Reality of working in Cybersecurity: SOC Analyst (MSSP)

Поділитися
Вставка
  • Опубліковано 30 гру 2024

КОМЕНТАРІ • 99

  • @emilyau8023
    @emilyau8023 Рік тому +32

    After researching this career thoroughly I decided to not go into the cyber route, but I appreciate youtubers like yourself who are telling the truth and not just glamorizing it.

    • @MyDFIR
      @MyDFIR  Рік тому +6

      Anytime! I should note that the SOC is not the only route into cybersecurity as it is quite a large field. But I am sure you have learned that from your research.
      Good luck in your endeavours!

    • @bagabrielor
      @bagabrielor Рік тому +1

      @@MyDFIR Is it realistic to get a career in cybersecurity without IT undergraduate degree etc. , or individual certificates/courses,/self studies (and experience) would be enough?Thank you.

    • @emilyau8023
      @emilyau8023 Рік тому +2

      @@bagabrielor there's probably a person who has done it by working in IT for years and started as help desk. It's not ideal if you want to get noticed as soon as possible.

    • @OiVinn-eq1ml
      @OiVinn-eq1ml 3 місяці тому

      How come?

  • @Henoik
    @Henoik 8 місяців тому +3

    I work as an incident coordinator in an in-house CERT. This is indeed a stressful and at times unforgiving job. I think many people will get overwhelmed and start focusing on just closing alerts rather than correctly triaging and escalating them. It is okay to take a breather, and then go back looking at the alerts with a fresh set of eyes - because even worse than a bunch of open alerts, are closing true positives without escalation or containment. However, for us, it's also very important that the SOC don't escalate false positives, as that in turn gives us much more to do.

    • @MyDFIR
      @MyDFIR  8 місяців тому

      Absolutely! Thanks for sharing ❤️

  • @riyan6217
    @riyan6217 Рік тому +15

    00:04 Teammates in a SOC can have a significant impact on shift performance
    01:12 Working as a tier one cyber security SOC analyst may not initially pay as much as you expect, but it provides valuable experience.
    02:19 Working in a cybersecurity SOC involves working in shifts that has pros and cons.
    03:23 Working as a SOC Analyst in an MSSP environment can be highly stressful due to workload and lack of process.
    04:35 High priority tickets in cybersecurity can be stressful due to client interaction and fear of mistakes.
    05:41 Working in a SOC environment can be stressful but rewarding
    06:48 Clients often have unrealistic expectations from SOC analysts and may not understand the limitations.
    08:00 Working in a SOC environment can be stressful, but it offers great networking opportunities and potential for career growth.

    • @PacketWatchDog
      @PacketWatchDog 11 місяців тому

      Yeah the SOC pay went way down with the flood of 1-3 year Security experienced people over last 3-4 years.

  • @callmebigpapa
    @callmebigpapa Рік тому +13

    Great video! The SOC is great in that you see new types issues all the time. Your teammates and previous cases/tickets are invaluable. The stress is real however for the queue floods, viewed properly, these are an opportunity to tune, tune, tune. One valuable insight you will have as a Analyst 1 is that you will be able to see with fresh eyes where process and procedures are not current for the environment. Use this to build your personal brand within your company. One important aspect to this to always come to management with a solution(s) to the problem you are pointing out. This is channel is a great resource for those starting out!

    • @MyDFIR
      @MyDFIR  Рік тому +4

      Thanks! Absolutely, one thing I miss about working at an MSSP is experiencing new issues ALL THE TIME. You really do learn so much and touch a bunch of tools. I like to call it a “boot camp” at times because that is how it feels like in most environments.

  • @Nurr0
    @Nurr0 11 місяців тому +3

    Thanks for the honest info, this made me fairly sure I DON'T want to work in an SOC tbh, but it could be great for others.

    • @MyDFIR
      @MyDFIR  11 місяців тому +1

      Glad it was helpful! I wanted to be transparent as possible. Do keep in mind that not all SOCs are the same, some are great.

  • @TetelestaiAdonai
    @TetelestaiAdonai 9 місяців тому +1

    Thanks again Brother, for posting these videos. May you continue to post informative, realistic and down to earth videos. You are definitely underrated. I have been in the WGU cyber bach program and started to dig deeper into this career and what is the reality of it. More cons than pros in my opinion. From short staff, to alert fatigue, high stress rate, on calls, etc. I do say the world of IT is interesting. When I learn about these things I do experience a sense of being a smarty pants (hidden knowledge that others are clueless to) in my self. IT is vast and interesting which I like. I do plan to stay in IT, leaning towards Coding(CSS HTML), since thats what I started working on when I had a interest in tech a self learner before college. For everyone reading this, Don't make the mistake in being infatuated with the fun and cool things you like too much but also consider the hard and boring things, it does make a difference in your life. Choose wisely.

    • @MyDFIR
      @MyDFIR  9 місяців тому

      Thanks for the kind and wise words! I absolutely agree and try to make it a point where you gotta love what you’re doing to survive in this industry otherwise good luck!

