SOC Training - How to go about it?

Lets just say I am bored but have few more months to kill before starting job search. I want to get (preferably real life some hands on) some SOC experience just to gain a better insight into the world of frontline security combat.
The question is - How do I get the experience in a soc without necessarily joining one? I will happily pay for gaining such experience for a week or two but seriously doubt if anyone will let me in.
So what are my options?
Is there a paid course that covers most of SOC related work and is almost as good as working in one? Obviously it must be mostly hands on.
?

Find more posts tagged with

Comments

yoba222

The CCNA Cyber Ops is basically training intended for a tier 1 SOC analyst.

TechGuru80

Budget? CCNA: Cyber OPs, CompTIA CySA+, GIAC GCIH (SANS SEC504)....plus plenty of books on network security monitoring are out there. The cost varies but GCIH is by far the most expensive (most well known though).

Kapital

yoba, techguru80 - The resources you mentioned certainly teach the concepts. I am looking for hands on exp on real equipment in real commercial situation.
An example is SIEM. Ti dont just want to know siem concept which I know anyways (or can be read from books and some videos, homelabs etc.
I want to get experience of - SIEM on-boarding tasks, SIEM auto-discovery future review and testing, use cases for Dashboards, Active Channels, Reports, Rules, Filters, Trends, and Active Lists, optimization of data flow using aggregation, filters.
Similarly incident response in real life can be a fantastic or hair pulling exercise as compared to reading the concept which usually lacks the concrete examples we face in reality.
Working or getting working training in a real soc with real equipment running real world data is what I am looking for. I can take time off my job but I cant quit to join a soc, hence the need to find a place that will let me observe for a week or two.
Budget - $$$$

TechGuru80

SANS and the official Cisco Cyber Ops training actually have labs...but SIEM is way more specific as SOC responsibilities are very broad...forensics, reverse engineering, etc.

You aren’t going to find a course that will cover everything but if you want SIEM training, SPLUNK is what I recommend....however there are other products out there. The downside of a SIEM training is that you are going to get practice with the tool but ingesting data from other tools that might be in an environment is going to be theoretical because they aren’t selling xyz.

If you want full experience without joining a SOC, you can build a lab using tools like ELK but it’s going to take some work and you will be limited to the attacks you know or learn.

mikey88

So this man doesn't want to lab and doesn't want training? Outside of some specialized boot camps you don't have many options besides getting an actual Job.

DZA_

Kapital wrote: »

Lets just say I am bored but have few more months to kill before starting job search. I want to get (preferably real life some hands on) some SOC experience just to gain a better insight into the world of frontline security combat. The question is - How do I get the experience in a soc without necessarily joining one? I will happily pay for gaining such experience for a week or two but seriously doubt if anyone will let me in.
So what are my options? Is there a paid course that covers most of SOC related work and is almost as good as working in one? Obviously it must be mostly hands on.
?

To be blunt, there's no way of substituting or condensing SOC experience in a few months. You'll likely get a lab going with some of the free or tools out there that simulate concepts or IR but nothing will replace real hands on work experience. It sounds like you're trying to take a shortcut in finding your first security job, it's a catch 22. At this rate, you can approach it in knowing the concepts in hopes pending a fairly strong technical background, someone will take you based on your eagerness to learn. Alternatively, you find a company that you're willing to work for a few years like a MSP, take on security related responsibilities and then move into a SOC team internally or find a SOC team externally.

Kapital

DZA_ wrote: »

To be blunt, there's no way of substituting or condensing SOC experience in a few months. You'll likely get a lab going with some of the free or tools out there that simulate concepts or IR but nothing will replace real hands on work experience. It sounds like you're trying to take a shortcut in finding your first security job, it's a catch 22. At this rate, you can approach it in knowing the concepts in hopes pending a fairly strong technical background, someone will take you based on your eagerness to learn. Alternatively, you find a company that you're willing to work for a few years like a MSP, take on security related responsibilities and then move into a SOC team internally or find a SOC team externally.

You are quite right about "condensing" but the idea certainly is to gain the knowledge as fast as possible and then work on it in my spare time plus get a "holistic" picture of it all working together. I am quite open to acquiring these skills from trained tutors but it has been difficult to find qualified, experienced information security professionals. I am VERY open to PAID learning and would love to hear from anyone working in the industry and having the resources to deliver..

DatabaseHead

yoba222 wrote: »

The CCNA Cyber Ops is basically training intended for a tier 1 SOC analyst.

Well played.

DZA_

Kapital wrote: »

I am quite open to acquiring these skills from trained tutors but it has been difficult to find qualified, experienced information security professionals. I am VERY open to PAID learning and would love to hear from anyone working in the industry and having the resources to deliver..

Sounds like you're willing to give top dollar to shadow a TE Member's SOC environment or play around in their DEV environment. Anyone want to make a quick buck?

Kapital

DatabaseHead wrote: »

Well played.

I have done cyber ops and while its labs are impressive and do provide some hands on training, there is nothing that beats an actual hands on training in a production environment.
Some of the stuff like Pen testing, SIEM can be learned separately but even for that I have faced difficulty finding tutors with labs and exercises.

yoba222

I don't think there is such a thing as what you're looking for. DoD doesn't even train to that level of simulation.