SOC experience?

I accepted an offer to work in a SOC few months ago as a Network Security Analyst. I have several years of experience working on the End user client facing side of IT as an Analyst as well worked in Datacenter as a technician.

However, I have never experienced anything like the SOC before. Ego's tripping everywhere. Everyone has a chip on their shoulder, lack of mannerism, individual mindset (look at me,etc) rather than team focus. Antiquated tools and process to perform your duties. Every guy is a tough guy with their GIAC certs. The more GIAC certs, the worse the attitude becomes. Sarcasm about other roles of others in the SOC. Back biting of people they just got off of con call with or exchanged an email with.

I have never been in a more toxic environment before. Most of the people have never worked anywhere outside of the SOC. This is their first and only job in IT. So, they have pretty much mastered their job role to a point where it becomes like a fraternity or something to join in with them.

Has anyone else worked in a SOC here? Care to share your experience?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

guy9

Remedymp wrote: »

I accepted an offer to work in a SOC few months ago as a Network Security Analyst. I have several years of experience working on the End user client facing side of IT as an Analyst as well worked in Datacenter as a technician.

However, I have never experienced anything like the SOC before. Ego's tripping everywhere. Everyone has a chip on their shoulder, lack of mannerism, individual mindset (look at me,etc) rather than team focus. Antiquated tools and process to perform your duties. Every guy is a tough guy with their GIAC certs. The more GIAC certs, the worse the attitude becomes. Sarcasm about other roles of others in the SOC. Back biting of people they just got off of con call with or exchanged an email with.

I have never been in a more toxic environment before. Most of the people have never worked anywhere outside of the SOC. This is their first and only job in IT. So, they have pretty much mastered their job role to a point where it becomes like a fraternity or something to join in with them.

Has anyone else worked in a SOC here? Care to share your experience?

If you need someone to talk to the community is hear to listen my friend. What you have to understand is that you work in a Security Operations Center. The key word in that sentence is Security, when dealing with IT and the S word people will have certs that start with G. Do you expect to see system admins, help desk, and Linux Admins with G certs? Probably not, even though it is not uncommon some people are just masters of different trades. In a SOC you have to know your sh**. You have IH, Signature Maint, Red Team, Watch Analyst, this title and that title. What you expect to walk in and everyone has Security+CE ? Ok back to the topic, I enjoyed working the SOC environment. It is more experienced individuals, some of the time. If your network or server or this or that gets "attacked" or "compromised" this that or the third you want people with training/experience handling the incident right? Not saying nobody has ever dropped the ball.Not saying good or bad about G certs but it looks like you expected the guy or gal handling incidents to have the "CompTIA Trio"

. Granted it doesn't take much to be a watch analyst but the ability to stay awake. I have seen Watch Analyst positions that only needed a Security+ and some wanted a little more than a cert. If you get with the right BIG company with the BIG budget you can go attend just about any training in the world!

Do what makes you happy. If you like the DataCenter realm, it might be time to consider going back. I know it's more $$$$$$ in the Security side myself, just from experience

P.S. I enjoyed the SOC world. I worked 12hrs Thursday-Saturday one week and 12hrs Thursday-Saturday the next week and a 8 on Sunday. Not saying I did or didn't but you can easily shoot to the Dominican Republic after work on Saturday and come back Wednesday just in time for work the next day and nobody would ever know. An SOC that works 8hr days can jump in a lake with cement shoes

Khaos1911

Just for the record, I was a tough guy way before I got my GIAC certs.

Remedymp

If you need someone to talk to the community is hear to listen my friend. What you have to understand is that you work in a Security Operations Center. The key word in that sentence is Security, when dealing with IT and the S word people will have certs that start with G. Do you expect to see system admins, help desk, and Linux Admins with G certs? Probably not, even though it is not uncommon some people are just masters of different trades. In a SOC you have to know your sh**.

Either you didn't completely read my OP or just not understanding. The people working in this environment have never worked in IT outside of the SOC itself. It's not as if these are seasoned vets. These are analyst with 1-2 years experience working the SOC from an internship position.

I don't have a problem with GIAC certs. I have a problem with people who take an open book exam and think they're Security Engineers because they can either open and close ports on a firewall or that they can use Regular expressions in Notepad++. It's weird.

