If you'd like to see what the worst day in the life is like, please consider checking out my follow up video: ruclips.net/video/PxJmjPcEaOM/видео.html You may or may not be pleasantly disappointed 😅
You have no idea how thankful and fortunate I am that you made this video. You are amazing! You explained everything so well and still gave an idea what is involved on a day to day basis without showing any private information. I am in the process of trying to do what you are doing and this was so helpful! Please make more videos like this! Thanks again! 🙏
Thank you so much! I'm glad to hear it helped! 😊 I'll definitely be doing another video with a break down of a malicious incident/alert. Maybe a few more using different tools in the environment 🤔
As a Security Analyst on Incident Response I can say we also do a lot of this on our lower tiers with Alert Monitoring. Though the tools may differ, the processes for finding and reviewing evidence and the thought processes and methods behind it don't change. It gets much easier with experience :)
I just wanna say that you have officially made me decide that cyber security is what I want to do. I love the investigative work involved and you can easily tell how you break it down in a certain pathway. I can’t thank you enough brother, definitely a sub from me!
Thank you for the information and insight as a SOC analyst. Not boring at all and I 100% agree that it's much better than dealing with end users in helpdesk/service desk jobs. I got my first experience in helpdesk to get my foot in the door in IT/Tech and god it is soul sucking. It's like being butterbot from rick and morty. "What is my purpose?" "You reset passwords." "oh god.." lol
I have a disability that prevents me from crawling under desks and lifting installing equipment so desktop support is out and you are right helpdesk is soul sucking. I worked as an analyst supporting a system and they were constantly pushing updates that broke it or changed UI and I would have to address tickets that basically said, change it back. uh no thank you. CS is definitelt the way to go and SOC is one career path to get foot in the door.
Graduating soon out of school for cybersecurity, and it's good to know that a lot of what we were taught is going to be used exactly the way we were taught. Great information on the day-to-day stuff, it really puts my mind at ease! I really hope the job is as chill as you describe it because my current job is stressful enough as it is lol
This is actually really helpful, it gives me the confidence to keep going for a SOC position as alot of what you described i know how to do. Thank you.
Thank you!! 🙂 Make sure you double down in school on the field within cyber security you want to do. I didn't and kind of just studied to pass my classes 😅 I'm glad to hear it helped!!
@@juice8431 CS is entirely coding, which is fine is you like doing nothing but coding 😅 I switched to cyber sec after taking a few specific cs classes and realizing I didn't want to be coding all day and after seeing the field gets good pay as well. I wouldn't say CS is better, it's...different?
@@madhatistaken I thought you could get into cyber sec with a traditional CS degree. But I guess it makes sense if you want really focus on that one particular field of profession
I am a SOC analyst myself, I find in doing many alerts, you can kinda feel if it’s malicious or not from the beginning of just the details provided. Ofcourse you have to do more research to make sure you are correct. Also malware analysis is fun to do if you have free time!
Sometimes, I find myself finding nothing and getting mad because I have a feeling something is malicious, and I just can't find the smoking gun. Nerve racking job sometimes 😅
Completely agree with this. You can clear alerts much quicker once you've seen them 100s of times before. The most annoying thing is having to close them over and over while you get rule changes approved.
Thank you for watching! I have an endless supply of examples 😅 So definitely can release more in depth breakdowns. Maybe a malicious alert next time...
This is awesome. There is lots of talk out there about what SOC analysts do that are not exactly enlightening - including an article that made it seem like you need an IQ of 150 you do the job… This was very realistic. Thank you!
I appreciate you showing us this, as I'm also getting into cyber security and all that😖 what right seems to me overwhelming at the moment... You got a sub from me so please continue making more awesome educating videos🤙and again thank you.
This video was posted 11 months ago and I can't thank you enough for it! I'm making a complete career change but only because I can finally have the flexibility (time), to put in the effort! I've been challenged with making the choice of which pathway in Cybersecurity to take and you have made SOC fun to watch and motivating for me to pursue!!!! THANK YOU SO MUCH! Do you have any videos to show the pathways to getting into, and becoming a SOC Analyst? #sothankful
Bro you really hit home with that call karen stuff. I graduated in Networking Engineering and I got a job 10 years ago as tech support. Literally the worst job in human existence.
commenting for the algo, but also this was really insightful for me. i'm on week 3 of the coursera/google course and trying to absorb as much cyber security content as i can. cheers
I’m assuming that you still play wow (vid is a year old now, but nobody ever really stops playing wow). I also see that you play arms in 3s. Would you be interested in picking up an additional dps? It would be fun!
Thanks for the video! It was very thorough and informative. Just curious, you mentioned you were new to the role here. Did you find that to be a challenge to learn while doing it remotely? And did you have any prior IT experience?
