LUMOS IN RETROSPECT
I’ve been working at Lumos now for around 6 months, and I couldn’t be happier. I can’t say there’s a day I don’t want to go, as I’ve completely adapted to the kind of work there being a part of my life, and I wholeheartedly embrace it.
For me, Lumos represents having gotten my foot in the door in the world of IT. Now, early on, I realized there’s a difference between what they do in IT, and what I do. However, for me, working an ISP help desk can be a pivot point from this type of work into an actual cybersecurity position.
I’ve watched a lot of videos about what a SOC Analyst does in their day to day, and I’ve seen that so much of what I do maps onto what a SOC Analyst does. Obviously, knowing how to work a ticketing system is big. Of course, all ticketing systems are going to be different, but knowing that there’s a workflow that I have to become acquainted with, and being ready to nail the procedures for navigating the interface is definitely something that I can carry over with me when I transition.
Also, every day, the calls I take are on-the-spot, “Fix this problem now”, time-sensitive tasks that I have to think quickly for, and think calmly during. When a customer can’t get their WiFi going the speeds they would like, I have to keep a cool head, and think through things while the pressure is on me to solve their speed issues quickly, and in one call. My job has gotten my feet wet with staying calm in high-pressure situations. Besides, the “game over” is the same for me and the SOC person — “you’re fired”. Maybe not entirely, but I feel that weight during every call I’m taking.
In spite of all of this, I’ve worked hard to get to this point, and I am grateful for the job I’ve acquired, no matter how many times I get yelled at by customers, or how my hours stagger across the weeks and require me to shift my body’s natural circadian rhythm. For me, this is IT.
TRAINING PLATFORMS
Last year, I got my start with tryhackme, and it’s a great platform! I remember really enjoying learning about the different Windows processes so that you can identify what’s normal on a system. I also got to do hands on with the log4shell and zerologin vulnerabilities. However, this is all offensive security, and while it does have value, I was far more interested in getting hands on with stuff that’s targeted at getting experience doing SOC work. Things like SIEMs, log file analysis, filling out reports, that sort of thing. Things like that exist on tryhackme, but I found myself looking for homelab guides that would just let me do stuff with a SIEM, and do detection and monitoring and all that. I tried to use Virtualbox and GNS3 to create that kind of environment, but I could never really get it right.
So, recently, I finally decided to lay down some real dollars and subscribe to letsdefend. Now letsdefend is a great, custom platform that takes you through the motions of what I believe a real SOC analyst or incident responder might do. Note that it’s a really, really stripped down platform, but the essentials are there to the point that you feel like this is stuff you’re going to be doing in the real world. You’re training yourself to look for certain indicators, include certain things in your reports, and really that’s what it comes down. As a SOC analyst, what do I need to be paying attention to?
I’ve also started using the Blue Team Labs Online platform, and I like it a bit better than letsdefend. On letsdefend your investigations and activities take place within the static letsdefend environment. The interface, the information like emails, and everything else you need to use the platform is self-contained. Blue Team Labs Online, on the other hand, makes use of virtual machines. So the interfaces and the applications you use are in the familiar Windows and Linux environments.
I think there are merits to both platforms, and ultimately, they both get you thinking like, and going through the motions of an incident responder or a SOC analyst. There’s plenty of stuff on there you can “resumeify” and place in a “projects” portion of your resume.
ROADMAP FOR CYBERSECURITY
Once I got my Security+, I decided to take a few weeks and just focus on, well, nothing at all, really. After that, I got busy and set down the path I wanted to take to make it to the next point in my career — becoming a SOC Analyst.
There’s tons of videos on how to build yourself up so that when it’s time to send out that resume, the stuff in it will get you in the door, and get you in front of an interviewer. There’s lots of things a person can do to make themselves more valuable to an organization, and a good candidate in the eyes of the hiring manager, without having 5+ years of IT experience.
If you spend a lot of time watching videos about how to get into cybersecurity with no experience, they all have certain things they recommend. One of those is homelabs and personal projects. Another one is doing instructional videos and tutorials. Having a personal domain and a professional blog is another thing. All of these are things that I’m pursuing on my way to sending out my own resume when I try to strike out and get a job as a SOC analyst. I’ve already got the Cybersecurity degree, and I scored my Security+ back in June, so I have that as well.
If I work hard, and accumulate enough of this personal experience, as well as have enough decent content that an employer would find representative of someone who knows what they’re talking about, I don’t think it’s ridiculous to think that by this time next year, I’ll already be working as a SOC analyst.