SOC Analyst Tips & Resources

My SOC journey so far…. 2020-2022.

I have two years of experience in a SOC role and am a Tier 2 SOC analyst.

Over the past two years, I've learned new skills or certifications, and I'll say this much, I have a long way to go. The journey is long, and there's always room to grow and improve.

I just wanted to provide others with some certifications, resources, and books that I found helpful over my two-year period.

Take the following information with a grain of salt. There are security juggernauts out there, and I am not elite in any sense. I love information security and what I do daily. I try to sharpen my skillset via books, certifications, or training platforms. My short-term goal is to move to an incident response analyst role. The long-term goal I want is to be a security manager.

Do understand that Information Security is a life journey and career. No book or training out there will prepare you for a role. That's why you see many security professionals constantly studying for their next certification or sharpening what they already know.

As far as certifications go:

1. CompTIA Sec+ & Net+: These are not technical certifications, but the theory is vital to understanding the purpose of security and how endpoints communicate. Even if you don't attempt the certifications, I suggest studying the material.
2. Security Blue Team Level 1: I wish this would have been available when I started, and I don't remember hearing about it back then. BTL1 is hands down a must for any new aspiring SOC analyst. The exam is practical and covers most of the work I do daily. The knowledge and skills you pick up here will make you a more confident SOC analyst. The only downside I dislike is that it's not a well-known certification, but I foresee this changing in the future.
3. Linux LPI: Linux LPI is an excellent certification for anyone new to Linux. You'll learn about the Linux file structure, distro's, CLI, and basic CLI commands. * I enjoy and recommend Jason Dion's Linux Essentials course.
4. eJPT: The eJPT training is excellent because you can practice a few red team skills. The training will help you understand the steps threat actors take to compromise a network, and once you complete the training, you can attempt the eJPT certification. The last time I took it, the training material was free. I am not sure anymore.?
5. Splunk Core User: The last time I took the training, it was free, I am not sure anymore, but it's a great SIEM to pick up as a beginner. You'll probably be asked what SIEM you know during an interview, and Splunk is popular.?
6. Take Notes: Seriously, you will start noticing that you can't keep track of everything you are learning and start forgetting information. I like OneNote because it sync's across your devices, and you can search for keywords. There are other great applications, so don't just think OneNote is the only option.?

I will add on to understand how ticketing systems work and follow blogs or articles to know the current threat landscape in IT. Connect with other professionals in your desired role and cross-check job postings; even if you don't qualify for a position, look to see what skills or certifications an employer is looking for and chase after them.

During breakfast, I listen to SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) on Apple Podcasts to see what I missed. I also follow BleepingComputer.com - Technology news and support and other professionals on LinkedIn.

Some resources I found that are great to have bookmarked:?

• SOC Analyst Study Guide (notion.site) - linkedin.com/in/biggingerhoneypot - Jay Jay Davey is a tremendous blue teamer and person. He offers free mentoring through Cyber Mentor Dojo to aspiring security professionals.
• RangeForce | Team Cyber Readiness Platform - Paid blue team training, but good if you have some extra funds.
• TryHackMe | Cyber Security Training- Free cybersecurity training with an optional paid monthly pass. TryHackMe is a great start if you are short on funds, but make sure to take notes and not just try to rush through rooms.
• TCM Security Academy | TCM Security, Inc. (tcm-sec.com) - TCM has great affordable content that is easy to digest. It's not blue team-related, but you will benefit from his courses.
• Student Hub - Student Certifications | Microsoft Docs - Just sharing Microsofts free courses in case you are interested in Azure. (Microsoft provides free exam vouchers and practice tests to eligible students. You will just need to verify your enrollment at an accredited academic institution through?Cloud Ready Skills?to claim the benefits.)
• Investigation Theory (networkdefense.io) - Investigation Theory is pricy, but Chris Sanders does a fantastic job at getting you in the security analyst mindset. This course was offered to me by my employer, which was helpful because I was still new to the field. Also, check out his Practical Packet Analysis book and course.
• explainshell.com - match command-line arguments to their help text - "explainshell is a tool (with a web interface) capable of parsing man pages, extracting options, and explain a given command-line by matching each argument to the relevant help text in the man page."
• VirusTotal - Home - Good resource to use to look up IP's/domains, hashes, and URLs. DO NOT UPLOAD ANY CONFIDENTIAL DATA. Anything uploaded can be downloaded by anyone on the internet.
• ANY.RUN - Interactive Online Malware Sandbox & Free Automated Malware Analysis Service - powered by Falcon Sandbox (hybrid-analysis.com) - Great sandboxes to have for reference. Again, please do not upload confidential data because it's publicly shared.
• John Strand - Black Hills Information Security (blackhillsinfosec.com) - Free security training from John Strand.
• Pick a Vulnerability to Learn About (hacksplaining.com) - this is great to see how attacks work at a high lvl.

Books:

• Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali: OccupyTheWeb: 9781593278557: Books - Amazon - A great book to have if you are new to Linux.
• Social Engineering: The Science of Human Hacking: Hadnagy, Christopher: 9781119433385: Books - Amazon - How social engineering works.
• Blue Team Field Manual (BTFM) (RTFM): White, Alan J, Clark, Ben: 9781541016361: Books (amazon.com) - Good resource to have for SOC/Blue team work.
• PowerShell for Sysadmins: Workflow Automation Made Easy: Bertram, Adam: 9781593279189: Books: Amazon.com - If you are new to Powershell, this is a good book to have on your bookshelf.

In conclusion: What I mentioned above are some certifications, resources, and books that I believe will help aspiring SOC analysts. It's not perfect, but it's a quick view of the information I have picked up so far in my journey.

This is enough to help you create a baseline, but every role out there has different tools that I didn't touch up here. Those you will learn with time, so don't stress too much about it. I would also say pick up a cloud path, but that's another topic in itself.

Feel free to send me a connections request or message if you have some questions. I will try my best to get back to you, but if I take a bit long, please understand that I have other things going on.

Cheers.