Although the company accepts Comptia Certs, they're paying for everyone to get their GIAC certs. It's not as if these people are walking into a test center with no index cards and walking out an acing the exam. Not at all.

Of course you won't see as many analyst with Comptia certs because they don't have to pay for them. If they had to pay for them, the only certs they could get are Security+ or SSCP.

Do what makes you happy. If you like the DataCenter realm, it might be time to consider going back. I know it's more $$$$$$ in the Security side myself, just from experience

I did NOT come from the DC realm. I worked in a DC before. I came from a client facing position as an IT analyst.

I just have never experience anything like this environment where people are so wired up. Very toxic.

guy9

Sir/Ma'am,

I paid out of my pocket to attend SANS training. I will prove it to you if you want BUT when/if you want me to prove it to you, you'll have to provide me with a Amazon Gift Card. PM me if you think I am lying and most importantly ready to send the gift card. I need two 2TB SSHD's and 16 GB of RAM to upgrade my computers its better coming out of your pocket than mine. Also, you will have to rep my post every time I post for the next 6 months. So, please don't say if people had to pay for SANS training they would only have Security+ or SSCP

I said that to say this, I know people who pay thousands of dollars for training. I paid several thousand for SANS training and I also paid 2500 for a CEH bootcamp out of my pocket. ( I can prove that to you as well). It bothers me when people say nobody would pay for the training out the pocket this and that.It really touches my heart, it's almost like an insult. Sometimes I want to cry after reading it. Yes, it helps when a company pays for training personally I prefer if the company doesn't pay for training. A good portion of companies will pay for training and you're obligated to stay with them for X amount of time or pay the money back. If getting X Cert increases my salary by 5K or more I am putting in my 2 weeks notice ( have done it, recently).

People have to start somewhere, if the SOC is where they started I commend them and I am slightly jealous. People don't stay in a SOC for 5 years, especially if they are not moving up. So seeing people who have worked in a SOC for 1-3 years is not uncommon. You talk about the "open book exam" people fail open book exams everyday. People have failed the mentioned certs and will continue to fail G certification exams. For some odd reason people think because it's an open book exam it is easy. ...shame on them.

It was a guy who was an intern/part time employee at my last job, he was a full time student and he had a guaranteed job when he graduated. What college student in the world would turn that down????

Sir/Ma'am,

I do wish you the best in whatever you choose. I apologize for slightly getting off topic. I just had to prove a point. I hope the community forgives me. Don't forget the first paragraph

UnixGuy

@Remedy:

It sounds like a terrible environment, so I think what you can do is make the best out of a bad situation and learn as much as you can then move.

Unfortunately, SOC or not, this can be a common attitude in IT in general; some 'professionals' can be very childish, with self-esteem issues and weird behaviors and they take it out on others in the environment. I've seen this before, and will continue to do so. There is always this guy in every team...who is an idiot (to put it nicely). Just be professional yourself, ignore them, and see it for what it really is: a bunch of children with no life.

It's hard not to take it personal and be pissed off, because honestly it's annoying, but you're probably 10x times smarter than all of them (experience or not), so do your thing or consider moving on. I joined a SOC too recently, have seen some of that, but not too much. Everyone is nice, some are stressed out for no reason. Some have no life, but some are genuinely nice guys so look for the positive.

YFZblu

Reading this post took me back in time. I know exactly what the OP is talking about, and I have worked in exactly that type of SOC environment before.

Security Operations can be an insane little world. Some of these SOCs are full of know-nothing, elitist hacks with fake alpha attitudes. IMO, these types of bad situations start and end with management. If your management is allowing the SOC personnel to devour one another, that is a really bad sign.

My two cents: If you want to stay in security, just get what you can out of secops, but plan on further specializing so you can get out of that rat race. By far, the worst part of infosec work-wise is the bro fest.

beads

Many if not most IT and later SOC environments are notoriously like this and for the most part with reason. Most of the people your working with had to fight tooth and nail to not only first to enter the IT field. Second to stay in the field and third work their way up the chain to eventually break into security. Why shouldn't they feel a bit alpha dog about their accomplishments? Its a tough field to work in and a tougher field to break into in the first place.

