collegiate Cyber Defense Competition (CCDC). In addition to these, there are many online CTF competitions and challenges that not only have communities that you can join and participate in to enhance your networking by finding common ground with new people, but also provide awards, credentials, and overall bragging rights. Probably the most popular online CTF platform today that I would certainly recommend you taking a look at is TryHackMe. TryHackMe’s popularity has skyrocketed for being the premier hacking challenge and it’s common to look around on LinkedIn and see analysts advertising that they are “Top 2% in TryHackMe” or “Top 5% TryHackMe”. If you get serious about playing the game and showing off your skills, you can purchase the subscription to make your learning and earning points faster. On the other hand, for defense (blue team) challenges, LetsDefend is rising in popularity. They have a free option but for the SOC Analyst track it’s a subscription. They have some neat challenges that would give you some hands-on exposure to some of the things we do on a daily basis and even give you a certificate to share on LinkedIn. To sign up for free scan below: http://bit.ly/letsdefend Medium You need to start building a brand as a cybersecurity expert, so Medium is where you need to go to start doing it. I’m not asking you to do something that I don’t do even ten years into my career. Creating a blog can be one of the most rewarding things any professional can do, not only does Medium have a huge built-in audience of technology professionals, teaching and writing about a topic improves retention of the information. You’re going to find out sooner or later that if you don’t use the information you lose it. Teaching something to someone else helps you retain that knowledge for longer. Choose a few topics on the SOC and cybersecurity, maybe about your latest project or something you’ve studied that you’ve found interesting and teach it. One of your audience members might be your new manager! Write at least two articles every week and share them on all of your social media outlets, including LinkedIn. Every time you finish a course, write about what you’ve learned. Every time you finish a project, teach others how to do it. Write about your personal journey to finding a SOC analyst job. And always remember to learn, do, teach to retain. A blog will establish you as someone who knows something about cybersecurity. Make sure you leave a banner at the end of every Medium article connecting to your LinkedIn profile. This way any person interested in you can reach out and connect ! Once you have attended a few meetings and are blogging, you can start to build a network of like-minded community members to associate with. Make friends quickly, they are going to be vital in your career. You really can’t do cybersecurity alone with much success. Now that you’ve made it this far, you’re now qualified, how in the heck do you find a SOC analyst JOB? Where to Search for Jobs The Information Security world has embraced social media to locate and recruit top talent. With LinkedIn standing out as a clear place to start. Not only can you find job postings, you can get connected with headhunters and recruiters looking to find top talent. LinkedIn offers a premium subscription that can be used to find and connect with recruiters. They offer free trials of LinkedIn Premium and I highly recommend using it when job searching. If your LinkedIN is uninteresting, then you aren’t attracting the attention you need no matter how good your cybersecurity knowledge is. Other than putting in your certifications and credentials in the headline, there are a few tips to keep in mind. LinkedIN Profile Tips LinkedIn is not the only website to consolidate job postings, Indeed and Monster are worth investigating too. Once you’ve accumulated a few technical certifications, sites like Credly.com have job boards that are looking for talented people with the certifications you’ve attained. Finally, you can’t go wrong by looking at the careers section of a company’s website. This will show you what open positions are available and provide you insight into what they are looking for in an applicant. Note: Don’t be afraid to apply even if you don’t meet all of the requirements in the job posting. To quote the great Wayne Gretzky, “You miss 100% of the shots you don’t take.” Applying for Jobs I would like to explain to you how to perform a job hunt. First off, you need to get your resume together. It takes a lot of trial and error to perfect a resume, but you can also have a professional help you build a good one. A resume can take form in many styles, but it will have the same basic information: Resume Components Keep your resume to under three pages to prevent over skimming by the readers. The benefit of having a professional resume writing service, like our service, is they will share a document with you and probe you with questions until they get all of the information out of you about your previous experience and then write it in a way that is quickly and easily consumed. Once your resume is together, you can move forward to a job search. There are several job posting websites that have proven successful for us; however, I have had the most success with LinkedIn. When I am searching for a job, I usually purchase their premium membership so that I am able to see the statistics for each job I am applying for, send InMail messages to hiring managers or recruiters for a company I am interested in, and see who is looking at my