Checking on your channel and videos, amazing to the point content. You are really helping me to make a decision on what to focus my career on. Btw, do you play WOW as a daily basis for the SOC as well? My Horde characters need some love haha
Glad to hear some of it's helpful! I used to play at the beginning of the xpac, but as is the usual for the last few xpacs I quit 1 or 2 seasons in lol
Hey man love the content but what SIEM tools did we need to know for SOC analyst and instead of the SIEM tools now is learning Maltego better since it's better utility
Thank you for watching! 🙂I think you can learn any siem tool to get a general understanding of how they work and how to read through logs. Splunk is very popular and their formatting for queries is used in a few other products you might encounter in the field. I'd say learning SIEM is still very much necessary because even if there is a better new solution, it has to be setup and adjusted which takes time, money, and it's tough to justify the cost to the "heads" of a company. In other words, SIEM is still going to be around for a good while before new and better tools get put in, so learn both? We're always learning 😅
Our SLAs vary by incident severity. I believe highs are max 4 hours, mediums are 24 hours and lows are 48 hours. The strictness is almost like a good faith effort it seems. The security team is not a 3rd party company but a part of the company so we're not fighting to compete with company contracts like my last job with a MSP. So, if something comes in and has some serious red flags, it's an all hands on deck situation where everyone is brought in to figure it out. The strictness of the sla's haven't been an issue while I've been here probably because I started when security tools and automation were setup to allow alot of freedom to learn and innovate. I'm spoiled 😅
Thanks for sharing this! Can you say how long it took you to confidently discern what is normal activity per user/department? Or is that an ever-evolving and always moving target?
My confidence level is usually determined by how much proof I can dig up to support my determination. I've often brought in other analysts to take a second look when I wasn't able to find enough to be certain enough to decide. My confidence is definitely a work in progress and as you said will probably be ever-evolving, especially given I'm fairly new to the position and tools still. Normal behavior per user is also just one facet of the investigation, as a lot of times I have no clue why a user in a certain department is for example installing some random plug in tool. I see the expected behavior as a first step to determine how serious something could be as I start the investigation, so if there's a receptionist installing a program that does nothing related to scheduling and is way off base like Visual Studio Code then I know I'm in for a potentially compromised computer early on. I hope that makes sense 😅
Thanks for the video, this was great! I'm looking into getting training in the field and am a little flustered on where to go/what's trusted. Do you have any advice on this? Thank you in advance! Keep the solid vids going ✌🏼😁
There's tons of free resources online for self learning TryHackMe, HackTheBox, BlueTeamsLabs, Cybrary, etc. Depending on how much IT knowledge you already have, you can also self study for certifications like Security+, CEH, or if you're really aiming high the CISSP. You can find extensive youtube video courses for studying for those certs. I've heard of people landing Security Analyst roles with just the Security+ which imo is the easiest one. It can be overwhelming with all the options available but I don't think you necessarily need to pay for courses or bootcamps, although paying for bootcamps might give you incentive to study harder 😅. I've heard mixed things about WGU cybersecurity bachelor's program, but I've also seen success stories from it. I might make a video with a better explanation of where to go to get started. 🤔
@@madhatistaken Thank you plenty for the direction! I really appreciate the info 🙏🏼😁 I'll take a look into the free assets and go from there (I agree that you don't always have to pay for these things, especially in our generation--benefits either way though). But if you get the chance, it's definitely a good idea to do a vid about it sometime--there's a need for transparency in places that can be easy to get lost in.
@@madhatistaken a video with a better explanation and more detail would be greatly appreciated sir. Currently a cybersecurity student at a college and realizing that I need a lot of self learning and have been going through TryHackMe! anything cybersecurity would be greatly appreciated!
@@Nemesis_xo I'll definitely be making a better comprehensive guide for breaking into the field. You've got a leg up on many working on that cybersecurity degree 😃 Make sure you take FULL advantage of any internships the college may offer. Two of my classmates ended up getting hired full time in their internships at pretty big companies right after graduating in 2020.
@@madhatistaken that's awesome for them! sadly there is no intern/co op for my program since it's a 1yr cert I guess that's given me a good foundational knowledge so far, wouldve really loved a co/op intern opportunity though. However tryhackme and RUclips courses have been helping me understand way more. appreciate ur vids!
The CompTIA certs A+, Network+, Security+ are decent starting points. You'll hear conflicting things on them. Some people say CCNA is better than Network+. Some people say A+ is useless, but I say they're all more helpful learning and having than not having them. There's also a blue team specific cert CompTIA CySA+. You don't have to take all the certs in any order. But they do build off one another, so it depends on one's ability to learn the concepts.
My cybersecurity degree taught me a lot of abnormal and hacking behavior, but every business environment is different. The company I work for hired me and another person with training in mind, so I had to learn the tools and baseline behavior of employees. I'm still figuring out what baseline is, but I have senior analysts to ask questions if I find behavior that seems suspicious. My degree taught me how to break into things but my current job taught me how to figure out what breaking into things looks like in a business/enterprise environment.
