Update SOC-ANALYST.md
This commit is contained in:
parent
6593aa5689
commit
c7eb953234
|
|
@ -1,10 +1,10 @@
|
||||||
# SOC Analyst Certification Roadmap
|
# SOC Analyst Certification Roadmap
|
||||||
|
|
||||||
A structured path to becoming a Security Operations Center Analyst, from entry-level to senior/management positions.
|
A structured path to becoming a Security Operations Center Analyst, from zero to landing your first SOC role. Five certifications, in order, each building on the last.
|
||||||
|
|
||||||
## Career Path Overview
|
## Career Path Overview
|
||||||
|
|
||||||
SOC Analysts monitor, detect, investigate, and respond to cybersecurity threats. This roadmap progresses from foundational knowledge through incident handling and intrusion analysis.
|
SOC Analysts monitor, detect, investigate, and respond to cybersecurity threats. This roadmap progresses from foundational knowledge through hands-on defense and SIEM tooling, in the order that actually gets you hired: foundation first, tool skills last.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
@ -14,21 +14,22 @@ SOC Analysts monitor, detect, investigate, and respond to cybersecurity threats.
|
||||||
|
|
||||||
## Certification Path
|
## Certification Path
|
||||||
|
|
||||||
| Level | Certification | Organization | Link |
|
| Step | Certification | Organization | Approx. Cost | Link |
|
||||||
|-------|--------------|--------------|------|
|
|------|--------------|--------------|--------------|------|
|
||||||
| **Entry** | **Security+** | CompTIA | [Website](https://www.comptia.org/certifications/security) |
|
| **01 - Foundation** | **Security+** | CompTIA | ~$404 | [Website](https://www.comptia.org/certifications/security) |
|
||||||
| **Core** | **CySA+** | CompTIA | [Website](https://www.comptia.org/certifications/cybersecurity-analyst) |
|
| **02 - Analyst** | **CySA+** | CompTIA | ~$404 | [Website](https://www.comptia.org/certifications/cybersecurity-analyst) |
|
||||||
| **Intermediate** | **GCIH** (Certified Incident Handler) | GIAC | [Website](https://www.giac.org/certifications/certified-incident-handler-gcih/) |
|
| **03 - Hands-On** | **Blue Team Level 1** | Security Blue Team | ~$399 | [Website](https://securityblue.team/certifications/blue-team-level-1) |
|
||||||
| **Intermediate** | **CEH** (Certified Ethical Hacker) | EC-Council | [Website](https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh/) |
|
| **04 - SIEM Tool** | **Splunk Core Certified User** | Splunk | ~$130 | [Website](https://www.splunk.com/en_us/training/certification-track/splunk-core-certified-user.html) |
|
||||||
| **Advanced** | **GCIA** (Certified Intrusion Analyst) | GIAC | [Website](https://www.giac.org/certifications/certified-intrusion-analyst-gcia/) |
|
| **05 - Cloud SOC** | **Microsoft SC-200** | Microsoft | ~$165 | [Website](https://learn.microsoft.com/en-us/credentials/certifications/security-operations-analyst/) |
|
||||||
| **Senior/Management** | **CISSP** | (ISC)² | [Website](https://www.isc2.org/Certifications/CISSP) |
|
|
||||||
|
*Costs are approximate USD exam-voucher prices and change over time. Check each vendor for current pricing. Splunk and Microsoft both offer free official training.*
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Recommended Learning Path
|
## Recommended Learning Path
|
||||||
|
|
||||||
### Phase 1: Foundation (3-6 months)
|
### Phase 1: Foundation (3-6 months)
|
||||||
**Target:** Security+
|
**Target:** Security+ (~$404, CompTIA)
|
||||||
|
|
||||||
Build fundamental knowledge in:
|
Build fundamental knowledge in:
|
||||||
- Network security concepts
|
- Network security concepts
|
||||||
|
|
@ -42,8 +43,8 @@ Build fundamental knowledge in:
|
||||||
- Practice labs and simulations
|
- Practice labs and simulations
|
||||||
- Security fundamentals courses
|
- Security fundamentals courses
|
||||||
|
|
||||||
### Phase 2: Core SOC Skills (4-8 months)
|
### Phase 2: Analyst Skills (4-8 months)
|
||||||
**Target:** CySA+
|