profile. Also, Google has a good aggregation of jobs to search through. Using Google, you are able to set up and configure job alerts specifically for cybersecurity jobs. The SOC analyst position is the job that you will be able to land the easiest as a first step into information security. There is a revolving door in most SOCs, and the position for SOC analyst opens frequently. The titles that you want to look for first are: SOC Analyst Job Titles If you are mobile and can move anywhere, your odds for finding a good fit quickly are better. If you live far outside of a big city, then your options may be more limited. Most SOCs require you to be on-site for security purposes, during COVID everyone moved remote, and now more companies are returning to a hybrid work model. You’ve got your resume together now, and you know how to apply for jobs, you have a network of colleagues because you’ve been attending meetings and getting involved in the community. You’ve provided them your resume and asked them to refer you to any open position they have, and you’ve kept in touch with them just to chit chat. You have some projects and a blog to show your progress in your road to cybersecurity success. You have a portfolio now. Include the link to your blog on your resume so that the hiring manager invests time into you as a candidate and read about your story and your projects. You’re likely to get an interview now. Whew, thats a lot to get an interview! So lets talk about that. Common Interview Questions The following is a list of common interview questions that might be asked during an interview for a junior SOC analyst. Some are very basic and some are harder, but we feel if you can answer these questions you have the required knowledge to become a SOC analyst: What is an RFC 1918 address? Do you know them? Define a Class A, B, or C network. What are the seven phases of the cyber kill chain? What is the purpose of the Mitre ATT&CK Framework? What is the difference between TCP and UDP? What are ports 80, 443, 22, 23, 25, and 53? What is data exfiltration? What Windows protocol is commonly used for data exfiltration? Do you have a home lab? Explain it. What is AWS? Azure? Explain how you’ve used it. What is a DMZ, and why is it a common target for cyberattacks? The importance of having technical knowledge cannot be overstated. The above questions are pretty simple, but you might be surprised to learn that seven out of ten candidates don’t know the common TCP/UDP ports used by modern services. I highly suggest using a common study guide to prepare for your interview. An example of this is the website Quizlet.com . They provide a flashcard style learning platform for information technology certifications like Network+ or Security+. Also, Udemy has a few SOC Analyst interview question courses that you can take (I like Udemy). Despite the need for a basic understanding of information technology, that only covers half of the requirement to be a SOC analyst. An analyst should be a critical thinker and possess an acumen for problem solving. Interviewers will usually test a candidate’s ability for problem solving with scenario-based questions. Let’s cover some scenarios I’ve seen and used to conduct interviews: “You are a tier 1 SOC analyst, responsible for monitoring the SOC inbox for user-reported incidents. The SOC receives an email from the VP of Human Resources stating that they can’t access their personal cloud drive. The VP knows this is against company policy, but the VP is adamant that this is required for legitimate business requirements.” Do you process the access request for the VP? What is your response to the VP? Who else should you include in the reply email? “You are monitoring the SIEM dashboard for new security events. A network IDS alert is triggered, and you begin investigating. You see a large amount of network traffic over UDP port 161 originating from dozens of internal IP addresses, all with the same, internal destination IP address. Some quick Googling shows that UDP port 161 is used for by the Simple Network Management Protocol and the byte count of the traffic is miniscule.” Do you think this is data exfiltration? If this is not data exfiltration, what legitimate services could cause this alert? What team could provide an explanation for the traffic? The first scenario is an example of what you might be asked when applying for an entry level analyst role, while the second is a little more advanced. Let’s go over what the interviewer is looking for. Scenario 1 is designed to identify if the applicant can be easily intimidated by senior leadership in your organization. Information security is the responsibility of all members of the organization; it should not be waived for the convenience of one senior leader. The larger lesson here is about making risk-based decisions. A junior analyst should never assume the risk of policy exceptions. The interviewer will ask how the applicant will respond to the VP as it will showcase their experience with customer service. Customer service is another very important task of a SOC analyst. Whether working for an MSSP or for a company internal SOC, there will be times when interfacing with other teams will require the analyst to show a certain level of tact and professionalism. The third question helps the interviewer to understand the prioritization skills of the analyst. If an analyst is working with a VP, there is a high probability there is a procedure around communicating with senior leadership within the org. Scenario 2 is designed to test the