skill set needed to work successfully in a soc
TRANSCRIPT
WHAT IS A SECURITY OPERATIONS CENTER?
• An organization for computer network defense. Used to defend a computer
network against unauthorized activity.
• There are many other names and organization for this role such as
• Computer Security Incident Response Team (CSIRT)
• Computer Incident Response Team (CIRT)
• Computer Incident Response Center (CIRC)
• Computer Security Incident Response Center (CSIRC)
• Security Operations Center (SOC)
• Cybersecurity Operations Center (CSOC)
EXPOSURE TO IT SECURITY STANDARDS
• Extensive IT Security and incident response handling experience
• NIST SP 800-61 Computer Security Incident Handling Guide
• SOC SOP and procedures
• Agency SOC procedures
“Real Knowledge is knowing the extent of one’s ignorance”
UNDERSTAND THE LIFESTYLE AND DEMANDS OF SOC
• Daily operational needs
• Always be ready for the next incident
• Live in the present, past is not important
• Not a project based lifestyle, live in the present
• Are you ready and able to do shift work
• Operations oriented
• Waiting for the bad guys to attack
• Fast changing environment
• Constant learning
• Difficult to live with for most people as it difficult and high energy demands.
WHAT DOES A TIER 1 SOC ANALYST DO?
• Observe SIEM logs and other analytic senor data points.
• Curious about everything
• First line of defense in the SOC
• Put in the trouble tickets
• Keep awake and have good customer related skills
• Sometimes have to do above and beyond in times of need
• Everyone starts in a SOC at tier 1
• Most SOC managers want you to start at tier 1 to learn the ropes and SOC
processes
• You will learn security and get a wide range of security experience
WHAT DOES A TIER 2 SOC ANALYST DO?
• More responsibility
• More research
• More visible
• Developing a solution set for tier 1 analysts
• Managing the tier 1 analysts
• More analysis and checking for patterns of malware
• Work on analyzing the intrusion detection patterns
• Automate repetitive tasks via scripting or automation language
• Create shortcuts
• Need to have decent programming skills, security knowledge and curious
WHAT DOES A TIER 3 SOC ANALYST DO?
• Master of a particular security area
• In-depth knowledge and experience in multiple areas of security
• Usually have advanced security certifications like OSPF and SANS training
• Work as hunters, hunting for the malware path and removal
• Forensic analysis of memory, hard drive and session traffic
• Most elite role in the SOC
• Highly sought after security experts
NEED MORE INFORMATION
Read Carson Zimmerman excellent book on Cybersecurity Operations Center