@@madhatistaken oh thank you for the explanation, so you learned how to in and college and at your job your showed what your hacking. So those commands are universal to every software just different platform. Does the CompTIA Security+ teach these hacking techniques or I have to be pintester?
We have many security software tools (SIEM, EDR, Email filter, etc) in place that generate detections or incidents in their interface that then get sent to our main ticketing software that we work off of. We then pivot to any tool needed in the environment to investigate the alert or incident. Hope that clarifies the process a bit 😅
I'm a SOCK engineer (I mostly work on the tube design, but have been known to help out on the gold-toe team from time to time). I just wanted to say I'm glad we all have totally real titles that are indicative of what we actually do / our capabilities and are not just vague meaningless descriptions made to stroke our fragile egos!
Lol this opened my eyes a bit. I’m a sysadmin for a company where I do this very thing using CrowdStrike all day. Looking through incidents and detections all day, on top of all my other sysadmin responsibilities. Maybe I should ask for a raise 😅
Dude thank you. as some one who is looking to get into CS. Thank you. I'm so sick of this day in the life videos and articles. I wake up and out 8 bananas my smoothie. Then at 820 I do yoga. Fuck off. Like this is the first video I've found. We're I'm like finally some describes the actual fucking work. Now I know it's something I want to looking further. Thank you so much for actual information.
Hey Mad Hat, what are real problems you and your L2 and L3 Analyst face in your day to day work? Is it that you need to jump across several tools for a precise investigation? Is it that you need to investigate into to many false positive? What keeps you and your colleagues really up at night?
Great video @madhatistaken! Might I ask what education path you took to becoming a SOC Analyst? I was considering getting the Google Cybersecurity Certificate from Coursera, but curious if this will be enough to land an entry-level job in the cybersecurity space. Thanks in advance for any insight / guidance / answers you can provide!
I went the college route then worked at a MSSP before landing my current security job. Google cyber course is a good start, but most likely will not be enough if you have no other experience/certs/education/projects to show for on your resume. There's jobs that are VERY entry level, they're just hard to find. While you apply to entry level roles, just work towards more stuff to put on your resume until you finally get that first security job.
At my last job we potentially could investigate things for days if we wanted to. But really alerts should be completed anywhere from 10 minutes to an hour unless more eyes are needed on the alert by other analysts to confirm stuff.
I'm not a part of the red team in the company, but I'm fairly certain we don't have qualified enough people yet to make our own tools/code for testing. We recently outsourced a penetration test and have another one coming up that will be a surprise to our analysts (no set time for the testing as they want to surprise us). Next year is going to be nerve racking 😅
I got them from Costco, I believe the new models for them is www.costco.com/lg-ultragear-32%22-class-qhd-gaming-monitor.product.100793191.html . Not sure if they sell mine anymore.
It's alot slower in Q4, but we're picking back up in alerts. Roughly 10-20 alerts a day that need investigating and 50-100 that get auto-closed and auto-remediated via tool automation.
Varies by company I imagine. Larger companies with robust tech stacks will require less coding and more knowledge of the tools and smaller companies might ask you to help tune existing software's code and implement new software to better suit the company's needs. I will say knowing the fundamentals of coding is important the higher up you go in cybersecurity. After all, we're expected to protect software/ people using the software and we can't do it very well if we don't know how it works 😁
@@madhatistaken def is helpful, just completed a CS degree but this is more what I wanna do so your channel's been giving me lots of good info about what I need to look into and such lol
@@minineji7050 Congratz on the CS degree, you completed what I gave up on 😅 Cybersecurity is just a few extra top level concepts on top of coding, so you'll land a security position in no time with your degree!
This looks terrifying I mean if you mess up it could be really bad how can you get experience for someone that is his first time getting into the field.
We get paid the same hourly for training as working on alerts. I was fortunate enough to find a position that's investing in their employees and providing resources to learn different aspects of security.
For soc analysts i want to know what scripting or programming languages need to learn ? do you work on any cloud tools like aws ? if i have hands on knowledge tools like ArcSight and splunk without certifications can i get into soc roles?
Thank you for watching! I could put together a roadmap that outlines soc analyst skills needed for sure. Maybe something for people who've already done the basics but need to harden their knowledge and terminology on incident response 🤔
Hacking certs will set you apart if you have other blue team based certs, but if all you have is hacking vs someone coming in with all blue team then it's considerably more difficult to get into that first interview I'm sure. Hacking certs provide training into subject matter that relates to blue team concepts, understanding how hackers work is integral in our job and investigations so it can only help, but you should still pursue blue team certs if that's the job you're going after. Hacking certs are red team but overlap with blue team concepts and vice versa. A good red teamer can blue team and vice versa. Sooo, learn everything you can!😅
@@madhatistaken thank you very much , at the end of the day just learn as much as u can which makes sense for the field! When it comes to Networking skills what level do we have to be to be considered great aswell? Is network+ enough or ccna? Just wondering since networking is key in the internet Thank you very much answering my question, i really appreciate it!
