SOC experience?

2»

Comments

  • RemedympRemedymp Member Posts: 834 ■■■■□□□□□□
    Is this a common issue in SOC's (attitudes and conflict etc,), or did Remedymp simply manage to land in a nasty one?


    According to the previous comments, this is actually common behavior and acceptable by some of the members here. It's amazing that this is how adults act. The SOC is run like a Frat house.
  • PupilPupil Member Posts: 168
    I know quite a few people who work in various SOCs and it's nothing like that. You're in a hostile work environment and you should get out asap. If management knows what happening and it's doing anything, they are open to lawsuits. I'd rather not have my name attached to a place like that than worry about a short stint on my resume.
  • RemedympRemedymp Member Posts: 834 ■■■■□□□□□□
    Pupil wrote: »
    I know quite a few people who work in various SOCs and it's nothing like that.

    Then how do you explain the previous comments in thread about similar SOC experience?icon_confused.gif:
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,251 Mod
    Remedymp wrote: »
    Then how do you explain the previous comments in thread about similar SOC experience?icon_confused.gif:


    I also know many SOCs that are not like that and I'm working at a nice SOC myself. The comments here refer to some SOCs that are run like that, and I don't think it's a SOC thing, I think this happens in any work place; you will see this kind of mentally and it gets people no were really. Do your thing, progress, and look for a better environment.
    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
  • OctalDumpOctalDump Member Posts: 1,722
    UnixGuy wrote: »
    Leaving that SOC is fine, if anyone asks you can tell them that the environment was full of bullies and you can even mention that conversation; it's not that you're job hopping or anything - you have a legitimate reason.

    Pretty much agree here. Sounds like some SOCs suck and some don't from the mixed reviews here. This place sounds like it's not healthy, and if I were in your position, I'd happily leave. It doesn't sound like the kind of environment that is conducive to real growth and your sanity is worth more than a blip on your resume. If you are getting offers, then you know you and your skills are in demand.
    There is also a small risk that this place already has a bad reputation that might not play well anyway.

    Life is short. That energy you're expending dealing with others bad attitudes could be better used.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • jeremywatts2005jeremywatts2005 CySA,S+,A+,N+Cloud+,MSDFS,MSMISSM Member Posts: 343 ■■■■□□□□□□
    UMM not the SOC where I was at sorry bud
  • RemedympRemedymp Member Posts: 834 ■■■■□□□□□□
    UMM not the SOC where I was at sorry bud
    Did I say that every SOC was like this in my OP?icon_confused.gif:
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,251 Mod
    @Remedy: how's the job going mate? any update?
    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
  • RemedympRemedymp Member Posts: 834 ■■■■□□□□□□
    It's a disaster. I've never seen an environment like this in all of my career. From attacking foreigners for their dialect or language barriers or homosexuality slandering with "***" jokes. It's like a Frat house. I've been made several offers this morning from different agencies that will decide tomorrow whether or not I stay or go. Either way, I'm leaving by the first.
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,251 Mod
    Jesus!! Run!
    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
  • SaSkillerSaSkiller OSWP, GPEN, GWAPT, GCIH Member Posts: 337 ■■■□□□□□□□
    MMM. Love this thread. My personal, most recent SOC experience was different. Although that story told by Remedymp sounds very familiar...

    We have a bunch of analysts who are technically astute and are passionate about security. But because of company policy, there is little room for growth. The company is working to change it, but time will tell how it works. The big issue was management. The managers were recruited from the SOC, so while that is good in some respects, the have an understanding of our challenges, they are not the best managers, it takes them forever to do something as simple as make a shift schedule, multiple meetings to make simple decisions, multiple projects and little shared vision.

    But they were over all decent people. The only back biting I generally saw came from a few people who had been there a little while who chased metrics. (Don't get me started on metrics. FYI managers, forcing metrics WILL decrease quality. And that will effect your company even if you think the risk is acceptable, it only takes one missed analysis...)

    But as far as how different SOC's will work, its a tough call. All will differ, no matter where you go there will be issues. Thats the world. Full of people with different issues. Some are racist, some are abusive, or manipulative, some are hard workers, some will do the bare minimum. Take care of yourself, plot out a career.
    OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
  • RemedympRemedymp Member Posts: 834 ■■■■□□□□□□
    SaSkiller wrote: »
    MMM. Love this thread. My personal, most recent SOC experience was different. Although that story told by Remedymp sounds very familiar...

