How to become an SOC Security Analyst? What does an SOC Analyst Do: Salary, Skills, Certifications

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

these are the steps to take to become an SOC analyst in 2023 so you guys are new to my channel I make many videos on cyber security careers and I'm one of the most popular entry-level roles that I get questions about is an SOC analyst role so in this video we'll be going over the basics of what actually is an SOC analyst what they do their salaries their certifications that they may need the skills that they may use on the job and what a typical day may look like as well as pros and cons of the job so if you're someone who is interested in becoming an SOC analyst then hopefully this video will provide you everything you need to give you that background knowledge so first things first what is an SOC analyst and why there are different levels to the job to help answer this question the main thing I want to start with is what an SOC actually is and as Z or a security operations center is a team that is responsible for identifying deploying configuring and managing a company's security infrastructure so it's essentially A specialized cyber security team that focuses on identifying and mitigating threats with some common SOC rules such as an SOC analyst which is typically going to be the most junior level role a security engineer a forensic investigator a threat hunter or an incident response analyst a compliance auditor and an SOC manager the soc is a team of individuals who seek to prevent cyber security threats the text and responds to any incidents on computers servers or networks that it oversees and another thing to note is that SOC teams are typically going to be follow the Sun or you've probably heard of the other acronym which means that there is always going to be someone on the soc team that is rotating shifts to be able to follow the Sun that is able to be online active to respond to incidents or anything that may happen because as with cyber security you never know when something may go wrong so there's always going to be someone on the team that is online who is responsible for managing any on-call this is also the reason why many SOC teams for bigger companies typically have maybe a team in the US and then another team in email or the UK and then another team in in Asia or APAC and because these teams are spread out across the globe there's always going to be someone online during the daytime as do not cause too much stress with on-call hours but this is typically going to be for bigger companies who have the who have the budget and the bandwidth to have a teams that size but in terms of smaller companies they may not have necessarily A Sac an SOC team but the cyber security team may be managing some form of an SOC or maybe the outsources to a third party vendor which means they basically have a Soc team as a service where there's another team that is going to be triaging managing responses dealing with incidents all for your comp company if if you don't have the bandwidth as a cyber security team to be able to run a to be able to run a full-fledged SOC so with this hopefully this gave you a little bit of background of where an SOC analyst fits in the picture they're typically going to be different levels for SOC analyst roles and this is really just talking about the seniority of the role and may help determine what level of responsibility what level of technical skill set that you'll be needing on the job but typically as an entry require you're probably going to be starting at a level one SOC analyst role if you don't have any prior experience and are coming in with and are coming in from a bachelor's degree or boot camp program but a level one SOC analyst focuses on a real-time security event monitoring and security incident investigation part of your job is to actively monitor security threats and risks involving customers infrastructure your key roles and responsibilities include continuously monitoring security alerts cues triaging the security alerts monitoring the health of customer security centers and Siem infrastructure collecting data and context necessary area to initiate level 2 escalation deliver scheduled and ad hoc reports to your customers working closely with level 2 and level 3 teams towards the continuous Improvement of your service so based on this description a typical day for an SOC analyst maybe you monitoring monitoring what alerts may come in in the queue there's probably going to be some kind of ticketing queue maybe it's a jira board maybe it's or maybe it's an SIM to manage logs and different events that are happening in your infrastructure or the infrastructure of one of your customers and with that if there's any anomalies that you see or any incidents or any security events that may come up to you through your ticketing queue there's also going to be playbooks that you'll be following to to deal with those and if there is actually an incident then you'll probably be spinning up the incident and leading it depending on what depending on what your company's policies are for example if your company's policy says to instead escalate to the level two team then that escalation may happen first before any incidents may be spun up especially if it isn't confirmed yet that there's actually an active incident and typically for level one roles these are going to to be 24 7 shifts so once you log off you probably will be handing the Baton to someone else on your team maybe it's the European team or the Asia team and there may be some kind of touch base call with them at the at the beginning of your day or at the end of their day or vice versa to be able to say hey these are the things that are going on these are the incidents that are ongoing these are some suspicious things that we've seen and passing it on basically to the next person kind of like a relay race and you're passing over the Baton there's basically always going to be some team that is handing that over so that it can be continued to be worked on while the previous team blogs off Vlogs off for the day personally I think this is probably one of the best roles in cyber security to learn as an entry level person because you're directly Hands-On and everything blue team so personally I would split a lot of cyber security evils into red teaming blue teaming and and then a section just for governance risk and compliance these are probably going to be the typical silos that you wanted that you'll be going into or looking into if you're looking for a job in Social Security every team is an offensive security team which basically is doing Independence the red team assessments anything offensive security and then the blue team is defensive security team where where the soc analyst is you know level one role in that space where you're triaging alerts where you're dealing with incidents where you're looking at logs um viewing anomalies anything that has to do with keeping the organization or the app or the server secure whatever it is that you're protecting you're going to be actively looking at any issues that may come up throughout the day and because it's such a Hands-On role I think it's also one of the worlds that you can learn the most in and one thing to note is the fact that sometimes SOC analysts can also be used kind of interchangeably with and with a security analyst and I currently work as an information security analyst and I do not work in an SOC so that is something to call out that when you're looking for actual jobs and cyber security you may see some security analyst roles that have the exact features of an SOC analyst but there may be other companies that separate out these two but was entirely where there's an SOC analyst on the soc team and there's a security analyst doing some other stuff that isn't SOC related so just something to