This was originally drafted as a Google doc for a friend.
If you’re trying to break into cybersecurity with no previous cyber, engineering, or IT experience, the best way to break into the industry is as a SOC analyst.
SOC Analysts are cybersecurity analysts responsible for monitoring corporate networks for potential threats and intrusions. While certainly not an introductory IT/ engineering role, it is the closest thing to an introductory role in security.
With this being said, cybersecurity is very much NOT an introductory career path; it’s much easier to break into, say engineering, PM, or other tech roles than security due to the level of specialized knowledge required. It’s much easier to become a cybersecurity analyst after spending some time doing IT and engineering since those are typically prerequisites.
In this post, let’s talk about why to choose a SOC analyst job as a way to break into the cybersecurity industry, what you’ll need to learn to pass your first interview, how to acquire said skills, and a potential timeline to aim forth make sure you’re on track.
What and why SOC Analyst?
Security Operations Center (SOC) Analysts are cybersecurity analysts who typically are responsible for monitoring Security Information and Event Management (SIEM) systems. They are responsible both for monitoring and validating alerts generated through the SIEM system, and prioritizing alerts for further investigation.
SOC Analyst positions are ideal as an introductory cybersecurity career as:
- It’s a great introduction to the entirety of a corporate cyber environment; you’ll get exposure to cloud security, network security, application security, and everything in between
- At the junior level, you’re expected to have a broad breadth of knowledge, but not necessarily great depth; this makes it easier to study for interviews
- There are a great number of resources available online (for free!) to study for this career
Requisite Skills to Pass Interviews
To be able to pass a junior SOC analyst interview, you’ll need to have knowledge of several technical concepts and also have some practice in some soft skills.
Note that many of the technical skills required for an IT role overlap; there’s a very easy transition between IT administrators and SOC analysts, so studying for both roles is very similar.
Technical Skills
- Networking Fundamentals
- How does TCP/IP Work
- DNS
- Basics of OSI Model
- Operating Systems Security
- In order of importance
- Linux
- Windows
- Mac
- In order of importance
- Security Tools
- SIEM
- Splunk
- QRadar
- ArcSight
- Firewalls
- Antiviruses
- Endpoint Detection
- SIEM
- Log Analysis
- Splunk
- SQL
- Scripting + Automation
- Python + Bash
- Threat Intelligence and Vulnerability Management
- Understanding CVEs
- Threat Actors
Soft Skills
- Communication Skills
- Report writing
- Communicating with stakeholders
Acquiring Skills
There’s a great number of bootcamps and practice available online to start building out your skillset. Some are structured courses, others are YouTube videos/ series that are ideal for self-study:
Josh Madakor YouTube
Josh Madakor is a YouTuber whose channel is all breaking into the IT industry; it’s got a great wealth of IT and SOC analyst knowledge. It is unstructured, so it might be harder to follow, however, the content is completely free.
Google IT Support Certificate
The official Google IT Support Certificate is a 6-month course that aims to take you from 0 to a certified IT administrator. Taking the course itself is free, but if you want the certification, you will need to pay.
SOC Core Skills - BlackHills
BlackHills is an industry-renowned consultancy company, and they’ve put together a SOC Core Skills course. This will be a lot more structured than Josh Madakor’s Youtube, and more focused than the Google IT Support Certificate. It is also priced using a Pay as You Will structure.
HackTheBox
HackTheBox provides both structured content and online labs for you to practice your skills in a lab environment. It does have a paid subscription, so you should rely on the first few courses first before paying for it.
The two courses/ labs I’d recommend for an introductory SOC analyst are:
Certifications
Once you’ve acquired all of the core skills for the job, certifications might be a good way to increase the clout of your resume. However, make sure you’ve completed all of the free things above first before you pay for a certification. I’ll repeat DO ALL OF THE THINGS ABOVE BEFORE YOU PAY FOR A CERTIFICATION.
Having certifications on your resume may increase your likelihood of getting an interview, but they’re no substitute for having knowledge of the material; something that you can do for free before getting the cert.
The best certifications to get are:
- CompTIA IT Fundamentals (ITF+)
- Industry-recognized certification
- Costs
- CompTIA Security+
- Basic security concepts, networking + risk management
- Very common-intro level certification for security
- GIAC Security Essentials
Potential Career Timeline (for SOC)
This career timeline presumes full-time studying; potentially over 4 hours a day. As such, the timeline might take shorter or longer than what is estimated here.
It will take a LOT of studying to understand the core skills. It will take EVEN MORE practicing to get comfortable applying them. This is accelerating a 2-year degree program into 1 year, so expect this to be very intense, rigorous, and ambitious.
1 Month timeline
- Understand what it takes to become a security professional
- Identify problem areas that need to be focused on
- Sign up for a bootcamp
6 Month timeline
- Complete IT bootcamp
- Reevaluate problem areas
- Check the curriculum for certifications and see if you have the knowledge to pass
- Study and pay for those certs if you’re ready
- Start practicing in the wild (HackTheBox, etc.)
12 Month timeline
- Complete SOC bootcamp
- Reevaluate problem areas
- Check the curriculum for SOC certifications, and see if you have the knowledge to pass
- Study and pay for those certs if you’re ready
- Start polishing resume, etc.