applicant’s critical thinking and technical knowledge while also providing the interviewer with insight to the applicant’s investigative reasoning. This scenario also gives insight to the most important quality of a SOC analyst; if you don’t know the answer, admit it. The last thing the SOC team needs is a “know-it-all”; they are dangerous and toxic to the workplace. If this article teaches you one thing, let it be this lesson. There will be questions you can’t answer, and that’s fine. The worst thing you can do is give a wrong answer with the confidence that you are 100% correct. Remember that the above scenarios are examples only; each interviewer will use their own set of questions. The goal remains the same, to locate and select the best applicant for the position. Our goal is to assist you in becoming that applicant. The following are a few tricks and tips to help you become that “best applicant” for the position: Interview Tips And that covers it. Summary We’ve talked a bit about the demand for SOC analysts, and why that position is the best strategy for entering cybersecurity. We’ve talked a bit about the four requirements that an entry level SOC analyst needs to have, we’ve talked about how to get the fundamental knowledge and how to get hands-on technical skills, and we’ve talked a bit about interviewing. This is not an overnight process. It is going to take time. No one can walk into an entry level SOC analyst job without preparing. What I am trying to say is its not easy. But it is worth it. I’ve dedicated my career to helping others find their way into cybersecurity. My courses have served over 25,000 students. I have developed training materials both paid and free for the last decade to give back to the community that gave to me. I can’t tell you how appreciative I am to have had the people in my life that I did when I was just starting out. They helped me and didn’t expect anything in return and it was unlike anything that I have ever experienced before. That is the community of cybersecurity and you’re doing yourself a disservice if you don’t get involved. There are so many communities that I am sure you’ll find your tribe. Go find them. Good luck and godspeed! Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

What is a Major Frustration of Being a SOC Analyst This job isn’t without its moments, but those great moments come with a price tag of frustrating things you might encounter as a SOC analyst. This is What is a Major Frustration of Being a SOC Analyst? Here is the big one that is on my list from having worked at so many SOCs: The larger the company the more they can pay but the less they can move. It is frustrating to spend a lot of time on a security event and make recommendations for improvements and not see any results. Small companies can incorporate feedback the same day and you get all the feel goods that you did something positive. That rewarding feedback that you just made the program better. Whereas you might investigate that same alarm at a large company a hundred times before they are able to make any improvements, if they can incorporate any feedback at all. Some companies are too big to move at all it would seem. This leads to alert fatigue where you’re auto closing incidents that look alike and you become a brainless drone in pursuit of good numbers. Having the ability to close a feedback loop at a large company takes skill, patience, persistence, and the ability to manage without authority. A feedback loop in a process is when the end result gives feedback to the beginning to improve the process. For example, a soc analyst concludes in their investigation that this event is a false positive so they take a bunch of time to collect all the evidence of all the previous false positives, write an analysis, and submit it to the team that creates the detection rules so that they can tune it and improve the efficiency of the SOC. In the long run, this saves the company a ton of money but in the short term it hurts your numbers: how many events you’ve worked on that day. Terrible inexperienced management only sees the numbers and not the impact. At small companies you tend to know your colleagues better and there is less tape preventing this kind of feedback from improving your work (and mental health) so things get done quickly. They are nimble and agile. I’ve worked at companies so large that I was convinced they aren’t improving the program on purpose because when I took so much time to gather the evidence and present it in a matter-of-fact and easy-to-understand way it was just ignored. What I noticed about my peers is they all have tried doing this too, and they just stopped because there wasn’t any improvement. It was a waste of time. This results in an incredibly inefficient and dangerous SOC where the team members have zero morale and zero care about their work. They are just brainless sisyphus’ clocking in and clocking out and getting nowhere with their work or their careers. What’s on your list? Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