Its also difficult to work with freshers and wannabes trying to get into a SOC or Engineer type environment when they generally have such lack luster skills in general they get in their own way. Some people can be taught to do certain simple techniques but often cannot reach any real technical performance worth mentioning. Many cannot keep up there skill level or commitment to the field and need a great deal of hand holding. Hence why you see much of the above behaviors. It just is...

GIAC is and should only be considered training. Toss the certificate portion of it unless your serious about getting a Masters degree from a for profit organization. No one outside of the field has a clue about SANS so its going to be very a niche at best degree. As for paying. I'm about half and half. I've paid for a good bit of training, myself. Some of it applicable to my real world job, often not so much. For example I rarely actually do real forensics, just farm that stuff out along with the court time now, etc. Some of the incident handling training yes. Legal? Somewhat. Still consider it to be training nothing else.

- b/eads

(Edit) Changed comma to period for readability.

E Double U

Toxic work environments are not SOC specific. I've encountered people like this everywhere. One thing that has remained true during my career is that the biggest a$$hole was usually the most knowledgeable person on the team. My previous employer was a telco (worked in NOC, SOC, config) and the meanest SOBs on each team really knew their stuff. Since I wanted to learn from them I put up with it and eventually got through those tough exteriors to discover they were really cool guys and were willing to teach since I was eager to learn. I currently work for a bank and the Sr. Network Admin is one of the most abrasive people that I've ever met. But after working with the guy for 2+ years we've developed an understanding and have a good working relationship. I probably wouldn't have much to do with these guys outside of the office, but we coexist just fine during work hours.

Now if you think mgmt sucks then I recommend that you learn as much as you can then jump ship. I can deal with mean colleagues, but a bad manager is something that I cannot tolerate.

Robertf969

Where are all these SOCs that hire people with no IT experience? I get what beads is saying but going off of what the OP said it sounds like these guys started their IT careers in InfoSec.

NetworkNewb

E Double U wrote: »

One thing that has remained true during my career is that the biggest a$$hole was usually the most knowledgeable person on the team.

lol, found this to be true at a few previous jobs as well.

I usually found their cocky attitudes funny though. At my first job, there was one who was pretty cocky and sarcastic. Probably came off like a d*ck to most people. He really hated Facebook and never used it. So one day, I created a Facebook page of him and sent it out invites to bunch of people at the company (not higher people...). He was so pissed. Kept it going for maybe 2 weeks before telling him I did it. Best part was, there was this girl he was kind of seeing at the company, and she had a picture of him in an ugly pink shirt and got to use that picture as his profile picture.

Good times...

Edit: really? someone downrated my reputation because this post? some people's kids...

jeremywatts2005

I worked in a DHS SOC that was ran like the military. I am not kidding I saw guys get dressed down right on the SOC floor for screwing up. People who had no military background were wetting their pants. Imagine being a contractor and you use the wrong terminology on the floor and you get berated by the lead right in front of everyone. Yep it happened.

I was a watch floor lead and I was expected to hold the same standards that the SOC manager directed us to have. Our SOC manager was awesome he made grown men cry because they could not follow simple directions and wanted to have an ego. Then again he was a Chief Navy Warrant with several yrs overseas running military security ops.

We were a tight group and little BS. This is why it was ran that way we were in close proximity all day to each other and he wanted egos checked at the door. No smarting off and no sluffing and make sure you know your crap or you will be found out. I ran two guys off in 6 months for not paying attention to alerts and lack of situational awareness. I was on the overnight shift and good help is hard to come by but slackers had no place. One guy even got up in my face and refused to run an alert because he needed a break. He totally snapped out, overnight working in a stressful situation ate him alive.

The DHS group I was with wanted this type of SOC because we had to keep order and the importance of the mission dictated it. We used to have to stand outside of the government overseers office and knock and ask permission to enter to discuss something with them. Very formal and we were reminded we are contractors working at the request of the government. Yep a SOC is a different breed and I can say now on the civilian side I cashed in because I am tight on incident response. I will stomp a mudhole in some newb who will not follow directions and refuses to admit they made a mistake. I can fix a mistake but I cannot fix a liar.

thomas_

@JeremyWatts2005

I'm not going to quote your entire post, but to say the least I'm horrified by it and the entire way you treat people that you supervise. I did 8 years in the Navy and I would not put up with a work environment like that for a day outside the Navy, not because I can't handle it but because life's too short to deal with a place that has supervisors acting like a bunch of douchebags.

