What Does It Take to Become a SOC Analyst?
SOC analysts (SOC stands for “security operations center“) are a key part of any security organization, including ours here at ReliaQuest. We’ve seen a lot of questions floating around the internet lately about what SOC analysts do, how to become a SOC analyst, and whether you need experience to become a SOC analyst.
To find out, we figured who better to ask than our own Vice President of Incident Response, Chris Weckerly? We sat down with Chris and asked him to give us the inside scoop about how someone can become a SOC analyst and what we look for when we’re hiring SOC analysts at ReliaQuest.
Thanks for helping us out, Chris! Tell us a little about yourself.
I’m the Vice President of Incident Response at ReliaQuest, a cybersecurity company making security possible for its customers through their security operations platform, GreyMatter. Over the last 7 years, I’ve worked in several different leadership positions in the Security Operations Center.
|Chris Weckerly, VP of Incident Response|
What is a SOC analyst and what does a SOC analyst do?
A SOC analyst investigates potential cybersecurity threats detected and reported. The analyst examines traffic and logs to determine what is expected and unexpected. The analyst is also responsible for remediating potential threats. This varies depending on technologies and threats.
Do you need a degree to become a SOC analyst?
You don’t need a degree to become a SOC analyst, though a degree can help show several characteristics such as commitment and focus.
Realistically, the most important factor for becoming a SOC analyst is a passion for security and computers. The natural intuition that comes along with that passion is the desire to continue to learn more. That means you will continue to dig in and learn more on your own.
Are SOC analyst trainings or certifications helpful?
Certifications and classes can help you continue to grow and provide additional skill sets that you didn’t previously have, but a continual drive to learn more, have a home lab, and get hands-on is the best way to become a SOC analyst.
Do you need cybersecurity experience to become an entry-level SOC analyst? Is it true you need a coding/technical background?
It isn’t true that you need experience to become a SOC analyst. Experience can be useful but, again, you can learn on your own. You need to have an understanding of the principles of security and be able to practice using those principles through home networks and online practicum.
You do need to have a technical background, though, as it establishes a foundation for a lot of the granular items that you come into contact with daily as an Analyst.
What does someone need to do to become an entry-level SOC analyst?
To become a SOC analyst, an individual should be passionate about cybersecurity. That passion drives an individual to continue to learn more about computers and security through items such as setting up home labs, working through online CTFs, and working to understand toolsets used by blue teamers and malicious actors.
What traits make a great SOC analyst?
Traits that make a great SOC Analyst are determination, inquisitiveness, thoroughness, creative thinking, and recall capabilities. The best SOC analyst wants to understand why something happens the way it does and how it works. They aren’t satisfied with just responding to an event but rather want to fix and remediate issues that occur. They ask questions and seek answers until they find them. They also don’t limit themselves to only growing at work or in their job. Security is an ever-changing field, and if you don’t continue to expand and grow, you will fall behind. An analyst needs to enjoy their job.
What’s the difference between SOC Tier 1 and Tier 2?
At ReliaQuest, there isn’t much of a difference between T1 and T2. It usually is indicative of the knowledge and the work an analyst can do. They focus on critical investigations, customer requests, training, and more outside of their normal responsibilities like TIER 1 Analyst.
What makes the SOC analysts at ReliaQuest the best at what they do?
Similar to the traits that make an Analyst great, an Analyst here at ReliaQuest is best at what they do when they continue to seek an understanding of what they are reviewing/triaging. This means they are constantly learning, growing, and getting that experience. ReliaQuest is a fast-paced environment, and there are always new opportunities that you may not have experience with. Individuals that jump into situations that they may not have ever done before are the ones that we see grow the most.
How does ReliaQuest support the career/skills growth of its SOC analysts?
ReliaQuest is a training company. With the experience that you get working on different incident types, working alongside some of the best security individuals in the field and learning objectives, an analyst will see tremendous growth. You gain skills that will help you excel here at ReliaQuest, whether you stay on the analyst team, move to the threat hunting team, or possibly the engineering or detection team. You will become a security expert with a constant focus on individual growth while working with your shift lead weekly to identify areas of growth and what you need to continue to work on.