Update SOC-ANALYST.md

This commit is contained in:
Carter Perez 2026-07-05 15:45:50 -04:00 committed by GitHub
parent 6593aa5689
commit c7eb953234
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 49 additions and 50 deletions

View File

@ -1,10 +1,10 @@
# SOC Analyst Certification Roadmap # SOC Analyst Certification Roadmap
A structured path to becoming a Security Operations Center Analyst, from entry-level to senior/management positions. A structured path to becoming a Security Operations Center Analyst, from zero to landing your first SOC role. Five certifications, in order, each building on the last.
## Career Path Overview ## Career Path Overview
SOC Analysts monitor, detect, investigate, and respond to cybersecurity threats. This roadmap progresses from foundational knowledge through incident handling and intrusion analysis. SOC Analysts monitor, detect, investigate, and respond to cybersecurity threats. This roadmap progresses from foundational knowledge through hands-on defense and SIEM tooling, in the order that actually gets you hired: foundation first, tool skills last.
--- ---
@ -14,21 +14,22 @@ SOC Analysts monitor, detect, investigate, and respond to cybersecurity threats.
## Certification Path ## Certification Path
| Level | Certification | Organization | Link | | Step | Certification | Organization | Approx. Cost | Link |
|-------|--------------|--------------|------| |------|--------------|--------------|--------------|------|
| **Entry** | **Security+** | CompTIA | [Website](https://www.comptia.org/certifications/security) | | **01 - Foundation** | **Security+** | CompTIA | ~$404 | [Website](https://www.comptia.org/certifications/security) |
| **Core** | **CySA+** | CompTIA | [Website](https://www.comptia.org/certifications/cybersecurity-analyst) | | **02 - Analyst** | **CySA+** | CompTIA | ~$404 | [Website](https://www.comptia.org/certifications/cybersecurity-analyst) |
| **Intermediate** | **GCIH** (Certified Incident Handler) | GIAC | [Website](https://www.giac.org/certifications/certified-incident-handler-gcih/) | | **03 - Hands-On** | **Blue Team Level 1** | Security Blue Team | ~$399 | [Website](https://securityblue.team/certifications/blue-team-level-1) |
| **Intermediate** | **CEH** (Certified Ethical Hacker) | EC-Council | [Website](https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh/) | | **04 - SIEM Tool** | **Splunk Core Certified User** | Splunk | ~$130 | [Website](https://www.splunk.com/en_us/training/certification-track/splunk-core-certified-user.html) |
| **Advanced** | **GCIA** (Certified Intrusion Analyst) | GIAC | [Website](https://www.giac.org/certifications/certified-intrusion-analyst-gcia/) | | **05 - Cloud SOC** | **Microsoft SC-200** | Microsoft | ~$165 | [Website](https://learn.microsoft.com/en-us/credentials/certifications/security-operations-analyst/) |
| **Senior/Management** | **CISSP** | (ISC)² | [Website](https://www.isc2.org/Certifications/CISSP) |
*Costs are approximate USD exam-voucher prices and change over time. Check each vendor for current pricing. Splunk and Microsoft both offer free official training.*
--- ---
## Recommended Learning Path ## Recommended Learning Path
### Phase 1: Foundation (3-6 months) ### Phase 1: Foundation (3-6 months)
**Target:** Security+ **Target:** Security+ (~$404, CompTIA)
Build fundamental knowledge in: Build fundamental knowledge in:
- Network security concepts - Network security concepts
@ -42,8 +43,8 @@ Build fundamental knowledge in:
- Practice labs and simulations - Practice labs and simulations
- Security fundamentals courses - Security fundamentals courses
### Phase 2: Core SOC Skills (4-8 months) ### Phase 2: Analyst Skills (4-8 months)
**Target:** CySA+ **Target:** CySA+ (~$404, CompTIA)
Develop analyst capabilities: Develop analyst capabilities:
- Security operations and monitoring - Security operations and monitoring
@ -57,50 +58,48 @@ Develop analyst capabilities:
- SOC analyst training platforms - SOC analyst training platforms
- Hands-on lab environments (TryHackMe, HackTheBox) - Hands-on lab environments (TryHackMe, HackTheBox)
### Phase 3: Incident Handling (6-12 months) ### Phase 3: Hands-On Defense (3-6 months)
**Target:** GCIH and/or CEH **Target:** Blue Team Level 1 (~$399, Security Blue Team)
Master incident response: Prove you can do the work in a live, graded investigation:
- Incident detection and analysis - Practical SIEM and log analysis
- Malware analysis basics - Phishing analysis
- Forensic investigation - Threat intelligence
- Ethical hacking techniques - Digital forensics fundamentals
- Attack methodologies - End-to-end incident response
**Resources:** **Resources:**
- SANS incident handling courses - Security Blue Team labs (included with the certification)
- EC-Council CEH training - Hands-on ranges (TryHackMe, HackTheBox)
- Incident response simulations - Real investigation practice
### Phase 4: Advanced Analysis (12+ months experience) ### Phase 4: SIEM Tooling (2-4 months)
**Target:** GCIA **Target:** Splunk Core Certified User (~$130, Splunk)
Specialize in intrusion analysis: Get fluent in the SIEM most SOCs run all day:
- Advanced network traffic analysis - Splunk Search Processing Language (SPL)
- Threat hunting techniques - Building and reading dashboards
- Deep packet inspection - Field extraction and reporting
- Attack pattern recognition - Alerts and scheduled searches
- Advanced persistent threat (APT) detection
**Resources:** **Resources:**
- GIAC training materials - Splunk free official training (Intro to Splunk, Search Fundamentals)
- Advanced threat hunting platforms - Splunk Search Tutorial and sample data
- Real-world SOC experience - Hands-on practice in a free Splunk instance
### Phase 5: Leadership (3-5 years experience) ### Phase 5: Cloud SOC (2-4 months)
**Target:** CISSP **Target:** Microsoft SC-200 (~$165, Microsoft)
Transition to strategic roles: Cover the cloud SIEM side SOCs increasingly hire for:
- Security program management - Microsoft Sentinel
- Risk assessment frameworks - Microsoft Defender XDR
- Security architecture design - Kusto Query Language (KQL)
- Policy and governance - Cloud detection and incident response
- Team leadership
**Resources:** **Resources:**
- CISSP study materials - Microsoft Learn (free SC-200 study path)
- Management and leadership training - Hands-on Azure and Sentinel labs
- Industry frameworks (NIST, ISO 27001) - KQL practice environments
--- ---
@ -125,11 +124,11 @@ Transition to strategic roles:
## Estimated Timeline ## Estimated Timeline
- **Entry to Core:** 6-12 months - **Foundation to Analyst (Security+ to CySA+):** 6-12 months
- **Core to Advanced:** 1-2 years - **Analyst to Hands-On (CySA+ to BTL1):** 3-6 months
- **Advanced to Senior:** 2-3 years - **Tooling (Splunk + SC-200):** 4-8 months
Total time to senior-level: **4-6 years** with continuous learning and hands-on experience. Total time to job-ready: **~12-24 months** with consistent study and hands-on practice.
--- ---