SOC Work

Mishra

Has anyone signed up with a SOC or worked with one in the past that does a great job? If so, who and why?

CoolAsAFan

Sorry not trying to hijack your thread, but I have some related questions.

Is a SOC as prevalent as a NOC? Are they ever combined? Do entry-level jobs at a SOC exist?

nestech

A security operations center (SOC) is a centralized unit in an organization that deals with security issues, on an organizational and technical level.
An SOC within a building or facility is a central location from where staff supervises the site, using data processing technology.
Typically, it is equipped for access monitoring, and controlling of lighting, alarms, and vehicle barrier.
SOC staff includes analysts, security engineers and SOC managers who are seasoned information and communication systems professionals.
They are usually trained in computer engineering, cryptography, network engineering, or computer science and are credentialed
(e.g. Certified Information Systems Security Professional (CISSP) from (ISC)², GIAC from SANS, or Certified Information Security Manager (CISM) from ISACA).
SOC staffing plans range from eight hours a day, five days a week (8x5) to twenty four hours a day, 7 days a week (24x7).
Shifts include at least 2 Security analysts and the responsibilities should be clearly defined.



NOCs analyze problems, perform troubleshooting, communicate with site technicians and other NOCs, and track problems through resolution.
When necessary, NOCs escalate problems to the appropriate stakeholders. For severe conditions that are impossible to anticipate,
such as a power failure or a cut optical fiber cable, NOCs have procedures in place to immediately contact technicians to remedy the problem.
Primary responsibilities of NOC personnel may include:

Network monitoring
Incident response
Communications management
Reporting

NOCs often escalate issues in a hierarchic manner, so if an issue is not resolved in a specific time frame, the next level is informed to speed up problem remediation.
NOCs sometimes have multiple tiers of personnel, which define how experienced and/or skilled a NOC technician is.
A newly hired NOC technician might be considered a "tier 1", whereas a technician that has several years of experience may be considered "tier 3" or "tier 4". As such,
some problems are escalated within a NOC before a site technician or other network engineer is contacted.
NOC personnel may perform extra duties; a network with equipment in public areas (such as a mobile network Base Transceiver Station)
may be required to have a telephone number attached to the equipment for emergencies; as the NOC may be the only continuously staffed part of the business,
these calls will often be answered there.


The SOC and the network operations center (NOC) complement each other and work in tandem. The NOC is usually responsible for
monitoring and maintaining the overall network infrastructure—its primary function is to ensure uninterrupted network service.
The SOC is responsible for protecting networks, as well as web sites, applications, databases, servers and data centers, and other technologies.
Likewise, the SOC and the physical security operations center coordinate and work together.
The physical SOC is a facility in large organizations where security staff monitor and control security officers/guards,
alarms, CCTV, physical access, lighting, vehicle barriers, etc.

In some cases the SOC, NOC or physical SOC may be housed in the same facility or organizationally combined.
Typically, larger organizations maintain a separate SOC to ensure focus and expertise.
The SOC then collaborates closely with network operations and physical security operations.

I have work in Security Operation Center for the last Four plus years.There are lots of SOC jobs out there in VA...
Get your Security +, CEH and CISSP in that order...

YFZblu

CoolAsAFan wrote: »

Is a SOC as prevalent as a NOC?

No

CoolAsAFan wrote: »

Are they ever combined?

If you're referring to geography, the SOC I work in is in the same physical area as the company's NOC. I have also worked in a SOC that was isolated from the rest of the organization. I prefer the latter; however both setups have their advantages. If you're referring to the combination of responsibilities, doing a good and thorough job at both simultaneously isn't possible, IMO.

CoolAsAFan wrote: »

Do entry-level jobs at a SOC exist?

Kind of - entry-level SOC jobs != entry-level IT jobs. That being said a goal-oriented, knowledgable, and mature SOC should be capable of bringing noobs to the team. I'd like to think I am the successful product of such an approach. Now when I say 'noobs', I don't mean noobs to IT - A baseline of minimum knowledge should be in place. But the field is expanding, and IMO it's no longer necessary to be an admin/engineer/dev for years to get into security and do well. It does help though.

CoolAsAFan

Hey thanks YFZblu! As you correctly surmised, I was referring to being combined into the same location, not responsibilities. May I ask what job you had before the SOC your currently at? Do you think not having CISSP negatively affected you getting into InfoSec?

That's awesome though that NOCs and SOCs can be in the same location. I want to get into InfoSec, but know that I basically need to work laterally into security from networking and this kind of setup sounds absolutely perfect for just that! Now to find them in my area...

YFZblu

CoolAsAFan wrote: »

May I ask what job you had before the SOC your currently at?

Before the SOC I'm currently at, I was at another SOC of virtually the same exact setup. Prior to that I was in a pure Desktop Support role, no admin responsibilities of any kind. I did have CCNA, CCNA:Sec, and GIAC GSEC at that point so I was due for some type of promotion (in my mind at least!). I was able to promote from the Desktop role to a SOC role at the same company.

CoolAsAFan wrote: »

Do you think not having CISSP negatively affected you getting into InfoSec?

No - the SOC environments I have worked in (non government, not sure if that matters) value SANS education and their corresponding GIAC certifications more than something like CISSP. Sidenote: Most of my co-workers think the CISSP is a worthless piece of paper old people in the access management / governance side of security pursue. Now, I wouldn't go that far in hating the CISSP - Just sharing my experience. It is resume' / HR gold though, that can't be denied. I'll probably eventually get it for marketing reasons alone.

CoolAsAFan wrote: »

Now to find them in my area...

I know it's not easy, but keep in mind that expanding your search area and being willing to relocate will greatly improve your ability to find that first security job.

CoolAsAFan

Thanks a ton bro! This has helped to alleviate a few concerns I've had that were bothering me lately, probably because I am getting somewhat close to trying to get first IT job.

I have always thought all the GIAC certs looked amazing, just wish I could afford any of them! I have always kind of hoped that once I get a job, that my employer would open that door for me. I was curious about your CISSP because like you, I have heard that it was basically a standard for InfoSec to get you past HR. I have also heard that it has been losing its steam for awhile and I find it interesting that it was not relevant in your case.

I would definitely relocate if it would get me the kind of opportunity that I'm looking for. It is a little intimidating though, as I have never attempted such a thing and I am basically broke which I don't even know how that would work out haha.

Last question if your still around I promise! Is there an easy way to find out if a company has a NOC and/or SOC environment other than the info found in job postings and company websites/social media?

Thanks again for letting me pick your brain a little bit as well as your words of wisdom, you are greatly appreciated sir!

YFZblu

CoolAsAFan wrote: »

I have always thought all the GIAC certs looked amazing, just wish I could afford any of them!

Definitely check out the SANS Work Study program - You'd be looking at an 80% discount if you were accepted. I've participated twice now.

CoolAsAFan wrote: »

Last question if your still around I promise! Is there an easy way to find out if a company has a NOC and/or SOC environment other than the info found in job postings and company websites/social media?

The only reason I know of other SOCs at other companies is because the security community in Arizona is relatively small and we sort of bounce around from place to place. I think you're on the right track checking on job postings, social media, etc. Also keep in mind just because a company does "security", that doesn't always translate to a certain set of responsibilities. I've seen the "security analyst" title mean everything from server admin to network engineer to malware expert to network security monitoring...So less important is the title, and more important is doing the work you actually want to do and will help you grow.