What are Some SOC Analyst Projects Maybe you’re in college, or transitioning from the military, or maybe you’re from another area of IT, or just maybe you’re just teaching yourself... projects are a big part of any training for a SOC analyst. Some of these are challenging, and some are a little easier but there are three here to teach you practical skills that you’ll need to have as a SOC analyst. This is What are Some SOC Analyst Projects ? Cryptography There are three cipher-texts that you will turn back into plaintext. One of these cipher texts lead you to particular places that might not be so friendly. Do NOT access from work or using work resources. Be extra careful with links. If you are unsure how to safely handle clicking on links, please do your research prior to following the rabbit hole. Good luck — Be safe ~godspeed Questions for this assignment What is the plaintext for these three ciphertexts? Decipher One Erthyne FBP Nanylfgf znxr bire fvk svtherf HFQ ng fbzr pbzcnavrf ab j. Decipher Two The key is Decipher OneQfla QBG Fopyyfrd pttv gev eqwjjmofxx iikbljd n vzckzr bmf crdmftf tip (tzwziysxpcewayulqnmyz) ieh xvww-fxf gidwyetxfqgp (hzlggrdt hrzcsxkhnuc).Ajsro — ureuy://bvj.vfvblfj.xye/rtagy?a=p-wjkxJa_D8 Decipher Three QmFzZTY0IGlzIGVuY29kaW5nLCBub3QgZW5jcnlwdGlvbi4gIEVuY29kaW5nIGRvZXNuJ3QgaGF2ZSBhIGtleSB3aGVyZWFzIGVuY3J5cHRpb24gaGFzIGEga2V5LgoKSGV5LCBjaGVjayB0aGlzIG91dC4uLgoKaHR0cHM6Ly9nb29nbGUuY29tLz9xPWludGl0bGUlM0ElMjJoYWNrZWQrYnklMjIraW51cmwlM0F1cGxvYWQr== 2. Networking Questions for this assignment Trace the route then research and explain how the internet sang the song of Bad Horse. How did the administrator configure each hop for this to work? 3. Malware theZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis, we have decided to gather all of them for you in an accessible and safe way. theZoo was born by Yuval tisf Nativ and is now maintained by Shahak Shalev. theZoo’s purpose is to allow the study of malware and enable people who are interested in malware analysis (or maybe even as a part of their job) to have access to live malware, analyze the ways they operate, and maybe even enable advanced and savvy people to block specific malware within their own environment. Please remember that these are live and dangerous malware! They come encrypted and locked for a reason! Do NOT run them unless you are absolutely sure of what you are doing! They are to be used only for educational purposes Warning! You are about to handle live malware and if you are unsure how to safely handle malware, please conduct research prior to continuing. Instructions for this assignment Visit the Live Malware Repository at https://github.com/ytisf/theZoo Upload malware samples to Virus Total at https://www.virustotal.com/gui/home/upload Calculate the file hash of malware samples and search Virus Total for it at https://www.virustotal.com/gui/home/search Execute the sample interactively in a sandbox (any of them will work but I enjoy https://app.any.run or https://hybrid-analysis.com ) Compile a list of Indicators of Compromise (IoCs) from the malware execution and search google for them. Questions for this assignment How does Virus Total know that these files are malware? How would an attacker take malware like this and make it undetectable? What is the difference between behavioral antivirus and traditional antivirus? What is the difference between antivirus and modern endpoint detection and response tools? Did googling the Indicators of Compromise (IoCs) lead you to any interesting threat intelligence about the malware? Why aren’t IP addresses considered ‘good threat intelligence?’ What are the various levels of ‘good threat intelligence’ and how might you be able to identify malicious behavior? Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

How to learn cybersecurity at home Y ou may be looking for a new career and stumbled upon cybersecurity and are all excited about it now! That makes me happy to think about. Its my job now to explain to you how to start learning cybersecurity at home. There are a few things that make a well rounded entry level cybersecurity professional. But first let me explain the Security Operations Center Analyst. The SOC Analyst is the gateway to cybersecurity because is it the most junior position that is often available in a company for cybersecurity and the high turnover rate (usually because of promotions out of the SOC) means the position opens up frequently. SOC Analysts usually come from one of these four areas: And when we say career changers, we are typically meaning from other areas of IT. I am an expert in training for entry level cybersecurity and I promise you, 90% of the time, folks find it easiest to land a SOC analyst job and then pivot to the specialties they are most interested in. So, now that you know that you need to target a SOC analyst, lets talk about the four areas that make a well rounded SOC analyst. High Level Concepts Hard Technical Skills Business Acumen Culture Fit Culture fit is extremely important, and that's kind of a specialty to me as well. Not that I’m perfect for every company, because I’m most certainly not, but typically since I have spent the last 10 years in a SOC I can speak the language. While not 100% effective, there are ways to maximize your culture fit as a SOC Analyst, but if you want to just be you there's the right place for you, too, just know who you are and what you stand for. High Level Concepts The high level concepts everyone should know, not just for cybersecurity experts, but anyone in a professional capacity. Things like what is separation of duties, what is least privilege, and what is the CIA triad? These are fundamentals in cybersecurity and the best place to learn is CompTia’s Security+ Certification. Long standing and well regarded as the minimum standard for entry level cybersecurity. This course is an excellent resource for cost effective training for the high level fundamentals of cybersecurity: For high level concepts it should be very structured, and maybe even boring, as its the same