Certs for SOC Analyst (and beyond - other security jobs)

joba19joba19 Member Posts: 32 ■■□□□□□□□□
I would like to work as a SOC Analyst. I'm finding jobs in at area at the moment. Applied for some SOC Analyst jobs, and no luck so far. Some jobs does say they want a certs, and some don't. I'm applying for the ones that don't need a cert, as I don't have one.

Besides a Security+ cert, I might consider the EC-Council cert 'Incident Handler'. I've seen the content on the EC-Council website for ECIH and it matches to stuff that a SOC Analyst would do. EC-Council does state that experience is needed before taking the test for the cert, and if not, do the official training. I don't hold any Security certs at the moment.

ECIH hasn't got much mentioning on the forum or anywhere else. I don't mind if it's less recognised or anything like that, as long as it's a security cert, that's fine. Certs created have their purpose. I believe all certs no matter what it is, has it's place in the industry and proves your knowledge, etc...

Was thinking doing EC-Council's ECSS (Security Specialist) too.

Any entry level certs that doesn't need renewing?

Company probably can't afford GIAC/SANS certification courses.

In the future, and if there are vacancies (either within the company or outside of it), I would like move from a SOC Analyst and into Penetration Testing or e-discovery/digital forensics. Obviously, certs for that kind of jobs are CEH and CHFI (for example). Won't be doing CEH or CHFI anytime soon.

Would like to pursue SSCP or CISSP in the future too.

Are my security cert choices in the near and far future good choices?

Comments

  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    joba19 wrote: »
    Some jobs does say they want a certs, and some don't. I'm applying for the ones that don't need a cert, as I don't have one.

    I would just focus on the certs that companies are asking for. Other ones not listed probably hold much weight when it comes down to getting the job you're looking for and would be a waste of time and money. Better off focusing on the skills/knowledge they are looking for.

    And just because a cert is a "Security" cert does not mean it would be helpful. Gotta think it from a manager's viewpoint looking at your resume. If they see a certification they have never heard of, they probably aren't going to take the time and look it up, figure out what it covers, and how much studying is needed for it. They are just going to read over it and not pay any attention to it. Focus on the certs people are asking for and focus on the knowledge they are asking for.

    I'm not saying the "not well known" certs aren't going to give you some useful knowledge. I'm saying paying any amount to take the test will be almost be a waste. Also, the you would be better off focusing your time to learn knowledge specific to the tasks the job you are looking to get does.
  • beadsbeads Member Posts: 1,531 ■■■■■■■■■□
    Take a look at what hiring managers are looking for here on Indeed.com: https://www.indeed.com/q-Soc-Analyst-jobs.html

    Likewise the generic Wiki article: https://en.wikipedia.org/wiki/Information_security_operations_center

    Looking at the general responsibilities and requirements is the best place to start. See some mention of C|EH, none of the other EC offerings. Some GIAC and certainly the CISSP (5 years of security experience to sit for the exam.), a smattering of other exams as well. Most positions are aimed at a four year degree in CS, MIS/MT or security.

    I have meet a number of people who have recently gotten Master's degrees in security and start in the SOC as well. This is more common than you might think.

    Good luck!

    b/eads
  • E Double UE Double U Member Posts: 2,228 ■■■■■■■■■■
    What type of background do you have? Knowing that would help me with making recommendations. I would say start with Security+, but that isn't absolutely necessary. My path was Cisco -> (ISC)2 -> GIAC.

    I have not seen any job listings that requested any EC-Council offering other than C|EH. I'm a big fan of SANS training, but affordability can be an issue.
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    joba19 wrote: »
    . . . Certs created have their purpose. . .

    In my opinion EC Council is the McDonald's of security cert companies. I could probably find an obscure item on a McDonald's menu and read the description out loud in a way that might make it sound appetizing. EC Council's website is like a McDonald's menu and people flock to it.

    Like what the others said, just get whatever certs companies are asking for, being mindful of the fast food choices.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • joba19joba19 Member Posts: 32 ■■□□□□□□□□
    Thanks for the advice guys.

    By the way, my background is in IT Operations as a Computer Operator. I do have an IT degree too, but no security topics taught in it though.
  • EANxEANx Member Posts: 1,077 ■■■■■■■■□□
    A lot also depends on your location. You don't say where you're from, some certifications that are valued in the U.S. aren't so much in Europe or Asia.
  • joba19joba19 Member Posts: 32 ■■□□□□□□□□
    EANx wrote: »
    A lot also depends on your location. You don't say where you're from, some certifications that are valued in the U.S. aren't so much in Europe or Asia.

    I'm based in Europe.
  • joba19joba19 Member Posts: 32 ■■□□□□□□□□
    In the country I live in (not US), some SOC jobs ask for CISSP and/or CEH. I can understand they might ask for CISSP, but CEH not sure why.

    Some other job ad, asks for GIAC/SANS certs. Haven't seen one asking for Security+.
  • princesamusprincesamus Member Posts: 8 ■□□□□□□□□□
    As all SOC are working with SIEM techno, would make sense to be certified on the techno you're working with.
    I'm currently working on alienvault cert (ACSE).
  • mikey88mikey88 Member Posts: 495 ■■■■■■□□□□
    CompTIA CSA+ and CCNA Cyber Ops are probably the only certs are were designed for SOC/Analyst type roles. There are some from GIAC/EC-Council but they are out of the price range for most.
    Certs: CISSP, CySA+, Security+, Network+ and others | 2019 Goals: Cloud Sec/Scripting/Linux

  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    I work in SecOps (SOC and IDR) and CASP is the closest exam that I've taken to SecOps work. I'm wanting to give CSA+ and CCNA CyberOps a try to see how they measure up, but I need to get a couple of Amazon AWS certs out of the way first.
  • BlucodexBlucodex Member Posts: 430 ■■■■□□□□□□
    CISSP or SANS. Everything else is uncivilized.
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    Blucodex wrote: »
    CISSP or SANS. Everything else is uncivilized.



    I see your point, those certs to have the most recognition...but other certs have value in the knowledge you gain. When you gain knowledge and apply it on the job you get to prove yourself and offer value. But true, for the purpose of getting hired etc you are absolutely right.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


Sign In or Register to comment.