Starting new role as Infosec Analyst

SinObjSinObj Member Posts: 3 ■□□□□□□□□□
Hello world! 

I wanted to give a little background regarding my education and knowledge in the world of IT & CS.

Formal education : Game programming

Working knowledge: worked as an IT operations technician so I’ve done my work in Azure, Azure AD, M365, Powershell scripting, managing Vulnerabilities within Azure, pushing out MFA policy and SSO, Monitoring sign in & audit logs, knowledge of ISO 27001

I’m transitioning from an IT career to a Infosec Analyst and would like some advice on what Materials I could go spend time reading on to gain more knowledge and prepare myself further for this new job role. 

I haven’t done any certifications yet e.g AZ-500 or SC-700 and have been interested in doing this as I feel like this could be quite relevant for me. Any other tips ? 

Kind regards,
Sin

Comments

  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,503 Mod
    Hi Sin,

    you have good experience which is a big asset in InfoSec.


    My personal recommendation would be to start doing security certifications, Security+ is a good start, followed by CySA+ or so. From there, pick a specialisation and cert up.


    I'd also update your CV and start sussing out to see if there is an opportunity to move side-ways and join the security team in your organisation.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube Channel!

  • JDMurrayJDMurray Certification Invigilator Surf City, USAAdmin Posts: 12,845 Admin
    You will want to concentrate on things that will make you better in your job. What are the job duties in your new role?
  • SinObjSinObj Member Posts: 3 ■□□□□□□□□□
    @UnixGuy

    thank you for the response ! Highly appreciate it I’ll be looking into this and hopefully gain some value able knowledge 

    & I’ve been offered the infosec analyst role hence why I was reaching out to see what I could do to touch up on my skills :) thanks for the amazing advice! 
  • SinObjSinObj Member Posts: 3 ■□□□□□□□□□
    @JDMurray

    thank you for reaching out to me! At the moment from the job description it seems at an entry level sort of situation I suspect I’ll be looking into IEM, SIEM (monitoring and detecting any potential threats) I’ve looked into systems that are used for this and I believe azure is one of them (vulnerability management) seeing sign in and audit logs. 

    Any YouTube channels or videos you think could benefit me? :) 

    thank you for responding to me! 
  • JDMurrayJDMurray Certification Invigilator Surf City, USAAdmin Posts: 12,845 Admin
    A problem with giving advice in this situation is that the role "Security Analyst working in a Security Operation Center" is very different from one organization to the next. In a small org you may be wearing many hats, such as security event monitoring, triage analyst, incident response analyst, security controls engineering, risk management, etc. In a very large org each of those hats is worn by a separate team, and you'll only be doing one of them until you rotate into another team.

    A typical SOC Analyst I role may require:
    • an understanding of all sources of reported events (end-point devices, firewalls, IDP, software apps, Cloud, human users, etc.), 
    • knowing the formats of various logs (firewall, proxies, systems/devices, security software, Windows events, Linux/UNIX, Web forms, etc.), 
    • how to read packet captures and interpret network protocol conversations, 
    • the security uses of Netflow, 
    • how to triage security event information to find and use event indicators (IP address, host name, domain name, hash values, etc.),
    • how to determine security event severity/criticality, 
    • the use of a SIEM to work security events,
    • the use of a ticketing system to document work on security events and incidents,
    • the use of a documentation system for learning and authoring SOC SOPs (Standard Operating Procedures) and playbooks,
    • email and telephone skills for communicating with both technical and non-technical audiences. 
    I can personally recommend this course; it covers SOC Analyst I, II, and III skills.

    It would be really beneficial if you could discover exactly what your duties will be. Ask your hiring manager or someone who is already working on the team. The job description itself will cover many skills that you will not end up using in the role, so best to get information from the sources closest to the job as possible for creating a study plan most beneficial to you.
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,503 Mod
    JDMurray said:
    I can personally recommend this course; it covers SOC Analyst I, II, and III skills.


    Course looks interesting! do you have a similar course recommendation geared towards incident response that's cheaper than GCIH? or is that the one you recommend? I'll be recommending to a junior SOC analyst that I know

    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube Channel!

  • E Double UE Double U Senior Member Member Posts: 2,182 ■■■■■■■■■■
    edited December 2022
    I think CompTIA Security+ is good material for self-study wether you actually go for the cert or not. Same for AZ-900 given your experience. I would not recommend taking any training courses unless your employer pays for it. 
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS2022 goal(s): CRISC, AWS Certified Cloud Practitioner"You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
Sign In or Register to comment.