information we all get and know (and repeat). Any one of Udemy’s courses for Security+ would be a good start. If you want to test the waters first, I wrote an introductory to SOC Analyst prerequisite skills that serve as fundamentals for what you need to know as a SOC Analyst, the gateway to cybersecurity. Hard Technical Skills Hard technical skills are harder to come by. Its all about projects, projects, projects . They don’t all have to be boring, in fact I wrote an article that is all about fun projects, here . Thi article is extremely popular in all circles , including LinkedIn. Its received more recognition than almost all of my other work. Its three projects to give you some exposure to cybersecurity projects that you can do at home on a weekend. Since everything is moving to the cloud and having cloud exposure is very advantageous, I came up with a fun project for you to do in the cloud in this article. Another project that I have deployed several times to AWS is the Modern Honey Network . Its much more challenging, but if you can complete it, then you absolutely have the technical skills to be a SOC analyst (and more). Pair this with the SOC Analyst Method found in JYSAC to conduct security analysis on the data. Business Acumen Cybersecurity is a glorious customer service job. Customer service is a very big part of the job. Knowing how to say bad things in a good way is going to be an important part of your job. Thats where framing comes in. There are a wide variety of tasks related to cybersecurity. And because all security-related tasks are important, they need to be prioritized appropriately on a case-by-case basis. Determining which elements are important now can be difficult without an understanding of the business as a whole. In a SOC queue, a big part of someone’s job is prioritizing the work for you but as you become more senior that will become more and more a part of your own job. I like the Eisenhower matrix for prioritizing tasks. Its simple and fast and crazy effective. Most of us in cybersecurity work from home at some capacity and its a very important part in your career to learn how to communicate with people remotely. That is, learning how to not isolate yourself while you are at work when you are working from home. Give this video a watch . Culture Fit Here at Cyber NOW Education we love the SOC. We love everything about it, including this unique but strangely not unique, culture that comes along with it. After you spend some time in the SOC you will realize just how rewarding it is to be on front lines. So much action, and we want you to love it like we do. I don’t mean to self promote, but our course SOC Analyst NOW! is a great introduction to the culture of cybersecurity. This is the general SOC culture, but each company is different. I’ve worked at companies that I was just not a good culture fit for and it was miserable for me. I just didn’t fit in and it made me feel unwanted and alone. Whether you lean hard left or right, or right down the middle, there are companies for you. I’ve worked on both sides of the spectrum and I’ve found hard left companies tend to rely on psychology a lot in management style and and hard right companies are more direct to your face, but make no mistake, they both are capitalistic at their very core. Its so important to find a boss that you like and its often not until you’re there do you really find out if you’re a good culture fit or not. It takes practice to be a general culture fit but after awhile you’ll catch things like this: And you’ll have a nice little chuckle that FedEX has an arrow in their logo for all the packages they deliver. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

Can You Get a SOC Job Without a Degree? The cybersecurity industry is ripe with candidates applying for jobs. In fact, its almost like the a scene in a movie where it’s havoc and every man is for himself clamoring over each job and every candidate like Gollum in Lord of the Rings. This is Can You Get a SOC Job Without a Degree? The origin of the term “each man for himself” is in The Knight’s Tale by Geoffrey Chaucer (1340–1400). He is known as the Father of English Literature, but his meaning of the phrase was more akin to “If you don’t look out for yourself, no one else will.” It was not meant to be a selfish act. Now days, it describes a situation or crisis in which people do not help each other, and just take care of themselves. That is very selfish. Not only can you not get a job without a degree, but you can’t get a job with a degree because everyone has this same attitude, throwing each other under the bus to be the very best. Let me put this into perspective, a SOC analyst job is an entry level job. No matter how good you are, you don’t know more than the SOC manager, and you don’t know more than your seniors that have been doing this for a decade. To us, you’re someone who needs to be plucked and cultivated and turned into something that is of maximum usefulness. It takes a lot of time to do this, and we have to spend a lot of time developing you. Let me tell you, we don’t want to do this for a d*ck. If you’re out there throwing your peers under the bus to get this job, you’ll throw us under the bus as soon as you think you can. What we want is the very best candidate that we can find that is also a servant leader. A servant leader is someone who prioritizes the needs and development of their team members over their own personal gains or authority. Servant leaders genuinely care about the well-being and personal growth of their