Should I Go After a SOC Role? Need Advice

Danielh22185

So I work for a very large organization with silo'd IT groups spread all throughout the company. I've been toying with the idea of moving on from my current position because I have basically reached a limit where I am hardly learning anything new frequently enough and am feeling very under challenged. Most of my current work has become very routine and to put quite frankly, has been a bit of a disappointment. I had much higher expectations going into this role about 1.5 years ago. Although my current role has been good for me as a whole it should however never be something for people with high ambitions such as me should stay in beyond 2-3 years.

To throw a curve ball...well..at myself... My wife and I also just got confirmation that we are expecting another baby, so this has obviously sparked my self/career evaluations now to potentially make some more money to help with that challenge ahead.

So I have some friends in other places and I applied internally for some positions that interested me; one of them being a SOC role. This one I got some pretty quick feedback on and they want to interview me today. Now, I have no real previous security experience so this is a bit of a major change up for me. The things that do interest me though (based on the job description) are some of the overlapping network items with a security focus, such as TCP/IP, internet / web security items, scripting, etc.

I've always tossed around the idea of possibly getting into a security role, network security primarily. However this isn't my current immediate passion. I'd REALLY like to get deeper into route / switch network concepts as I am still pretty new to the game and have a lot in front of me still to learn. I basically don't want to flat out give up what I have worked very hard to achieve thus far. However on the other hand I feel if I were to stay where I am I’d be wasting precious time.

My main concern is change. I am comfortable where I am but bored and want a new challenge. I fear going down the SOC route might be a bit too drastic or too far into left field to continue building my skill-sets where I need them. I have ambitions of taking my network focus upwards into the IE level sooner rather than later; however this job stands to be more relaxed, more money, and an opportunity to learn totally different things which I cannot completely ignore.

My ultimate career goals I have always imaged myself to be within the networking realm. Consulting really has my eye in the near future. I love being independent and building things from the ground up. Another idea could be a role of some form of SME for an organization that has a lot of influence on networking strategies. Security might be a good aim because that will be a necessary animal for either of those roles. I have always thought though a design oriented role would be better suited for me in the next short term which I really have my eyes set on as my #1 desirable next job.

So I don’t know what to do exactly. I ask y’all here in the NP forums as I know many of y’all may have either explored this route or have aspirations of the same. I am at a pinnacle part of my career where I need to make wise decisions to build for my future goals. I DO NOT want to be in my 40s rediscovering my professional self.


Thoughts? Thanks!

Danielh22185

Well maybe I should have made this thread after the interview or not at all. Either way maybe my experience will provide some insightful information for those possibly in the same boat.

Turns out the interview did go well but I wasn't able to speak in a very technical sense at all regarding what they are expecting for a SOC analyst. Although they did like my network experience and expressed the value in it, this job simply is not for me.

This will be a HUGE career move into a completely different realm of IT. While learning security best practices are great for my endgame this role is too far removed from what I expect to gain from it and also retain my network level competence.

Oh well it was great to interview to keep those skills sharpened.

networker050184

Reading your first post it seems you already knew you didn't want to go that way. Probably for the best you didn't get it. Good luck in the future though!

Danielh22185

networker050184 wrote: »

Reading your first post it seems you already knew you didn't want to go that way. Probably for the best you didn't get it. Good luck in the future though!

True, I honestly was looking for someone to give me a good reason why I should haha!

Danielh22185

Well here I stand being offered the job, which came as a bit of a shock to be honest. I think they really liked my network experience, which I think gave me a good upper leg to stand on. So now I am seriously trying to understand if doing this is best for me. My ultimate career goal as mentioned is to become something on the level of a network consultant or network SME. My passion is obviously networks and I want to learn a ton more so I don't want to side track that progress one bit.

With this position however I do stand to learn new stuff too. I'm just worried if most of it will be worthy of my time in pursuit of my end goals. It might be best to look at the job description so you guys know what I am looking at:



Job Description




Security Operations Analyst
Description

The Security Operations Center Information Security Analyst will be part of the SOC Team. This center monitors, analyses and responds to infrastructure threats and vulnerabilities. SOC Analysts will be responsible for performing the day-to-day monitoring of "Company's" environment, analyzing, responding to events as necessary and providing technical support.
These operations are critical since they provide "Company's" first line of defense against infrastructure attacks.

Key Responsibilities:
•Analyst performs monitoring, research, assessment and analysis on Intrusion Detection and Prevention tools as well as Anomaly Detection systems, Firewalls, Antivirus systems, proxy devices which requires demonstrable security incident response experience.
•Follow pre-defined actions to handle BAU and High severity issues including escalating to other support groups. Execute daily adhoc tasks or lead small projects as needed.
•Create and maintain operational reports for Key Performance Indicators and weekly and Monthly Metrics.

Qualifications

•4+ years working in the security & operations fields.
•Bachelor's Degree or higher preferred.
•Excellent knowledge of Intrusion Detection (deep TCP/IP knowledge, and Cyber security), various operating systems (Windows/UNIX), and web technologies (focusing on Internet security).
•Experience in web development and programming languages i.e. Java, XML, Perl and HTML.
•Ability to read and understand packet level data.
•Intrusion detection and prevention and Network Security Products (IDS/IPS, firewalls, etc) Host Security Products (HIPS, AV, scanners, etc)
•Knowledge of cutting edge threats and technologies effecting Web Application vulnerabilities and recent internet threats.
•Exposure on Vulnerability assessment as well as penetration testing or forensic analysis fields are an advantage.
•A good understanding of security, web-based and infrastructure vulnerabilities is required.
•Certifications from EC-Council, GIAC, (ISC)² are preferred [CISSP, C|EH, GCIA, CCNA].







So what I can defer here is the opportunity to learn some scripting skills, get some exposure to IDS, firewalls, Proxies, possibly deeper TCP/IP analysis skills, learning general security practices, etc. All good things I think for any person with a career in IT.

Not saying all of these are bad things to learn at all but some I do kind sense are outside my road of direction to my later career goals. Also some of the listed responsibilities are a bit embellished. I for one know there is actually a completely separate group in my company that manages / maintains our IDS, Firewalls, and Proxies, not this team, rather it seems this team is just performing data analysis for vulnerabilities found. So the level of experienced gain with IDS, Firewalls, and Proxies will be quite negligible.

I just do not feel comfortable saying this is the next best thing for me as a developing network tech / engineer to take on. However on the other hand I don't want to stay so Silo'd into what I do now and feel expanding my skill sets is just as valuable.

Oh my head hurts from thinking about this...

Danielh22185

Last response to this thread...

I ended up having a very valuable discussion with one of our SMEs in the company who I have grown to establish a good working relationship with on this. He opened my eyes to several aspects of which has secured my decision to stay where I am at to continue to build my networking skills and that good things are just in store for me if I hold the course.

If anything I learned from this experience and I have tried to tell myself this before...chasing money is NOT the way to progress your career. If you are seeking to specialize / become a expert in a single realm you need to make wise decisions that will position you to get there. You have to do what makes you happy and trust your gut!

NetworkNewb

Sounds like you did the right thing!