**Target:** CySA+ (~$404, CompTIA)
|
||||||
|
|
||||||
Develop analyst capabilities:
|
Develop analyst capabilities:
|
||||||
- Security operations and monitoring
|
- Security operations and monitoring
|
||||||
|
|
@ -57,50 +58,48 @@ Develop analyst capabilities:
|
||||||
- SOC analyst training platforms
|
- SOC analyst training platforms
|
||||||
- Hands-on lab environments (TryHackMe, HackTheBox)
|
- Hands-on lab environments (TryHackMe, HackTheBox)
|
||||||
|
|
||||||
### Phase 3: Incident Handling (6-12 months)
|
### Phase 3: Hands-On Defense (3-6 months)
|
||||||
**Target:** GCIH and/or CEH
|
**Target:** Blue Team Level 1 (~$399, Security Blue Team)
|
||||||
|
|
||||||
Master incident response:
|
Prove you can do the work in a live, graded investigation:
|
||||||
- Incident detection and analysis
|
- Practical SIEM and log analysis
|
||||||
- Malware analysis basics
|
- Phishing analysis
|
||||||
- Forensic investigation
|
- Threat intelligence
|
||||||
- Ethical hacking techniques
|
- Digital forensics fundamentals
|
||||||
- Attack methodologies
|
- End-to-end incident response
|
||||||
|
|
||||||
**Resources:**
|
**Resources:**
|
||||||
- SANS incident handling courses
|
- Security Blue Team labs (included with the certification)
|
||||||
- EC-Council CEH training
|
- Hands-on ranges (TryHackMe, HackTheBox)
|
||||||
- Incident response simulations
|
- Real investigation practice
|
||||||
|
|
||||||
### Phase 4: Advanced Analysis (12+ months experience)
|
### Phase 4: SIEM Tooling (2-4 months)
|
||||||
**Target:** GCIA
|
**Target:** Splunk Core Certified User (~$130, Splunk)
|
||||||
|
|
||||||
Specialize in intrusion analysis:
|
Get fluent in the SIEM most SOCs run all day:
|
||||||
- Advanced network traffic analysis
|
- Splunk Search Processing Language (SPL)
|
||||||
- Threat hunting techniques
|
- Building and reading dashboards
|
||||||
- Deep packet inspection
|
- Field extraction and reporting
|
||||||
- Attack pattern recognition
|
- Alerts and scheduled searches
|
||||||
- Advanced persistent threat (APT) detection
|
|
||||||
|
|
||||||
**Resources:**
|
**Resources:**
|
||||||
- GIAC training materials
|
- Splunk free official training (Intro to Splunk, Search Fundamentals)
|
||||||
- Advanced threat hunting platforms
|
- Splunk Search Tutorial and sample data
|
||||||
- Real-world SOC experience
|
- Hands-on practice in a free Splunk instance
|
||||||
|
|
||||||
### Phase 5: Leadership (3-5 years experience)
|
### Phase 5: Cloud SOC (2-4 months)
|
||||||
**Target:** CISSP
|
**Target:** Microsoft SC-200 (~$165, Microsoft)
|
||||||
|
|
||||||
Transition to strategic roles:
|
Cover the cloud SIEM side SOCs increasingly hire for:
|
||||||
- Security program management
|
- Microsoft Sentinel
|
||||||
- Risk assessment frameworks
|
- Microsoft Defender XDR
|
||||||
- Security architecture design
|
- Kusto Query Language (KQL)
|
||||||
- Policy and governance
|
- Cloud detection and incident response
|
||||||
- Team leadership
|
|
||||||
|
|
||||||
**Resources:**
|
**Resources:**
|
||||||
- CISSP study materials
|
- Microsoft Learn (free SC-200 study path)
|
||||||
- Management and leadership training
|
- Hands-on Azure and Sentinel labs
|
||||||
- Industry frameworks (NIST, ISO 27001)
|
- KQL practice environments
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
@ -125,11 +124,11 @@ Transition to strategic roles:
|
||||||
|
|
||||||
## Estimated Timeline
|
## Estimated Timeline
|
||||||
|
|
||||||
- **Entry to Core:** 6-12 months
|
- **Foundation to Analyst (Security+ to CySA+):** 6-12 months
|
||||||
- **Core to Advanced:** 1-2 years
|
- **Analyst to Hands-On (CySA+ to BTL1):** 3-6 months
|
||||||
- **Advanced to Senior:** 2-3 years
|
- **Tooling (Splunk + SC-200):** 4-8 months
|
||||||
|
|
||||||
Total time to senior-level: **4-6 years** with continuous learning and hands-on experience.
|
Total time to job-ready: **~12-24 months** with consistent study and hands-on practice.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue