SOC what do I need to learn?

Remedymp

ramrunner800 wrote: »

I recently interviewed with a gentleman who stands up and runs SOC's for huge companies all around the world. He said that he doesn't think anyone should stay in the SOC for more than 18 months because you get 'console burn in.' I've worked in various operations center type jobs for the last 5 years, and I think vigilance fatigue is a real thing. Every once in awhile you need to change roles and shake out the cobwebs. You can go back, but some kind of change is really helpful.

Why is 18 a magic number?

ramrunner800

Remedymp wrote: »

Why is 18 a magic number?

I think it's more of a nice round number to use for a rule of thumb than a hard and fast length of time. I think more important than a highly specific number of months, is the idea that it's a good thing to cycle off the ops floor after awhile.

alias454

Complacency is a killer. I can see moving around helping to keep one focused.

Mike-Mike

Remedymp wrote: »

Why is 18 a magic number?

looking back at my career, seems like around 18 months is when I get bored with a role. Takes about a year to master stuff, then it's fun for a bit because you know what you're doing, then you get repetitive.

Remedymp

UnixGuy wrote: »

@Remedy: It does sound like a hectic environment, but you are learning!

How about you do what I'm about to do? I'll start a pentesting course (I can message you about it), skill up big time and then take it from there. You can move to another team within the same organisation or elsewhere Better focus on the opportunity we have I think. My environment is hectic too, but I know that I lack the skills to do proper Pentesting/Forensics/Incident Handling.

I'm starting to look at the CCFP exam as well as doing some Pen Testing. Any labs?

UnixGuy

@Remedy: How about starting this with me? http://www.techexams.net/forums/off-topic/111731-elearn-security-pentesting-student-pts-v3.html