Lesson 3 of 18
SOC Analyst Fundamentals
What is a Security Operations Center (SOC)?
A Security Operation Center is a facility where an organization combines applications, databases, servers, analysts, rulesets, and tools in an effort to identify and mitigate network threats.
But why the need…?
- Because breaches that’s why!
- Loss of intellectual property (IP)
- Loss of data and PII
- Loss of credibility and respect
- Malicious software, insider threats, etc.
- The inherent need to secure the organization
- If you don’t you stand the risk of having the smallest flaw bring the entire company down!
The Skills of a SOC Analyst
- OSI Fundamentals
- Network and/or Memory Forensics
- IPv4 & IPv6 Fundamentals
- Communication & Reporting
Start at Home
- You should always know your IP Address
- ipconfig or ifconfig
- Become familiar with terminal commands
- Become familiar with useful tools
Typical Analyst Day
- Check various InfoSec feeds
- Check emails
- Check system and/or reports for new alerts and/or indicators
- Check the database for past attribution
- Determine the importance and update indicator database
- Distribute new information to the community