SOC ANALYST PROJECT PLAN
Projects are the things that will make you stand out on a resume when you’re shopping for a cybersecurity position. Every influential YouTube cybersecurity person I watch recommends projects to put on your resume. It makes absolute sense. If you have no real world, on-the-job experience in cybersecurity, projects can show that you know what you’re talking about. An interview, can go so far, and you can certainly demonstrate knowledge of those subjects, but a project and a related walk through or YouTube video can really show you understand the subject matter, and that you know what you’re doing. It shows you’re capable of learning and applying complicated technical ideas.
So, I knew, a long time ago, that it’d be necessary to get hands on with something like a SIEM, or maybe EDR, or maybe even an IPS. The only thing I really knew about at the time was Splunk. However, in the months since I began thinking about doing resume building cybersecurity projects, I’ve found out about a whole lot more tools that I should be acquainted with.
So, like I wrote about above, I’m spending the month of October focusing on LimaCharlie, then the month after that, working with Splunk, then perhaps Security Onion in December, and so on.
HELP DESK SKILLS THAT ARE TRANSFERRABLE TO THE SOC ANALYST ROLE
I’m not a SOC Analyst, and the only window I have into being a SOC analyst is what I see on YouTube, and read about on places like Medium and LinkedIn. Being in help desk, I’ve found that there are a lot of fundamental skills that I consider to be transferable to the role of SOC Analyst. Even if these skills aren’t the domain specific technical skills (like using a particular SIEM) I’ll need as a SOC Analyst, they are skills that support the more involved and role-specific skills I think a SOC Analyst has.
For instance, ticketing systems. I remember when I started working at Lumos, a ticketing system was a new thing to me. It took me over six months to really get a good workflow going with the particular system we use. There’s all sorts of ways you can be efficient in that ticketing system in order to quickly create tickets, assign values, and navigate through the different fields and menus. Having this kind of insight into a ticketing system, means I’m going to sit down, whenever I get a job as a SOC Analyst, and I’m going to look at whatever ticketing system I’m using, and apply that same approach to becoming efficient on that system. The fields, entry pages, and associated values will all be different, but, that insight into knowing where to direct my energy, that will be transferable.
How about working under pressure? A SOC Analyst has to look for alerts, and determine if they need to be passed on to the higher tier analysts, and they need to be quick about it. Working help desk, I take calls from customers, and I don’t know what their issues are, but I better be ready to listen for particular keywords and phrases, or if they’re not precise about what the issue is, I need to be ready to decode that. I have to be able to look for my own false positives so I can say, “This isn’t something we need to look into.” And I have to do this all within the course of one phone call. Ideally, that is. It’s not perfect, but the pressure is there. The customer wants the problem solved now, and when they tell me what it is, they expect me to know where to go, what to look for, and how to properly diagnose and remediate the issue. I have those expectations riding my back, and that alone is a skill that can carry over into being a SOC analyst.
I’m sure there are other skills, but ever since I’ve been working at Lumos, and looking into what SOC Analysts do on the day to day, I see the similarities between what I do and what they do, and I see how what I’m learning in a simple help desk role, will provide great value and prepare me to step into the role of a SOC Analyst.