By Saira Hassan, SOC Analyst at Novacoast
Cyber Security is dependent on many different teams working together. It’s a very diverse field of penetration testers, legal analysts, data protection specialists and many more. SOC analysts are on the blue teaming side, which focuses on defending and protecting a network. They are the front line for protecting businesses!
What a typical day looks like
As a SOC Analyst, I assist a wide variety of businesses in keeping their network and assets safe from malicious activity. The SOC in my job title stands for the Security Operations Center. My primary responsibility is to monitor network traffic, logs, and security alerts to identify potential attacks. We then analyse the breach to reach the root cause using tools such as LogRhythm, Splunk, Carbon Black and Wireshark. Often, I get to see and investigate real-time attacks which can be very exciting!
In the event of an attack, my role is to dig into the network logs and events to try and piece together what happened, the scope of the attack and how the attacker is moving through the network. This is then reported to the client, so they can work with our analysts to take remediation steps.
A key skill is knowing when to escalate an event, and when something is a false positive. To help with this, we liaise with clients and use a tailored approach – with time, we become familiarized with what is and isn’t normal for a particular client’s network.
We are constantly monitoring, so I am also tasked with updating incoming analysts on what to expect in a client’s environment. This allows us to monitor and respond more efficiently.
How I got into cyber security
I study computer science at the University of Manchester, and I started getting involved with the Cybersecurity society. I attended many workshops and labs on topics like malware analysis and reverse engineering, which inspired me to start participating in CTFs. I then decided to seek out an internship opportunity to gain some real-world experience. When I applied for my first SOC analyst role, I had no experience but was very keen to work in the field. The most important thing is enthusiasm, and the willingness to learn!
Main challenges faced
Being the frontline defence for networks can be quite overwhelming sometimes, especially when you have a flood of information to analyse! However, with time and experience, you will develop your own methodology for investigating. The infosec community is also an amazing resource – there are many courses and labs online that will help you become a great analyst.
Key skills and knowledge needed for the role
SOC analysts are primarily monitoring networks, so having basic knowledge about networks and network protocols are vital. It’s also useful to have knowledge of basic attacks, which the MITRE Attack Framework and OWASP Top 10 cover really well. One thing that helped me become a better analyst was gaining some red teaming skills through CTFs. This familiarised me with common attack techniques, making me more proficient at identifying them in client networks.
On many occasions, you will be taking a deep dive into network logs to piece together information for a case, so having an analytical mind is very important. As you will be working in a team and reporting these events to clients, you also need interpersonal and communications skills, especially since you may be explaining these events to non-technical people.
Keep up with the latest exploits and vulnerabilities, as you will have exposure to them on a daily basis! Cybersecurity is a fast-paced field, so being willing to constantly learn new things is essential.
Why should you get into cyber security?
The ever-expanding scope of cybersecurity presents near-unlimited learning opportunities and unmatched career growth. As new challenges are popping up all the time, you will have the opportunity to work with a multitude of technologies, systems and people. Most importantly, your role will have a positive impact on both the digital and physical world! If you are interested in getting into Cyber Security, CyberPRO is a leading provider in Cyber Security apprenticeships.