    We have a bunch of analysts who are technically astute and are passionate about security. But because of company policy, there is little room for growth. The company is working to change it, but time will tell how it works. The big issue was management. The managers were recruited from the SOC, so while that is good in some respects, the have an understanding of our challenges, they are not the best managers, it takes them forever to do something as simple as make a shift schedule, multiple meetings to make simple decisions, multiple projects and little shared vision.

    But they were over all decent people. The only back biting I generally saw came from a few people who had been there a little while who chased metrics. (Don't get me started on metrics. FYI managers, forcing metrics WILL decrease quality. And that will effect your company even if you think the risk is acceptable, it only takes one missed analysis...)

    But as far as how different SOC's will work, its a tough call. All will differ, no matter where you go there will be issues. Thats the world. Full of people with different issues. Some are racist, some are abusive, or manipulative, some are hard workers, some will do the bare minimum. Take care of yourself, plot out a career.

    Well, it's ironic that the company is HQ in ATL.

    However, I do not understand that if management knows most of this happens, why do they not feel compelled to discipline the offenders? It's almost as if they're punishing the victims of it to make it even.
  • SaSkillerSaSkiller OSWP, GPEN, GWAPT, GCIH Member Posts: 337 ■■■□□□□□□□
    This is perhaps a cynical view, but it's the nature of business in this country. The business' primary concern is generating revenue. But people are lazy and they like to avoid conflict. No one want's to rock the boat, and it often becomes a liability to go after problem employees and is seen as not worth the time and effort. And in the end, even when the best and brightest leave, someone will take their place, probably will cost less.
    OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
  • si20si20 Member Posts: 523 ■■■■□□□□□□
    Remedymp wrote: »
    I accepted an offer to work in a SOC few months ago as a Network Security Analyst. I have several years of experience working on the End user client facing side of IT as an Analyst as well worked in Datacenter as a technician.

    However, I have never experienced anything like the SOC before. Ego's tripping everywhere. Everyone has a chip on their shoulder, lack of mannerism, individual mindset (look at me,etc) rather than team focus. Antiquated tools and process to perform your duties. Every guy is a tough guy with their GIAC certs. The more GIAC certs, the worse the attitude becomes. Sarcasm about other roles of others in the SOC. Back biting of people they just got off of con call with or exchanged an email with.

    I have never been in a more toxic environment before. Most of the people have never worked anywhere outside of the SOC. This is their first and only job in IT. So, they have pretty much mastered their job role to a point where it becomes like a fraternity or something to join in with them.

    Has anyone else worked in a SOC here? Care to share your experience?

    OP. Your experience sounds like mine. In fact - it sounds like you're working at the same company I worked for. Check out my post about it:

    http://www.techexams.net/forums/jobs-degrees/112242-entry-level-security-roles-typical-day-security-analyst.html#post953909

    I'm currently working in a SOC for a different company but i'm in the process of applying/going to many interviews to help to get my ass out of there. I absolutely deplore working in a SOC and let me tell you why...

    My first 'SOC' job was a 'catch and dispatch' job. The rules were ******* pathetic. We'd catch 10,000 alerts+ and around 3 of them would be a real attack. Our setup was so bad that we'd have to manually investigate each alert to be sure. It was mind-numbing. Imagine a team of 4 working through 10,000 alerts, only two of the team knew what was good and what was bad, and the other 2 knew nothing. I became a full-time teacher to the newbies and I was being paid the same as them.

    On top of that, we hired guys who had never worked in the IT industry before - fresh out of University with no job experience. They were the pits...

    I mean....they were the pits. We had new guys deleting exploit kits from the systems, clicking on phishing emails - the place was an absolute joke. We even had the nerve to tell customers we were "protecting their networks". We weren't protecting anything, we were just watching (some) attacks happen. Customers were paying very big sum of money for "protection" and the SOC Analysts were being paid peanuts. I told the newbies that they shouldn't click on phishing emails and they need to investigate better but I was on the same salary as them. I had to leave because I was doing the work that someone on 90k does, but I was getting paid 25k (£ sterling).


    Fast forward to my 2nd SOC job. I'm not 'catch and dispatch' now - but i'm a 'rule tuner'. This means that I spend my entire day in a spreadsheet and 'analyse' how many alerts and firing. It's soul destroying... I'm trying to get into a digital forensics role because I am depressed with SOC jobs. For every one good SOC Analyst, you seem to get 10 lazy, waste of space people who don't know anything about IT or security in general.

