Search

How to Thrive in a SOC Environment

Updated: Feb 20, 2021

Whether you are trying to pivot from the help desk or trying just trying to get your foot directly into to cyber security, your first position will probably be a Security Operations Center (SOC) Analyst. Whether your motivation is a change of career or even the potential bag you can make, there are some things you need mentally prepare for once you step into this landscape.



There are four types of environments that you will walk into that you need to be aware of:


1. No On-the-Job Training - What do you do when you walk into the environment where there is no program setup to training folks at the Tier 1 level? The Tier 3's can't train you because they don't have time. The Tier 2's wont train you because you are annoying. And the seasoned Tier 1's don't want to train you because they fear that you may out do them on the job and potentially take their promotion.


2. No Training Budget - What do you do when you get on the job and there is no budget to send Tier 1's to training?


3. Bad Management - What do you do when you have no clue how take an incident from cradle to grave and the manager who suppose to know what you don't know, knows less than you?


4. Bad Contract - What do you are hired as a "butt-in-seat" on a contract not knowing that in a few weeks, the contract is up for rebid and the current company doesn't believe that they are going to win? What do you do with minimal knowledge of how to even do the job, knowing that the new company may keep 1 or 2 of the good ones?


You may walk into 1 or all 4 of these environments and if you are not mentally prepared, you may find yourself eager to quit and ready to change professions. I am here to tell you that even in these environments, you can not only survive but thrive if you utilize these three principles:

  1. You Must Be Hungry - I've seen folks obtain a certain dollar amount they've never seen before and get comfortable. You motivation has to be more that just money in cyber. You may be tasked to do something at work, that to your surprise, they couldn't pay you enough money to do. This field is always changing and the market is very competitive. Staying sharp and in-tuned with new technology and emerging threats requires a hunger to learn. If you are hungry, stay hungry. If you lost your hungry, go back to the drawing board and refocus.

  2. You Must Be a Hard Worker - Due to the shortage of employees in most environments, the workload can be quite daunting. Having a good work ethic will separate those who will excel from those who are just here for a paycheck. In laymen's terms, if you are not a hard worker working at CVS/UPS/McDonalds/etc., don't plan on making it big or lasting long in cyber. Please understand that when you step into this landscape and mount a computer as front line defense, you are building your brand. Everything you say, everything you do, every product you present can either make or break your brand. The cyber security field is so small, everybody knows each other. Many have lost their jobs before even being interviewed by the hiring manager because word on the street in another organization says "That person is a lazy!". Work hard where you are before you get in, you will need the energy when you're monitoring a SIEM filled with 7,000 alerts per day.

  3. You Must Geek Out at Home - It makes no sense to get your foot in on a job you have little-to-no skills about, and go home to do nothing about it. Get a lab. Study. Perfect you craft. These action tips will not only allow you to add value to your team and employer, but it also adds value to you. If you run into a particular technical issue at work during analysis or the usage of a certain tool, go home and research it. YouTube University is the best school in the world. Cyber Security is not just a job, but a lifestyle.

For those getting into the field, if you follow these tips, you will not only strive but thrive in a SOC Environment.



#SOCAnalyst #BlueTeam #SecurityOperationsCenter #SecurityOperations #CyberSecurity

66 views0 comments