Tired of being SOC Analyst. What else is out there?

ksmith1983

Just curious if anyone could offer advice.

I've been doing SOC work now for 2 years. And I'm tired of it. I keep hearing there are so many aspects of security but i'm not sure what direction to go in and i'm wondering if there are other aspects/roles of security that i could potentially pivot into based on the core skills that a Junior/Teir 1 SOC Analyst has.

I have two sans certs (GICH and GCIA) and I have been a Tier 1 SOC analyst for 2 years. and I have some experience working in a SKIF as well. I'm not an EXPERT level but i'm a competent analyst.

but SOC work is a tedious job. it feels like you're basically a janitor/housekeeper. i don't have any interest in being a tier 2 or 3 level SOC analyst (lead) because you're then the person whom people blame when things go wrong and your job as a leader is to be a chaperone for the other analysts.

any advice would be appreciated.

Find more posts tagged with

Comments

mrvl13

Let ask you a question, are you tired of what you are doing because of your current salary or are you looking for a new challenge? Being a SOC analyst in this current day has endless possibilities for those willing to venture out into other avenues in IT. I.E. SIEM(Security Information and Event Management) technology. At this point I would suggest that you look into becoming an SIEM SME(subject matter expert) or admin. Such as with ArcSight, Alien Vault, QRadar...etc. SIEM technology has become the main tool of Threat mitigation and monitoring and having indepth knowledge of one or more can open up many doors both career wise and financially. Once you establish yourself as an admin or engineer in this, you can start writing your own ticket, as long as you keep up your certs and get as much training as possible. Splunk, a data aggregator, not really a SIEM. is an excellent one to start with because you can download a version to install at home and train yourself.

UnixGuy

Do you wanna stay technical or do you want to move to the risk side of things? There is always GRC.

If you want to stay technical, you can look into consulting. Companies like FireEye and RSA for example have a team of DFIR consultants who fly to client sites to respond to breaches/incidents.

There is always pre-sales, where you work for a vendor and go with the sales guys to tell the clients about how the product can help (not a super technical role).

You can also train and do penetration testing...you may need to get your OSCP to start.

You can also train and get an IT role, it depends on what you like.

So what do you feel like doing? Are you bored at work or bored outside work? Do you want more money? Do you want to see a new environment? Do you want to do more challenging work?

Tell us more what are you likes and dislikes, and we'll give you more tailored suggestions

LordQarlyn

It was my understanding that SOC jobs were the entry level for IT security jobs. From there you can move to information security officer, to IT auditors, to compliance, to privacy now, and branch out from there. If you are bored at your job, do some soul searching in which direction you want to take your career, or if you want to stay in IT security.

E Double U

My employer has a large security organization which includes a SOC (where I started), but other teams include pen testers, threat intelligence, threat hunting, use case factory (SIEM work), risk assessors, network security, crypto services, auditors, and more.

The way I got out of SOC was by telling my manager I no longer wanted to perform daily SOC tasks so him and his manager helped create a role for me.

ksmith1983

UnixGuy said:

Do you wanna stay technical or do you want to move to the risk side of things? There is always GRC.

If you want to stay technical, you can look into consulting. Companies like FireEye and RSA for example have a team of DFIR consultants who fly to client sites to respond to breaches/incidents.

There is always pre-sales, where you work for a vendor and go with the sales guys to tell the clients about how the product can help (not a super technical role).

You can also train and do penetration testing...you may need to get your OSCP to start.

You can also train and get an IT role, it depends on what you like.

So what do you feel like doing? Are you bored at work or bored outside work? Do you want more money? Do you want to see a new environment? Do you want to do more challenging work?

Tell us more what are you likes and dislikes, and we'll give you more tailored suggestions

Hi there! thanx for your responses.

my main issue is the tedious nature of my SOC role and the hours. (12 hr Panama shifts) and the constant influx of the new types of security incidents that crop up. the constant phishing emails that need to be sorted thru. constant false positives that need to be ticketed and tracked. the constant filing of reports. its just the tedious work. i don't like it.

at one point

it seems like the career trajectory for SOC analyst is (Tier 1 (Entry Level), Tier 2 (Shift Lead), Tier 3 (Shift Lead Management)

I'm at the teir 1 level. and i look at how 'stressed out' the Tier 2 and Tier 3's are. and I'm like "damn is that what I have to look forward to??'

the SOC role feels like that of a janitor/housekeeper role and to make more money within the SOC, I must then 'prove' that I can lead other analyst and become a Tier 2 which means that I'm the chaperone/parent that does his own work, checks over other people's work and then I'm responsible for making other people act correctly too when they misbehave and I'm the fall guy when things go wrong because I'm the lead?

sooo..for this reason I'm asking this question. and I did some google searches. and i see other people on Redditt asking the same questions. and it seems like most SOC analysts reach a WTF moment and ask themselves "what else is there besides this? what comes next?"

And yes, I would like to earn more money too

I have talked to other people and i keep hearing that Pen Testing is a good career field that also pays VERY well too. but of course what type of certs and experience do I need to go in that direction.

I see that vulnerability assessment could be a possibility for me but it doesn't seem like that role pays well.

my main strength is doing PCAP analysis and i'm now getting better at doing LOG analysis with splunk.

DatabaseHead

ksmith1983 said:

Just curious if anyone could offer advice.

