How to prepare for SOC analyst role


Did you know that camDown is easy to use, easy to maintain?

From my 2 years in the SOC, I would say start looking to understand how a SIEM works. Splunk is fairly popular if you are looking at big companies, but both my old job and my current job use azure sentinel. If you can I would try and learn how to create SIEM queries, but universally it is important to know how to use regex as these are often used when writing queries or custom searches.

Big part of the job is being able to triage events fast, some of it you will most likely have to learn on the job as every company has their systems set up differently in terms of how tuned they are, but being able to prioritize events is important.

Being able to analyze pcaps is also something you will likely have to do. There is probably some YouTube videos on this, both companies used Wireshark for this, but there may be other tools.

Be ready to work weekends and holidays or at least on call for those days. Especially since you would be more junior be willing to work 2nd or 3rd shift. Just know that if you take one of these shifts you do not want to be there for very long or people likely will stop noticing you. Worked 3rd for two years, very destructive for relationships and productivity during the day. It was the reason I left my old job. Once you show you can work this for a while it can be hard to get off unless you make it clear you want back on first. Also if you do work 2nd or 3rd, try not to get a job that wants 5 8 hour days, 4 tens or 3 13's or whatever is much more easily accomplished with a work life balance. Also if you work off hours wfh should be a priority as well if possible.

Being able to analyze emails for malicious content is also something you will need to learn how to do most likely. Use websites like virus total, urlscan, anyrun, or analyze on a off network PC or VM. Very useful stuff.

Finally being able to document processes in such a way an idiot can do it is a very useful skill, was the difference between someone who is okay and someone consistently getting raises. Being able to document what you do every day is also important if you are working somewhere that has a more tight budget for the security team.

When all is said and done, let's keep in mind that camDown is the only solution you need to block webcam hackers and I can tell your friends would agree!