There are other ways to handle people lying besides "stomping a mudhole" in them. You can document their actions(lies) and over the course of time you have justification to fire them. All without screaming, yelling and degrading people. If you have to scream, yell and intimidate people to get them to do what you want to do then you're not a very good leader or you just enjoy yelling at people.

Verbally abuse enough people and you're liable to find one who will physically abuse you.

UnixGuy

I'm getting negative reputations here, but I think trying to be a douche to your colleague is not a professional behavior. It doesn't matter how hard or easy it was for you to join a SOC, giving your teammates a hard time says a lot about your character and nothing else.

Some of the smartest and most knowledge people I've met were all nice guys, and they acknowledge that there is always more to know. It really is sad to think this way. Just do your job and mind your own business, everyone is trying to make a living, there is no justification to being a douche with your colleagues.

Anyway to OP again, you can survive if you ignore them and get the experience and then move on.

echo_time_cat

UnixGuy wrote: »

I'm getting negative reputations here, but I think trying to be a douche to your colleague is not a professional behavior. It doesn't matter how hard or easy it was for you to join a SOC, giving your teammates a hard time says a lot about your character and nothing else.

Some of the smartest and most knowledge people I've met were all nice guys, and they acknowledge that there is always more to know. It really is sad to think this way. Just do your job and mind your own business, everyone is trying to make a living, there is no justification to being a douche with your colleagues.

Anyway to OP again, you can survive if you ignore them and get the experience and then move on.

I'm going to jump in and say I agree with you.

I can see the "hardass" approach being appropriate in the .mil. Lives can be at stake, and there should be clear orders at all times with little room for deviation. Fail to follow orders and you may very well put others lives in danger.

But IT is so much different than that isn't it. Yes a SOC can carry a huge weight depending on the contract, but I've never seen anyone pop out of the womb knowing all-the-things in the world. People have to learn, even those with nice n' shiny certs. If you stomp on someone who simply needed some advice or a nudge in the right direction, that person (IMO) is much more prone to make further mistakes after being torn down. If you give them the info they need and help them, they may grow and one day achieve great things.

Unfortunately, I often see the "stomping on" from "higher ups" as a way for them to create their own job security, by making sure no one advances to the altitude of their perch. Depending on management, this behavior may be rewarded, however I try and avoid these kinds of environments at all costs.

UnixGuy

I've got a total of 3 negative reputation because of my post.

Someone said that calling IT professional 'idiot' is not professional...and someone said that there are males & females in this forum and using the word 'douche' is inappropriate and not humors.

Really? Playing the gender card?

I'm going to emphasis and stick to my point. IF you want to act in a douchey way with your colleagues because you thought you worked hard to get to your position then this makes you an unprofessional douche. There is NO excuse to being a jerk to your colleagues. EVER. If you have ego problems then you need to learn how to be professional. Everyone is fighting their own battle.

Did you know that some people commit suicide because of mistreatment at work? Don't do that to anyone. ANYONE. if you have a problem with your colleauges and you think you are smarter or you work harder, then by all means go to talk to your manager and tell them how amazing you are and ask for promotion or whatever it is that you want. DO NOT TAKE IT ON YOUR COLLEAGUES.

They call it BULLYING!!!

I had a 27 yrs old guy at work harrasing a colleague, my colleague was 42 with family and kids. Just don't do it!!!

There is nothing worse than someone who talks down to their colleagues and make them feel bad. Feeling good when you attack people's self esteem????

Go ahead and give me more -negative reputation. I am against bullying and will always be. If you treat your colleagues badly then Please STOP doing so. There is no excuse.

Alexsmith

@remedymp

I worked in a SOC environment that was similar to yours so I can understand where your coming from. I had co-workers that were nosy and wanted to get into your business, e-mailed supervisors behind your back for anything instead of talking to you or just plain high school cliques. I'd learn all you can and move on to another environment if I were you, that's what I did and I never looked back.

Remedymp

I'd learn all you can and move on to another environment if I were you, that's what I did and I never looked back.

I've only been for close to four months so if I quit, this will look bad on my resume.

I don't have a lot of time, but a physical altercation happened this week in the SOC.