I've been doing SOC work now for 2 years. And I'm tired of it. I keep hearing there are so many aspects of security but i'm not sure what direction to go in and i'm wondering if there are other aspects/roles of security that i could potentially pivot into based on the core skills that a Junior/Teir 1 SOC Analyst has.

I have two sans certs (GICH and GCIA) and I have been a Tier 1 SOC analyst for 2 years. and I have some experience working in a SKIF as well. I'm not an EXPERT level but i'm a competent analyst.

but SOC work is a tedious job. it feels like you're basically a janitor/housekeeper. i don't have any interest in being a tier 2 or 3 level SOC analyst (lead) because you're then the person whom people blame when things go wrong and your job as a leader is to be a chaperone for the other analysts.

any advice would be appreciated.

All analyst jobs are like that..... You progress in an organization you'll continue to get tougher and tougher work..... Or like you mention tedious. I work on the data side, ETL, Stored Procs etc... And when I started it, it was: Learn this reporting tool or troubleshoot this or test that.... Now it's look at the XML or JSON payloads coming in and why is BOOMI or Informatica pumping garbage into our tables. Why are we missing counts in our sales fact table. Why are the volume of records 1/2 of what they are normally when coming through the Kakfa event bus?

It's the life cycle of being an ANALYST. Engineering IMO is even more challenging.

It's the way it is.....

nisti2

Does where you are working is bored? (ex. working environment)
That's what I'm perceiving.

Security is a wide range way, you better focus on one path... already mentioned.

Good luck!

dinger68

Look for a Security Administrator or Security Analyst job. You will have some incident responses, but will allow you to branch off into other portions of security work.

MitM

dinger68 said:

Look for a Security Administrator or Security Analyst job. You will have some incident responses, but will allow you to branch off into other portions of security work.

Silly question, but isn't a SOC Analyst and Security Analyst the same?

DatabaseHead

I'd like to transfer over to a SOC analyst. One's man trash is another mans treasure.....

JDMurray

MitM said:

Silly question, but isn't a SOC Analyst and Security Analyst the same?

A "SOC Analyst" is specifically someone performing security operations event handling, which could range from a true cyber-security incident (e.g., network penetration, data breach, malicious insider activity) to an employee reporting a suspicious email. SOC analysts are down in the cyber-trenches and get bit-dirt under their fingernails.

"Security Analyst" is a very broad title that can be applied to anyone performing any security-related process that could be used to detect a (possible) threat, (possible) exploit action, or a (possible) vulnerability in a system, device, body of code, or a person's behavior. A security analyst may also suggest possible mitigations and remediations to specific types of threat actions. All you know about a security analyst is that some aspect of their job involves looking at things from a security-minded point of view, they work short hours and have very soft hands.

MitM

JDMurray said:

MitM said:

Silly question, but isn't a SOC Analyst and Security Analyst the same?

A "SOC Analyst" is specifically someone performing security operations event handling, which could range from a true cyber-security incident (e.g., network penetration, data breach, malicious insider activity) to an employee reporting a suspicious email. SOC analysts are down in the cyber-trenches and get bit-dirt under their fingernails.

"Security Analyst" is a very broad title that can be applied to anyone performing any security-related process that could be used to detect a (possible) threat, (possible) exploit action, or a (possible) vulnerability in a system, device, body of code, or a person's behavior. A security analyst may also suggest possible mitigations and remediations to specific types of threat actions. All you know about a security analyst is that some aspect of their job involves looking at things from a security-minded point of view, they work short hours and have very soft hands.

Thanks for the response. Up until your last sentence, they still sounded the same to me

McxRisley

MitM said:

JDMurray said:

MitM said:

Silly question, but isn't a SOC Analyst and Security Analyst the same?

A "SOC Analyst" is specifically someone performing security operations event handling, which could range from a true cyber-security incident (e.g., network penetration, data breach, malicious insider activity) to an employee reporting a suspicious email. SOC analysts are down in the cyber-trenches and get bit-dirt under their fingernails.

"Security Analyst" is a very broad title that can be applied to anyone performing any security-related process that could be used to detect a (possible) threat, (possible) exploit action, or a (possible) vulnerability in a system, device, body of code, or a person's behavior. A security analyst may also suggest possible mitigations and remediations to specific types of threat actions. All you know about a security analyst is that some aspect of their job involves looking at things from a security-minded point of view, they work short hours and have very soft hands.

Thanks for the response. Up until your last sentence, they still sounded the same to me

They are the same until someone in management gets hung up on titles and decides to declare their security team a SOC lol

cyberguypr

Also worth to keep in mind that companies bastardize titles all the time. Example: https://www.indeed.com/viewjob?cmp=National-Fuel-Gas-Company&t=Information+Security+Analyst&jk=16cdf9b9b656ac3e&sjdu=QwrRXKrqZ3CNX5W-O9jEvQ2BL3IhxdEHDHbF45Q25iihTHYE3ZN5PGIAHh7D6qR6JcJsxscWWtEKCEq7OqJtSddqvUM1nCeS6HOkhE8eHaQ&tk=1dva1l21g4416800&adid=3789409&pub=4a1b367933fd867b19b072952f68dceb&vjs=3

This "security analyst" will do GRC, IR, DR, awareness, SIEM, vuln management, etc. Yikes! Just needs pentest to be a damn unicorn.

MitM

@cyberguypr I see positions like you posted way too often. My own company is the same way. 1 security person