team members. They actively listen to understand the needs, concerns, and ideas of others. They focus on helping others achieve their full potential, both personally and professionally and they foster a sense of community and collaboration within their team. When you’re looking to take someone fresh from the farm to prepare them for a career, you want the best person you can find. You wan’t to find someone you like and you can spend a lot of time with and it not be excruciating. Interpersonal skills go a long way but what goes even further in your career is just being a genially decent person to your peers. Now, there are companies that I have worked for where you are in competition with your peers. And if that is what you like, then good luck because these companies like the Big 4 consulting firms will dangle a carrot in front of a huge group of people and you’re right, someone will get that carrot. I hope you’re have an ungodly amount of time to devote to competing against one another, and still not win, but for the rest of us, we’ve found much better balance and success in life competing as a team. Cybersecurity is full. Packed. Crowded. Bursting. Crammed. Glutted. Jammed. Teeming. Saturated. Chock-full. Jam-packed. Brimming. Overflowing. So, you really can’t get a SOC job without a degree because you’re thinking you’re competing by who has the better credentials and you’re just not going to win that way. You’re going to win by being the best person for the job. There are minimum qualifications like a Network+ or Security+ and a baseline of technical skills, but beyond that what is going to make you stand out is your ability to be communal in your pursuits, sharing your success with others, helping to grow the community, sharing your advice, pointers, and projects with your peers. Volunteering where you can. Because these are the people you want to work with. You always want to make your SOC manager look good. They aren’t going to hire you if they think you will make them look bad. When you complete an assignment, your manager is going to take credit for it and he’s going to give it to the entire team. There is no John Smith, SOC analyst, instead there’s Steve Galley, SOC Manager’s, team, of which you’re a part of. Everything you do is for the team and that’s how you need to approach getting a job. Where your team is everyone else who is looking for a job. Its not good enough to be the smartest. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

What are the differences between AI, ML, and Automation Artificial Intelligence, or AI, is a term you’ve probably heard a lot about. It pops up in discussions about the latest tech, sci-fi movies, and even in conversations about the future of work and everyday life. But what exactly is AI? How does it relate to machine learning and what role does something like ChatGPT play? And what about automation — how does that fit into the picture? In this article, we’ll dive into these topics, breaking them down in a way that’s easy to understand. By the end, you’ll have a clearer idea of what these terms mean and how they’re shaping our world. This is What are the differences between AI, ML, and Automation? To start, let’s understand what AI really is. Artificial Intelligence is the idea of creating machines or software that can perform tasks which normally require human intelligence. These tasks include things like understanding language, recognizing pictures, making decisions, and solving problems. Think of AI as a super-smart computer program that can learn and adapt. When you play a video game against a computer opponent that gets better the more you play, or when you ask your phone’s assistant to set a reminder, you’re interacting with AI. Levels of AI AI comes in different levels, based on how smart and capable these systems are. The simplest form is called Narrow AI . Narrow AI is designed to do one specific thing. It’s very good at that one thing but can’t do anything else. For example, the spam filter in your email that catches junk mail is a type of Narrow AI. It’s great at identifying spam messages, but it can’t help you with your math homework or play chess with you. Next up is General AI . This is the kind of AI that can understand, learn, and apply knowledge across a wide range of tasks, much like a human can. General AI doesn’t just excel at one task but can perform many different ones, switching between them as needed. Imagine a robot that can cook, clean, help you study, and even have a meaningful conversation with you about your day. As of now, General AI is still something we’re working towards and hasn’t been fully realized yet. Finally, there’s Super Intelligent AI . This is a level of AI that would surpass human intelligence in every aspect. It would not only perform tasks better and faster than humans but also come up with ideas and solutions beyond human capabilities. This kind of AI remains in the realm of science fiction for now, as we’re far from creating anything like it. Machine Learning Now, let’s talk about machine learning. Machine learning is a big part of AI, but it’s more specific. It’s a way to teach computers to learn from data. Instead of programming a computer with exact instructions for every possible situation, we give it lots of data and let it figure out patterns and rules by itself. Imagine you have a computer program that you want to teach to recognize cars in pictures. Instead of telling it exactly what a car looks like, you show it thousands of pictures of cars and thousands of pictures of other