@@7ripachikita I've heard conflicting opinions, but CCNA teaches a little bit more configuration information that could prove useful in a cyber career, however imo Network+ should be more than enough to get your foot in the door. You have to know IPv6, IPv6, mac address, routing protocols, etc. because as you said that's the internet and how bad actors infiltrate systems. So constantly learning more about networking is going to make you a better security professional because you'll understand potential vulnerabilities better on a network and where to look for potential breaches or worst how someone was able to get in. I guess it's difficult to gauge what level someone is "great" at networking because you can be a cisco professional and know loads about configuration on a cisco device but that doesn't mean they're better at networking than say a seasoned penetration tester who wouldn't be able to configure or troubleshoot a cisco device because they didn't memorize how they work. I hope that's not confusing and helps some 😅
@@madhatistaken its crystal clear , thanks for all this gold info , last question, any books u recommend for networking and cyber security ?? Study guide or not i would really appreciate it! Or even videos on YT/ITProTv/Udemy? Thanks for all you do!
If you'd like to see what the worst day in the life is like, please consider checking out my follow up video: ruclips.net/video/PxJmjPcEaOM/видео.html You may or may not be pleasantly disappointed 😅
You have no idea how thankful and fortunate I am that you made this video. You are amazing! You explained everything so well and still gave an idea what is involved on a day to day basis without showing any private information. I am in the process of trying to do what you are doing and this was so helpful! Please make more videos like this! Thanks again! 🙏
Thank you so much! I'm glad to hear it helped! 😊 I'll definitely be doing another video with a break down of a malicious incident/alert. Maybe a few more using different tools in the environment 🤔
As a Security Analyst on Incident Response I can say we also do a lot of this on our lower tiers with Alert Monitoring. Though the tools may differ, the processes for finding and reviewing evidence and the thought processes and methods behind it don't change. It gets much easier with experience :)
That's good to hear the skills are transferable if someone wanted to move positions! Thank you for watching!
I just wanna say that you have officially made me decide that cyber security is what I want to do. I love the investigative work involved and you can easily tell how you break it down in a certain pathway. I can’t thank you enough brother, definitely a sub from me!
One of the few accurate day in the life soc work. sweet and concise. Good job!
Thank you for the information and insight as a SOC analyst. Not boring at all and I 100% agree that it's much better than dealing with end users in helpdesk/service desk jobs. I got my first experience in helpdesk to get my foot in the door in IT/Tech and god it is soul sucking. It's like being butterbot from rick and morty. "What is my purpose?" "You reset passwords." "oh god.." lol
I love that analogy 🤣, a part of my soul remains with the MSP I worked at for a year...😅
Exactly how I currently feel, coming close to 2 Years now, I really don't feel like I have it in me anymore :/
This is VERY true. it really is soul sucking--and not in a good way lol
I have a disability that prevents me from crawling under desks and lifting installing equipment so desktop support is out and you are right helpdesk is soul sucking. I worked as an analyst supporting a system and they were constantly pushing updates that broke it or changed UI and I would have to address tickets that basically said, change it back. uh no thank you. CS is definitelt the way to go and SOC is one career path to get foot in the door.
God... you couldn't have worded better; hell desk is SOUL SUCKING.
Graduating soon out of school for cybersecurity, and it's good to know that a lot of what we were taught is going to be used exactly the way we were taught. Great information on the day-to-day stuff, it really puts my mind at ease! I really hope the job is as chill as you describe it because my current job is stressful enough as it is lol
what u do on your current job?
Is it worth going to college for cyber security seeing as I’m graduationg soon and it’s somthing I’ve looked into before
as a mid level support engineer this is awesome. I feel like this is an accurate summation of your job. thanks for sharing.
This is a beautifully succinct example of dealing with a real-word incident. Wish more creators were this efficient with information.
I was a pentester for a year and I feel like this type of day to day may be more up my speed. Thank you for sharing your perspective
Join the blue team! 😅 If you've pentested I'm sure you know more than me!
This is actually really helpful, it gives me the confidence to keep going for a SOC position as alot of what you described i know how to do. Thank you.
I’m in school right now for cyber security, and this was *really* helpful, thank you!
Thank you!! 🙂 Make sure you double down in school on the field within cyber security you want to do. I didn't and kind of just studied to pass my classes 😅 I'm glad to hear it helped!!
Why did you take cyber sec instead of CS? Isnt CS a better degree?
@@juice8431 CS is entirely coding, which is fine is you like doing nothing but coding 😅 I switched to cyber sec after taking a few specific cs classes and realizing I didn't want to be coding all day and after seeing the field gets good pay as well. I wouldn't say CS is better, it's...different?