    This is just based on my experiences. Trust me - i'm being kind. I could probably write a book on how bad working in a SOC is. Don't do it if you value your sanity.
  • RemedympRemedymp Member Posts: 834 ■■■■□□□□□□
    si20 wrote: »
    OP. Your experience sounds like mine. In fact - it sounds like you're working at the same company I worked for. Check out my post about it:

    http://www.techexams.net/forums/jobs-degrees/112242-entry-level-security-roles-typical-day-security-analyst.html#post953909

    I'm currently working in a SOC for a different company but i'm in the process of applying/going to many interviews to help to get my ass out of there. I absolutely deplore working in a SOC and let me tell you why...

    My first 'SOC' job was a 'catch and dispatch' job. The rules were ******* pathetic. We'd catch 10,000 alerts+ and around 3 of them would be a real attack. Our setup was so bad that we'd have to manually investigate each alert to be sure. It was mind-numbing. Imagine a team of 4 working through 10,000 alerts, only two of the team knew what was good and what was bad, and the other 2 knew nothing. I became a full-time teacher to the newbies and I was being paid the same as them.

    On top of that, we hired guys who had never worked in the IT industry before - fresh out of University with no job experience. They were the pits...

    I mean....they were the pits. We had new guys deleting exploit kits from the systems, clicking on phishing emails - the place was an absolute joke. We even had the nerve to tell customers we were "protecting their networks". We weren't protecting anything, we were just watching (some) attacks happen. Customers were paying very big sum of money for "protection" and the SOC Analysts were being paid peanuts. I told the newbies that they shouldn't click on phishing emails and they need to investigate better but I was on the same salary as them. I had to leave because I was doing the work that someone on 90k does, but I was getting paid 25k (£ sterling).


    Fast forward to my 2nd SOC job. I'm not 'catch and dispatch' now - but i'm a 'rule tuner'. This means that I spend my entire day in a spreadsheet and 'analyse' how many alerts and firing. It's soul destroying... I'm trying to get into a digital forensics role because I am depressed with SOC jobs. For every one good SOC Analyst, you seem to get 10 lazy, waste of space people who don't know anything about IT or security in general.

    This is just based on my experiences. Trust me - i'm being kind. I could probably write a book on how bad working in a SOC is. Don't do it if you value your sanity.

    I think we are talking about the same company as operations are in UK as well. Reading your post makes me feel like I am good company and not alone in the experience.

    They recently TP'd (toilet papered) an analyst car in the parking lot. Very sad.

    Check your PM.
  • bpennbpenn Member Posts: 499
    ^ Wow, TPed a car? What is this, high school?
    "If your dreams dont scare you - they ain't big enough" - Life of Dillon
  • RemedympRemedymp Member Posts: 834 ■■■■□□□□□□
    bpenn wrote: »
    ^ Wow, TPed a car? What is this, high school?

    Retaliation for those who don't follow the status quo.
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,251 Mod
    Remedymp wrote: »
    They recently TP'd (toilet papered) an analyst car in the parking lot. Very sad.

    .


    are you serious?? who did it? why? LOL
    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
  • RemedympRemedymp Member Posts: 834 ■■■■□□□□□□
    UnixGuy wrote: »
    are you serious?? who did it? why? LOL

    It wasn't on my shift. So, I can only assume it's off shift. Angry nerds tend to retaliate in odd ways.
  • testing010101testing010101 Member Posts: 22 ■□□□□□□□□□
    Sounds similar to where I used to work. At one point we had one analyst resigning per week throughout the summer.
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    I had work in 3 SOC before.

    One of them was okay for about 1 and a 1/2 year, until a some managers came in and became particular about catching people sleeping. One colleague will backstab people.

    The other one was just great with good colleagues and friend. I felt really sad when I leave.

    My current seems bad at first, but as time goes by I found it generally pleasant and good in several ways. Overall, still comfortable in it now.

    None of them is toxic when I first joined.

    A good SOC actually requires very skilled people, if a SOC is taking in too much interns/fresh grade; chances are its a SOC for meeting the compliance and not a real SOC. To get a good SOC running, it would really requires lots of budget. That SOC sounds like a terrible result of bad management.
Sign In or Register to comment.