things. The computer analyzes these pictures and learns the patterns that make a car a car. This process of learning from examples is what machine learning is all about. ChatGPT ChatGPT is a specific type of AI. It’s designed to understand and generate human-like text based on the input it receives. If you’ve ever chatted with an online assistant that can answer questions or help you with tasks, it might be powered by something similar ChatGPT. What makes ChatGPT unique is that it uses a technique called deep learning , which is a type of machine learning. Deep learning involves using very large networks of computers to learn from vast amounts of data, kind of like building a very complex brain for the computers. ChatGPT works by first being trained on a massive amount of text data from the internet. This process, called pre-training, helps it learn grammar, facts, and even some (very limited) reasoning skills. After this, it goes through fine-tuning, where it gets better at specific tasks by receiving feedback from the developers and YOU. When you ask ChatGPT a question, it uses all this learning to generate a response that makes sense based on the context. It’s important to note that while ChatGPT is a form of machine learning, it’s specifically designed for working with language. Making it a Narrow AI. Not all machine learning models are like this. Some might be designed to recognize images, while others might predict weather patterns. ChatGPT’s main job is to understand and generate text, making it a powerful tool for things like chatbots. Automation Automation is another concept that often gets mentioned alongside AI and machine learning, but it’s different . Automation is all about making machines or software do tasks on their own without human help. These tasks are usually repetitive and follow a clear set of steps. For example, think about an automatic washing machine. Once you load your clothes and start it, the machine goes through a series of steps to wash your clothes without needing any further input from you. That’s automation. Automation doesn’t necessarily require AI. For example, a simple conveyor belt system in a factory that moves products from one place to another is automated, but it doesn’t have any intelligence. It’s just following a pre-programmed set of instructions. So, how do AI, machine learning, and automation differ from each other? AI is the broad concept of creating intelligent machines. Machine learning is a specific approach within AI where machines learn from data. ChatGPT is a specific approach within Machine Learning called Deep Learning. Automation is about making machines or software perform tasks on their own, often without any need for intelligence. Automation is not AI. When you put them together, you get powerful systems that can do amazing things, like self-driving cars that navigate traffic on their own, or smart assistants that manage your daily tasks. AI Concerns As exciting as all these advancements are, it’s important to think about the impact of AI, machine learning, and automation on society. One concern is job displacement . As machines become capable of performing more tasks, some jobs may become obsolete. For example, self-driving trucks could reduce the need for truck drivers, and automated customer service systems could replace human agents. However, new jobs will also be created in areas like AI development, data analysis, and maintenance of these systems. It’s important for education and training programs to prepare people for these new roles. Another concern is privacy . AI systems often rely on large amounts of data to function effectively. This data can include personal information, like your browsing history, purchase habits, and even your voice recordings. It’s important for companies to handle this data responsibly and ensure that it’s protected from misuse. Regulations and policies are needed to ensure that AI is used ethically and that people’s privacy is respected. There are also ethical considerations around AI decision-making . For example, how do we ensure that AI systems are fair and unbiased? If an AI system is used to make decisions about things like job applications, loans, or medical treatments, it’s crucial that these decisions are made fairly. Bias can creep into AI systems if the data they’re trained on contains biases. For instance, if a hiring algorithm is trained on data where certain groups are underrepresented, it might unfairly disadvantage those groups. Researchers and developers are working on ways to identify and mitigate bias in AI systems to ensure they’re fair and equitable. In addition to these concerns, there’s the question of control . As AI systems become more advanced and autonomous, how do we ensure that we remain in control? This is especially important when it comes to AI systems that can make decisions on their own, like self-driving cars or automated weapons. Establishing clear guidelines and oversight mechanisms is crucial to ensure that AI is used responsibly and safely. Conclusion AI, machine learning, and automation are fascinating and transformative fields that are reshaping our world. AI is the broad concept of creating smart machines, machine learning is a way for these machines to learn from data, and automation is about getting things done without human help. As these technologies continue to evolve, they will bring new opportunities and challenges. Understanding them is the first step to being a part of this inevitable future. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .

What is the SOC Analyst Interview Process You've spent all this time getting training, then you applied for jobs and then finally, you got a call back for a SOC analyst position. The interview is set up. In this article we will talk about how the interview process is going to go. This is What is the SOC Analyst Interview Process? Recruiter Interview for SOC Analyst The first interview is always the recruiter interview. This will be a 15 to 30 minute interview to get your background information and make a few notes about you. Then they will tell you that they will submit your resume to the hiring manager. You don't get a decision during this call, and it's usually is a telephone call, that you're moving forward or not. They just tell you they're going to submit your resume to the hiring manager and its up to the hiring manager to decide after reading the notes whether or not they want to pull you in for an interview. For this interview you want to have your background story recited and straight. You need to know how, when, and why you got started in cybersecurity. What led you to this very point. This spill needs to have fluency so you want to have practiced it. You also want to talk about what you're passionate about and give the spill about your projects and home lab. Don't leave this interview or any interview without talking about your home lab. This information will be used again, and again, throughout your career. Make sure its authentic. The smoother this story goes the better your chances the recruiter actually will forward your resume to the hiring manager instead of just telling you they are and never doing it. The second interview is the team or SOC Manager interview. I have seen it both ways but you'll interview with both. Team Interview The team interview is a technical check. This might be a panel interview with two or more people and their purpose is to see how you interact under pressure and to see how well you know your tech chops. Up until this point you can make it through your degree, through your resume and a job applications, you can make it all way here and not know a thing about the computer. And that's what they're checking here. You might get asked scenario based questions and the purpose is to see how you think, not necessarily that you arrive at the correct answer. Though it's good if you can. While having technical discussions they won't expect you to know everything. They expect you to fail at some questions and you need always be honest. There is nothing more toxic to a SOC member than to be a know-it-all and be 100% confident in an answer that is completely wrong. You simply can't recover from that. So always leave a little room for error and uncertainty in your response even if you're pretty darn sure you're correct. SOC Manager Interview The SOC Manager interview is either the second or third interview typically and this interview is to see if you're a good culture fit and that you won't cause too many problems for him/her. They'll want to know your background and maybe ask you a few high level management and personality questions. You want to be likable and show respect. "Yes sir, no sir." Not "hey, man." This is the person that is ultimately responsible for hiring you, handling your compensation, bonuses, and promotions. It represents one of the hardest and most demanding jobs in cybersecurity. The most important thing to know about this interview is that you want to give the impression that you're going to stick around for awhile. It's not fun to hire people. It's not fun to go through all these interviews. And the last thing they want to do is go through it again in a year. You also want to leave the impression you can use the available resources that you have available to you and grow with them. Ask them about the training available but not put too much pressure on high-cost training. That ship has sailed a few years ago. We used to be able to ask for all sorts of high-priced crazy training and they'd pay for it, too! It was great. But you just be really excited about your subscription to LinkedIN learning and make him feel like you're going to watch every video. CISO/Director Interview This interview is optional but is more common the smaller the company is. This interview is typically the last interview and if you've made it here they've pretty much already made the decision to hire you and the CISO/Director just wants to meet with you so that you know who they are and that they're approachable and you can ask them questions if you need to after you get hired. Some CISO's and Directors just like to meet everyone that's on their team. In every single one of these interviews, you want to show PASSION. What are you doing extracurricular to be involved. Make them feel like this isn't just a 9-5, it's not just a paycheck but its your LIFE. You live and breath cybersecurity. For the first few years, that's exactly what it's going to be for you, too. Never miss an opportunity to talk about your home lab and go into LONG detail about. As much as you can. Preference if its in the cloud. Good luck and godspeed. Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts. You can connect with him on LinkedIn . You can sign up for a Lifetime Membership  of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits. Download the Azure Security Labs  eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing. Some of our free resources include the  Forums , the Knowledge Base , our True Entry Level SOC Analyst Jobs , Job Hunting Application Tracker , Resume Template ,  and Weekly Networking Checklist . Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer. Check out my latest book,  Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success,  2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here .