call out because I know sometimes it can be used interchangeably but depending on the company that you're in these could be talking about the same roles or completely different roles so next let's go into the background of what may be necessary for an SOC analyst specifically around education certifications do you already need previous work experience or I.T experience before going into an SOC role so typically from what I've seen you don't necessarily need a degree for an SOC analyst role but it may be helpful as educational credentials on your resume or if you're join directly from a boot camp some other skill sets that employers may be looking for are experience with Windows Linux and Unix platforms maybe some scripting skills using bash python Ruby Pearl or Powershell a solid understanding of network and computer security security testing and software security I think this is where the IT background can be helpful where a lot of people may be coming from a CIS admin role or a or a IT specialist role and then they and then they end up going Association where they already have that background of computer architecture and networking and they can use that to be able to help them in an SOC analyst role because a lot of your job is also going to be investigations if there is an incident that happened and there is some kind of lead that you found in a log anomaly what else can you do with that what information can you find can you track the IP what else has it done in your environment things like that and then if you saw skills of course are just analytical skills problem solving skills ability to document things well because honestly start security is very important to have a good documentation in terms of the steps that you took to remediate a vulnerability what you're telling your customers and whether you're telling them and whether you're telling them about an incident within their SLA if it affects them being able to talk through a problem and explain it at a technical level to technical smes but also at a executive level if you end up having to write the reports at the end of what happened maybe the retrospective of an incident your audience can look completely different when it's a when it's a cyber security team or if it's a group of of the soc or the senior leadership team and they're going to need to understand the intimate from a completely different set of communications goals and in terms of certifications there are definitely a handful of certifications that you can look into a popular one is the CSA or the certified SOC analyst certification by the EC Council and as you can tell by the exact name of the certification this is specifically for someone who wants to go into an SOC analyst role I think this is perfect for anyone who wants to be entry-level because a lot of cyber security is certification based so if you want to look for a job in cyber security you're typically going to ask for some form of entry level certification maybe a general certification like the Security Plus the A Plus or the network plus could be helpful to you as well but the CSA is a very specific certification of the CSA certification is for SOC analysts Network admins security admins cyber security analysts entry level cyber Security Professionals and anyone who wants to become an SOC analyst the exam is about three hours long and covers about 100 questions and while I know it is very specialized I think another option potentially could also be your Security Plus like I mentioned earlier this is kind of like the most General cyber security entry-level certification that you can get and this is also a certification that I got when I was starting out with about a year of experience in cyber security and I think personally it has helped me a lot in my career just in terms of General foundational knowledge especially because I didn't come from a search creative background I came from an I.T background so learning these cyber security terms and just foundational knowledge has been really really helpful to say the least um in terms of helping me move my cyber security career forward and also finding my current job in cyber security as a security analyst and with that let's go into an exciting part of this video which is on salaries so an SOC analyst makes on average about ninety six thousand dollars per year based on average salaries from salary.com so this is something that I personally really like about cyber security just because of the fact that there are so many entry-level roles that start you off at such a good salary that is much much higher than the typical than a USB and household income and you couldn't say the same for other roles even in Tech whether you're starting out in data analyst roles or or ux roles or of course depending on where you're living and what your educational background is but personally I think cyber security has some of the best entry-level salaries out there and if you're able to graduate from a boot camp let's say and then and then get a certification like your CSA or your Security Plus and then start off at an entry level SOC analyst role making 90 something thousand dollars per year that honestly sounds like a pretty good deal to me and personally I also think that cyber security is one of the roles and not just in Tech is one of the best jobs out there in terms of job security as well as growth because of the fact that cyber security jobs are just growing at a faster Pace than most other computer-based jobs based on these statistics from the Bureau of Labor Statistics or the BLS as well as the fact that there are going to be 3.5 million unfilled jobs in cyber security there really aren't enough Security Professionals out there and I really think that it's one of the best times to get into cyber security if you've ever been remotely interested and it doesn't hurt the fact that it has really high starting salaries as well as pretty good job security especially considering the fact that even during an economic downturn a cyber security team typically isn't going to be the one that's let go first because even though we may be going through an ongoing recession is so important for organizations to to keep their customers status secure to keep their application secure to have cyber Security Professionals on hand to to manage and triage incidents and I think that really ties back to the job security of an SSC analysts or any security professional in general so hopefully this video gave you insight and background into what an SOC analyst is what they do on a day-to-day basis what certifications you may need to get as well as as well as salary expectations thank you guys so much for watching and if you have any questions about anything we've discussed in this video please feel free to drop them in the comments below and I'll try my best to get back to you as soon as I can thank you guys so much for watching and if you like this video please give it a thumbs up subscribe and turn on post notifications episode every Wednesdays and Sundays at 12 p.m also let me know in the comments if there's any other videos that you would like to see from me in the future and hopefully I'll see you guys in my next video bye [Music] thank you

Info

Channel: Sandra Liu

Views: 22,250

Rating: undefined out of 5

Keywords: what does an soc analyst do, how to become an soc analyst, how to become a soc analyst, soc analyst, cybersecurity, cyber security, soc analyst jobs, infosec, women in security, security, security analyst, cybersecurity careers, it careers, how to get into cybersecurity, What does a soc analyst do, SOC, information security analyst, cybersecurity 101, cyber security jobs explained, cyber security jobs salary, how to get into cybersecurity without a degree, what is an soc analyst

Id: wH3pt01V5jE

Channel Id: undefined

Length: 12min 55sec (775 seconds)

Published: Wed May 24 2023