@@madhatistaken I thought you could get into cyber sec with a traditional CS degree. But I guess it makes sense if you want really focus on that one particular field of profession
Love the wow details addons while answering a thicket. My man.
thanks for doing this, really appreciate this no-frills format
Thank you for watching! Some of my other videos might have frills though 😅
@@madhatistaken haha so I've found out, my kinda frills tho 👌🏽
I just got into school for comptia and security+ thanks for clearing my head I’m more motivated to study now ❤
Dude this is GOLDEN!!!!
You will have a million subscribers in no time if you keep this up. Much love ❤
I am a SOC analyst myself, I find in doing many alerts, you can kinda feel if it’s malicious or not from the beginning of just the details provided.
Ofcourse you have to do more research to make sure you are correct.
Also malware analysis is fun to do if you have free time!
Sometimes, I find myself finding nothing and getting mad because I have a feeling something is malicious, and I just can't find the smoking gun. Nerve racking job sometimes 😅
Completely agree with this. You can clear alerts much quicker once you've seen them 100s of times before. The most annoying thing is having to close them over and over while you get rule changes approved.
I finally found a video that explains what is really done as a cybersecurity specialist. Thank you!
More examples this is amazing. I'm starting my first soc analyst position and I love this
Thank you for watching! I have an endless supply of examples 😅 So definitely can release more in depth breakdowns. Maybe a malicious alert next time...
@@madhatistaken sounds fantastic
Interesting video !! Nice dps with your warrior ;)
Thank you!! I'm mediocre at best as warrior, but much like cybersecurity, it's a long time commitment 😅
appreciate your efforts man,thanks for the information
Great video man , really gave me a insight
This is awesome. There is lots of talk out there about what SOC analysts do that are not exactly enlightening - including an article that made it seem like you need an IQ of 150 you do the job…
This was very realistic. Thank you!
I appreciate you showing us this, as I'm also getting into cyber security and all that😖 what right seems to me overwhelming at the moment... You got a sub from me so please continue making more awesome educating videos🤙and again thank you.
Thank you for watching!! I'll keep trying to make helpful videos as I learn new things, gotta keep learning in this field!
my mans playing fury warrior while writing his ticket. What a g.
Lmao I wanted to see if anyone else caught that
This video was posted 11 months ago and I can't thank you enough for it! I'm making a complete career change but only because I can finally have the flexibility (time), to put in the effort! I've been challenged with making the choice of which pathway in Cybersecurity to take and you have made SOC fun to watch and motivating for me to pursue!!!! THANK YOU SO MUCH! Do you have any videos to show the pathways to getting into, and becoming a SOC Analyst? #sothankful
Great video. I just got promoted to this role. Had no idea wtf id be doing, the video helped as we also use Crowdstrike
Just wanted to say i got a "final onsite interview" for entry level analyst tomorrow.
Thanks for the video.
That's awesome!! Best of luck, you've got this! 😁
Love this! Currently in school for IT and networking but planning on getting my base certs soon as well. Great breakdown!
Go to WGU. You get certs and a degree. I already have two and I am two months in lol.
Glad to hear some part was helpful! Keep studying!
bro need more vids like this ,goated af
Thank you, really cleared everthing up nicely for such a short video as what to expect as I begin my career.
First time watching your vid and I’ve subscribed due to how easy you make things sound! Keep up the good work bro! Your great !❤️
Awesome video. Definitely gave me a good insight on what to expect.
Bro you really hit home with that call karen stuff. I graduated in Networking Engineering and I got a job 10 years ago as tech support. Literally the worst job in human existence.
@3:08 Check out that rogue dps! lol. Thanks for this video.
One of the best day in the life videos I’ve ever seen. And I didn’t even hear about when you had coffee or what you had for lunch 🤣
Thanks. This clarifies a lot.
This video was super helpful, thank you!!!!
Glad it was helpful! Thank you for watching 💚
commenting for the algo, but also this was really insightful for me. i'm on week 3 of the coursera/google course and trying to absorb as much cyber security content as i can. cheers
Start my new SOC Analyst job next month! This was helpful. You have a new sub👍🏾
Hi
I’m hoping I could connect with you. I would be graduating in May and also want a career in SOC analysis.
Always on point and very informative..
Matrix rules 🤛💎💎
I’m assuming that you still play wow (vid is a year old now, but nobody ever really stops playing wow). I also see that you play arms in 3s. Would you be interested in picking up an additional dps? It would be fun!
Thanks for the video! It was very thorough and informative. Just curious, you mentioned you were new to the role here. Did you find that to be a challenge to learn while doing it remotely? And did you have any prior IT experience?
playing wow on the job, i cant believe it :D
SAMEEE. this is a perfect example of a level 1 analyst!!!!
