Advice On Becoming a Better Security Analyst. (SoC)

MagnumOpusMagnumOpus Posts: 107Member
New to the field and absolutely love it! For those having made a career of this field, what advice can you give in mastering the art of working in the SoC?

Comments

  • ramrunner800ramrunner800 Posts: 238Member
    It's a bit tough to answer this question because a SOC can be very different from one organization to the next. Do you have any specific areas you feel deficient in? I feel that understanding of attacker methodology and knowledge of cutting edge threats go far in any SOC. Practicing your offensive skills in a lab environment while also performing network security monitoring through something like Security Onion helps with this. Other helpful things you can do are reading sites like malware-traffic-analysis.net, the SANS Internet Storm Center, and contagiodump. These will help you in keeping up to date with the latest attacker TTP's.
    Currently Studying For: GXPN
  • FillAwfulFillAwful ■■■□□□□□□□ Posts: 119Member ■■■□□□□□□□
    Thanks for that list ramrunner, I was looking for sites exactly like this.
  • E Double UE Double U ■■■■■■■■□□ Posts: 1,552Member ■■■■■■■■□□
    Here you go:

    https://www.sans.org/security-resources/

    What technology do you have access to?
    Alphabet soup: CISSP, CCSP, CISM, CISA, GPEN, GCIA, GCIH, GCCC, CEH, etc

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • AnthonyGAnthonyG ■■□□□□□□□□ Posts: 44Member ■■□□□□□□□□
    A good friend of mine in the security field gave me this, it might be useful for you:

    Below are some sites that I frequent for security information -- I hope you find what you need here.

    ====================================
    - SANS and their Internet Storm Center is a great place for in-depth security news/training. I usually check this site several times a week.

    http://isc.sans.edu/
    SANS Information Security Training | Cyber Certifications | Research

    - Vulnerabilities with working exploit code -- I scan through this once a week or so to see if there is something I missed.

    http://www.exploit-db.com/

    - Purdue's Cassandra: you can input a product name or keyword and it will automatically send you future vulnerability information via e-mail from many different sources matching your product or keywords.

    https://cassandra.cerias.purdue.edu/main/index.html

    - Vulnerability advisories

    Secunia

    - Good place with vulnerability information organized well.

    CVE security vulnerability database. Security vulnerabilities, exploits, references and more

    - This site is good for scanning something that is suspected malware with approximately 50 antivirus products -- sometimes a piece of malware you scan isn't found by any of the 50 products icon_smile.gif

    https://www.virustotal.com/

    - General security news. Sometimes ArsTechnica has some good security articles.

    Risk Assessment | Ars Technica

    - Metasploit Pen testing software

    Penetration Testing Software | Metasploit

    - Nessus vulnerability scanner. Their newest plugins can reveal additional vulnerabilities.

    http://www.tenable.com
    Nessus Plugins

    - Website site checks

    http://sitecheck.sucuri.net
    urlquery.net - Free URL scanner
    Wepawet » Home

    - Malware domains

    http://www.malwaredomainlist.com
  • MagnumOpusMagnumOpus Posts: 107Member
    Just wanted to officially reply to this thread as I became tooo busy with my career path. Everything stated here was rock solid, thanks a million guys. I will finally have security onion up and running next week.

    Thanks again!
  • BurnsieBurnsie ■■□□□□□□□□ Posts: 84Member ■■□□□□□□□□
    Tagging this for future use. Great info.

    B
  • gespensterngespenstern ■■■■■■■□□□ Posts: 1,243Member ■■■■■■■□□□
    Know the infrastructure, first and foremost. Windows or Mac or Linux or mobile OS, whatever your users use, know it at least on a sysadmin level.
Sign In or Register to comment.