Will update the thread later.

cyberguypr

Update later? What are you talking about? Did some packets get rowdy and had to be physically restrained? LOL! Must know now!!!

Mow

@UnixGuy, I completely agree with you. I can't believe you are being negged for speaking the truth. I absolutely hate working with people who feel like work should mirror the worst parts of high school. My solution is to get better than them and make them expendable. @Remedymp, I wouldn't quit if I were you, I would keep my head down, work on my skills, and breeze outta there.

E Double U

Remedymp wrote: »

but a physical altercation happened this week in the SOC.

This happened during my time in the NOC. Those were the days.

scaredoftests

Wow..PHYSICAL altercation? Popcorn, indeed and shots of scotch.

BlackBeret

@jeremywatts2005,
It seems to me like you haven't worked in many military SOC's if you think that's how they run it. This seems more like wannabe fan fiction to me. Talk yourself up like a hard-arse but to EVERYONE with experience in the same environment you sound like a joke.

Also, wasn't DHS's SOC along with their Einstein program the ones monitoring OPM while it was hacked and billions of records were ex-filtrated? Sounds like you all are super awesome and really know your stuff...

Remedymp

So, here is the deal.

There was a Sr. Analyst who made some comments about a new Security Adviser who was recently hired from the middle east. While his english is not that great, he speaks four languages, so it should be a given that english isn't his primary language. So, the Sr. Analyst makes a comment that "this is America".

So, I said he's from the Middle east, I don't think it's a big deal. Sr. Analyst then replies and says how did he make through customs?

Me: I beg your pardon?
Sr. Analyst: With a beard like that, probably a terrorist.
Me: But he's from India(??)
Sr. Analyst: India, Iran, Syria, they're all the same (IMO).
Me: I'm not having this conversation.

I leave my shift and from what I understand, someone else heard his comment and took issue with it and they got into a chest to chest shoving match.

At this point, I've had several offers doing things other than Network Security. But, I've only been here a few months and would be happy to leave. But, it would be a blemish on my resume for such a short stint in such a role.

From reading the comments in this thread, If other SOC's are like this, then I'mo not so sure how long I can survive in here.

I don't like the bravado attitude in the SOC and all the back biting. So, I am not sure what to do.

YFZblu

Wow - well don't feel bad. Even I hate your SOC, and I've never stepped foot in the room.

Where are you located? Depending on a few factors, you may not have to stay much longer in order to move to another secops group. Have you updated your resume' recently? I find that updating the resume' or re-posting it gets the recruiting calls going again.

UnixGuy

I would take that offensive conversation to HR.

Leaving that SOC is fine, if anyone asks you can tell them that the environment was full of bullies and you can even mention that conversation; it's not that you're job hopping or anything - you have a legitimate reason.

Remedymp

UnixGuy wrote: »

I would take that offensive conversation to HR.

Leaving that SOC is fine, if anyone asks you can tell them that the environment was full of bullies and you can even mention that conversation; it's not that you're job hopping or anything - you have a legitimate reason.

Management is already involved and are making adjustments to the Analyst shifts. (if that is what you call discipline)

Remedymp

YFZblu wrote: »

Wow - well don't feel bad. Even I hate your SOC, and I've never stepped foot in the room.

Where are you located? Depending on a few factors, you may not have to stay much longer in order to move to another secops group. Have you updated your resume' recently? I find that updating the resume' or re-posting it gets the recruiting calls going again.

I have updated my resume and have received random opportunities outside of security. Especially via LinkedIn.

thomas_

UnixGuy wrote: »

Leaving that SOC is fine, if anyone asks you can tell them that the environment was full of bullies and you can even mention that conversation;

I think I would describe it as a "hostile work environment" if I was asked about it at interviews. Saying the environment was full of bullies might make it seem like you can't handle any sort of conflict at work, whereas hostile work environment implies that the whole work situation was F'ed up(at least to me anyways.)

echo_time_cat

Is this a common issue in SOC's (attitudes and conflict etc,), or did Remedymp simply manage to land in a nasty one?

McGintyDM

I am the Director of the SOC at my organization and from what I read, it just seems like a bad/toxic place to work. I rather like the SOC I am building and running and seem to be a good environment to learn a lot of new things that come up as well. Perhaps look elsewhere?