Checking on your channel and videos, amazing to the point content. You are really helping me to make a decision on what to focus my career on. Btw, do you play WOW as a daily basis for the SOC as well? My Horde characters need some love haha
Glad to hear some of it's helpful! I used to play at the beginning of the xpac, but as is the usual for the last few xpacs I quit 1 or 2 seasons in lol
!thank you for this .. subscribed
I can say as a cybersecurity professional in soc, working from home, my world of warcraft is also opened.
For the horde? 😅 Ironic I'd be red
Thanks for this video! I plan to go to school for cyber security in August!!🎉🎉🎉
Was that WoW when you were writing your notes on the situation? 😂 good video
This is part of my job as a cybersecurity analyst
Very cool knowing I’m not the onlybone
Thanks so much for sharing. I work as network adming but want to dive into this stuff. Hopefully be able to work remotely with it one day.
Hey man love the content but what SIEM tools did we need to know for SOC analyst and instead of the SIEM tools now is learning Maltego better since it's better utility
Thank you for watching! 🙂I think you can learn any siem tool to get a general understanding of how they work and how to read through logs. Splunk is very popular and their formatting for queries is used in a few other products you might encounter in the field. I'd say learning SIEM is still very much necessary because even if there is a better new solution, it has to be setup and adjusted which takes time, money, and it's tough to justify the cost to the "heads" of a company. In other words, SIEM is still going to be around for a good while before new and better tools get put in, so learn both? We're always learning 😅
Can you tell at what SLA you maintain and how strict is it?
Our SLAs vary by incident severity. I believe highs are max 4 hours, mediums are 24 hours and lows are 48 hours. The strictness is almost like a good faith effort it seems. The security team is not a 3rd party company but a part of the company so we're not fighting to compete with company contracts like my last job with a MSP. So, if something comes in and has some serious red flags, it's an all hands on deck situation where everyone is brought in to figure it out. The strictness of the sla's haven't been an issue while I've been here probably because I started when security tools and automation were setup to allow alot of freedom to learn and innovate. I'm spoiled 😅
Thanks for sharing this! Can you say how long it took you to confidently discern what is normal activity per user/department? Or is that an ever-evolving and always moving target?
My confidence level is usually determined by how much proof I can dig up to support my determination. I've often brought in other analysts to take a second look when I wasn't able to find enough to be certain enough to decide. My confidence is definitely a work in progress and as you said will probably be ever-evolving, especially given I'm fairly new to the position and tools still. Normal behavior per user is also just one facet of the investigation, as a lot of times I have no clue why a user in a certain department is for example installing some random plug in tool. I see the expected behavior as a first step to determine how serious something could be as I start the investigation, so if there's a receptionist installing a program that does nothing related to scheduling and is way off base like Visual Studio Code then I know I'm in for a potentially compromised computer early on. I hope that makes sense 😅
I work in a NOC at an ISP and this type of work interests me. Would security+ and a blue team cert be enough?
Just wanna say.... i seen WoW in the background whilst typing away on your keyboard. Well played. 😆
Thanks for the video, this was great! I'm looking into getting training in the field and am a little flustered on where to go/what's trusted. Do you have any advice on this? Thank you in advance! Keep the solid vids going ✌🏼😁
There's tons of free resources online for self learning TryHackMe, HackTheBox, BlueTeamsLabs, Cybrary, etc. Depending on how much IT knowledge you already have, you can also self study for certifications like Security+, CEH, or if you're really aiming high the CISSP. You can find extensive youtube video courses for studying for those certs. I've heard of people landing Security Analyst roles with just the Security+ which imo is the easiest one. It can be overwhelming with all the options available but I don't think you necessarily need to pay for courses or bootcamps, although paying for bootcamps might give you incentive to study harder 😅. I've heard mixed things about WGU cybersecurity bachelor's program, but I've also seen success stories from it. I might make a video with a better explanation of where to go to get started. 🤔
@@madhatistaken Thank you plenty for the direction! I really appreciate the info 🙏🏼😁 I'll take a look into the free assets and go from there (I agree that you don't always have to pay for these things, especially in our generation--benefits either way though). But if you get the chance, it's definitely a good idea to do a vid about it sometime--there's a need for transparency in places that can be easy to get lost in.
@@madhatistaken a video with a better explanation and more detail would be greatly appreciated sir. Currently a cybersecurity student at a college and realizing that I need a lot of self learning and have been going through TryHackMe! anything cybersecurity would be greatly appreciated!
@@Nemesis_xo I'll definitely be making a better comprehensive guide for breaking into the field. You've got a leg up on many working on that cybersecurity degree 😃 Make sure you take FULL advantage of any internships the college may offer. Two of my classmates ended up getting hired full time in their internships at pretty big companies right after graduating in 2020.
@@madhatistaken that's awesome for them! sadly there is no intern/co op for my program since it's a 1yr cert I guess that's given me a good foundational knowledge so far, wouldve really loved a co/op intern opportunity though. However tryhackme and RUclips courses have been helping me understand way more. appreciate ur vids!
I saw the Wow running on the other monitor… great video, as a SOC analyst I can concur this is 100% accurate
That was a good catch 😅 it was barely on the screen. Thanks for watching fellow gamer analyst ❤
Nobody’s gonna comment on you playing a warrior in WoW? I love this job already
Warrior main since Wotlk 😅
you have no idea this video just fit nice in time for me to take a bigger role in IT, i am sick of L1 desktop engineer job now...
Saw you were playing WoW. Good man
Thanks for the amazing insights! Could you please recommend some basic certs and where I should start as a complete beginner in SOC?
The CompTIA certs A+, Network+, Security+ are decent starting points. You'll hear conflicting things on them. Some people say CCNA is better than Network+. Some people say A+ is useless, but I say they're all more helpful learning and having than not having them. There's also a blue team specific cert CompTIA CySA+. You don't have to take all the certs in any order. But they do build off one another, so it depends on one's ability to learn the concepts.
Which cert or course teaches you these steps or they train you for it?
My cybersecurity degree taught me a lot of abnormal and hacking behavior, but every business environment is different. The company I work for hired me and another person with training in mind, so I had to learn the tools and baseline behavior of employees. I'm still figuring out what baseline is, but I have senior analysts to ask questions if I find behavior that seems suspicious. My degree taught me how to break into things but my current job taught me how to figure out what breaking into things looks like in a business/enterprise environment.
@@madhatistaken oh thank you for the explanation, so you learned how to in and college and at your job your showed what your hacking. So those commands are universal to every software just different platform. Does the CompTIA Security+ teach these hacking techniques or I have to be pintester?
So informative ! I'm in my late 20s basically lol and Im going back to college to maybe in cyber security this fall ! Wish me luck
How do u even get the expeieence to do this ?
Where do these "alerts" come from? SIEM or another platform?
We have many security software tools (SIEM, EDR, Email filter, etc) in place that generate detections or incidents in their interface that then get sent to our main ticketing software that we work off of. We then pivot to any tool needed in the environment to investigate the alert or incident. Hope that clarifies the process a bit 😅
I'm a NOC engineer and this is same from what I do in my work but focus on network side
We're living the dream fellow analyst ❤
I'm a SOCK engineer (I mostly work on the tube design, but have been known to help out on the gold-toe team from time to time). I just wanted to say I'm glad we all have totally real titles that are indicative of what we actually do / our capabilities and are not just vague meaningless descriptions made to stroke our fragile egos!
i wanna work on this domein
It's lots of fun! 😅 At least I think so....
experience is king, just have to manage how to get in
This video is awesome! Thanks for a glimpse into what a SOC analyst does!
Thank you for watching! 💚
Lol this opened my eyes a bit. I’m a sysadmin for a company where I do this very thing using CrowdStrike all day. Looking through incidents and detections all day, on top of all my other sysadmin responsibilities. Maybe I should ask for a raise 😅
Dude thank you. as some one who is looking to get into CS. Thank you. I'm so sick of this day in the life videos and articles. I wake up and out 8 bananas my smoothie. Then at 820 I do yoga. Fuck off. Like this is the first video I've found. We're I'm like finally some describes the actual fucking work. Now I know it's something I want to looking further.
Thank you so much for actual information.
Hey Mad Hat, what are real problems you and your L2 and L3 Analyst face in your day to day work?
Is it that you need to jump across several tools for a precise investigation?
Is it that you need to investigate into to many false positive?
What keeps you and your colleagues really up at night?
Great video @madhatistaken! Might I ask what education path you took to becoming a SOC Analyst? I was considering getting the Google Cybersecurity Certificate from Coursera, but curious if this will be enough to land an entry-level job in the cybersecurity space. Thanks in advance for any insight / guidance / answers you can provide!
I went the college route then worked at a MSSP before landing my current security job. Google cyber course is a good start, but most likely will not be enough if you have no other experience/certs/education/projects to show for on your resume. There's jobs that are VERY entry level, they're just hard to find. While you apply to entry level roles, just work towards more stuff to put on your resume until you finally get that first security job.
in around how long are you expected to get an incident response like this done?
At my last job we potentially could investigate things for days if we wanted to. But really alerts should be completed anywhere from 10 minutes to an hour unless more eyes are needed on the alert by other analysts to confirm stuff.
@@madhatistaken thank you so much for your quick response.
What laptop would you recommend to learn how to do this (soc analyt). I have a MacBook Pro 2021
may i ask what are the salary ranges for that kind of job ?
Im also a soc analyst for an MSSP and that is basically how my job goes too!
#blueteamrocks 😅
How many tools for pen testing are tools made by your team?
I'm not a part of the red team in the company, but I'm fairly certain we don't have qualified enough people yet to make our own tools/code for testing. We recently outsourced a penetration test and have another one coming up that will be a surprise to our analysts (no set time for the testing as they want to surprise us). Next year is going to be nerve racking 😅
What monitors do you use?
I got them from Costco, I believe the new models for them is www.costco.com/lg-ultragear-32%22-class-qhd-gaming-monitor.product.100793191.html . Not sure if they sell mine anymore.
Help desk to Cyber securiry analyst in 10 months at my company.
How many alerts or alarms would you get a day?
It's alot slower in Q4, but we're picking back up in alerts. Roughly 10-20 alerts a day that need investigating and 50-100 that get auto-closed and auto-remediated via tool automation.
@@madhatistaken oh nice
Quick question: how important is coding for cybersecurity?
Varies by company I imagine. Larger companies with robust tech stacks will require less coding and more knowledge of the tools and smaller companies might ask you to help tune existing software's code and implement new software to better suit the company's needs. I will say knowing the fundamentals of coding is important the higher up you go in cybersecurity. After all, we're expected to protect software/ people using the software and we can't do it very well if we don't know how it works 😁
silver ticket gold ticket handshake exploit?
I'm not at liberty to confirm nor deny 😅
I have an interview for a SOC analyst job coming up any tips?
Great video this is useful information
Thank you!! I'm trying to make helpful stuff 😅
@@madhatistaken def is helpful, just completed a CS degree but this is more what I wanna do so your channel's been giving me lots of good info about what I need to look into and such lol
@@minineji7050 Congratz on the CS degree, you completed what I gave up on 😅 Cybersecurity is just a few extra top level concepts on top of coding, so you'll land a security position in no time with your degree!
I see you writing your verdict to soar's command field xD sneaky.
This looks terrifying I mean if you mess up it could be really bad how can you get experience for someone that is his first time getting into the field.
can u say your journey on getting this job ?
Real question is was that retail or classic wow ?
Retail 😅 I only started playing in wrath. Pretty much play each xpack for a few months then quit
Do you work Monday - Friday?
I sure do. Plus on-call rotation every couple months.
Funny, I also have wow and xsoar up when "working from home" haha
Hi, do you get paid while doing training stuff or Is it a little less money?
We get paid the same hourly for training as working on alerts. I was fortunate enough to find a position that's investing in their employees and providing resources to learn different aspects of security.
Kindly do a video on how to startup in cybersecurity on the forensics end🙏🏽🙏🏽
I can add to the list of video ideas 😅 Thank you for the request and for watching!! ❤
For soc analysts i want to know what scripting or programming languages need to learn ?
do you work on any cloud tools like aws ?
if i have hands on knowledge tools like ArcSight and splunk without certifications can i get into soc roles?
Thank you for everybody to allowed this to get in my algorithm 🤣😤I’m very excited to become one soon
hey thanks for the content…
any chance do you post a roadmap to be a good soc analyst ?
Thank you for watching! I could put together a roadmap that outlines soc analyst skills needed for sure. Maybe something for people who've already done the basics but need to harden their knowledge and terminology on incident response 🤔
Do hacking certifications can help get into a soc position or certificates like sec+ cysa+ and cissp help more since they are blue team based?
Hacking certs will set you apart if you have other blue team based certs, but if all you have is hacking vs someone coming in with all blue team then it's considerably more difficult to get into that first interview I'm sure. Hacking certs provide training into subject matter that relates to blue team concepts, understanding how hackers work is integral in our job and investigations so it can only help, but you should still pursue blue team certs if that's the job you're going after. Hacking certs are red team but overlap with blue team concepts and vice versa. A good red teamer can blue team and vice versa. Sooo, learn everything you can!😅
@@madhatistaken thank you very much , at the end of the day just learn as much as u can which makes sense for the field! When it comes to Networking skills what level do we have to be to be considered great aswell? Is network+ enough or ccna? Just wondering since networking is key in the internet
Thank you very much answering my question, i really appreciate it!
@@7ripachikita I've heard conflicting opinions, but CCNA teaches a little bit more configuration information that could prove useful in a cyber career, however imo Network+ should be more than enough to get your foot in the door. You have to know IPv6, IPv6, mac address, routing protocols, etc. because as you said that's the internet and how bad actors infiltrate systems. So constantly learning more about networking is going to make you a better security professional because you'll understand potential vulnerabilities better on a network and where to look for potential breaches or worst how someone was able to get in. I guess it's difficult to gauge what level someone is "great" at networking because you can be a cisco professional and know loads about configuration on a cisco device but that doesn't mean they're better at networking than say a seasoned penetration tester who wouldn't be able to configure or troubleshoot a cisco device because they didn't memorize how they work. I hope that's not confusing and helps some 😅
@@madhatistaken its crystal clear , thanks for all this gold info , last question, any books u recommend for networking and cyber security ?? Study guide or not i would really appreciate it! Or even videos on YT/ITProTv/Udemy? Thanks for all you do!
can you work as a soc analyst from home?
You can! I do in my current position 💚