  • @bradrickrobinson7452
    @bradrickrobinson7452 Рік тому +1

    Thanks for the heads up without the sugar coating.

  • @Kenneth_SPNG
    @Kenneth_SPNG Рік тому

    Awesome video man. This reminds me alot of my time in a NOC. I worked in the NOC for one of the major US ISPs as a Tier 1 tech for about 2 years before I became a Network Engineer for an adjacent team as a fix agent that I used to engage for outages/impairment problems.The initial investigation, event triaging and escalating notifications are something that's a major part of that NOC job and seems to have a decent translation to your overall experience in the SOC. Great stuff man.

    • @MyDFIR
      @MyDFIR  Рік тому

      Thanks! Hopefully I did not give you terrible flashbacks 😂 - alerts…so many alerts!!

  • @yahebedyah4416
    @yahebedyah4416 Рік тому +4

    All these things are part of life like you said it’s all about your mindset more work to me makes the time goes by faster and it’s a blessing in disguise imo take advantage of that experience and control what you can remember life is always about continuous growth your goal should always be in front of you All these situations are temporary

    • @MyDFIR
      @MyDFIR  Рік тому +2

      Absolutely! Take advantage and “be a sponge” as they say. 100% agree you with, all these situations are temporary.

  • @DubThaDetailer
    @DubThaDetailer Рік тому +2

    Another gem of a video from you, man. I really appreciate this.

    • @MyDFIR
      @MyDFIR  Рік тому

      Thank you! Appreciate the support

  • @Mikebigmike94
    @Mikebigmike94 4 місяці тому

    Thanks for the video I’m glad it was on my feed. I’m at the point in my computing degree where I need to make the decision between cyber, electronics or software.
    I really like the idea of cyber security but the 24/7/365 work pattern and being worried about going to the toilet and missing something just isn’t for me I would hate that pressure
    I’d like to be given a project and work on it in my own time as long as it’s on time 👍

    • @MyDFIR
      @MyDFIR  4 місяці тому +1

      Yeah I don’t miss the 24/7 at all haha - you should have teammates to help you so you can step away though. (I say “should” as this is not always the case. I was alone during overnight shifts)

  • @omkarnanche9792
    @omkarnanche9792 Рік тому +2

    I totally agree with your views , according to me I feel the cons outweigh the pros :D

    • @MyDFIR
      @MyDFIR  Рік тому

      😂 At the end of the day, a SOC although hectic provides valuable skills ESPECIALLY if you are at an MSSP.

  • @ayindeperouza7703
    @ayindeperouza7703 Рік тому +1

    Well said I had that experience working as a Tier 2 Technician

    • @MyDFIR
      @MyDFIR  Рік тому

      Thanks for watching!

  • @ronaldtimm467
    @ronaldtimm467 Рік тому

    Extremely useful information. Thank you so much.

    • @MyDFIR
      @MyDFIR  Рік тому

      Glad it was helpful!

  • @evemackenzie6138
    @evemackenzie6138 Рік тому +1

    huh, sounds like something exactly for me heh. Hope i get the chance to become a SOC analyst in the future. Really want to experience what you've listed

    • @MyDFIR
      @MyDFIR  Рік тому +1

      You’ll get there! I see your initiatives and your drive.

    • @evemackenzie6138
      @evemackenzie6138 Рік тому

      @@MyDFIR Thanks! I'll try my best to be helpful to everyone!

  • @bigdaddyrazor
    @bigdaddyrazor 7 місяців тому

    As an L2 SOC Analyst myself I couldn’t not agree more on the topic, these are my exact thoughts that I have had since I started as a L1 Analyst, kind of unfortunate to see that this is the norm even abroad 😂😂

    • @MyDFIR
      @MyDFIR  6 місяців тому

      Haha yeah… After being in a couple SOCs, they pretty much are universal. Just different tools

  • @albanleung331
    @albanleung331 Рік тому +1

    very informative. Thank you.

    • @MyDFIR
      @MyDFIR  Рік тому

      Glad it was helpful!

  • @stevesploit
    @stevesploit Рік тому +2

    Would CySA+ be beneficial to have working in a SOC?
    I already have Sec+ & PenTest+ & PenTest THM, and I’m thinking because there is lots of crossover of topics between the 3 certs it wouldn’t take much to knock off CySA+ 🤷‍♂️
    I’m doing Blue Team Level1 next as well. Great channel. Thank you 👌

    • @MyDFIR
      @MyDFIR  Рік тому +1

      Great question - Beneficial? IMO, good to have but not needed - You are correct that there is a lot of crossover, however I would suggest not “chasing” certificates for the sake of obtaining certificates. Instead I would recommend you spend your energy and time into hands on labs and network with others. Attend conferences, webinars & CTFs - I am confident you already have the knowledge to excel in this field, just need to start showing others that you are capable and networking should help you with that.
      Great job on enrolling into Blue Team Level One btw - Provides you with that hands on experience that is definitely needed in this field.
      Good luck with your studies & thanks for your support!

    • @stevesploit
      @stevesploit Рік тому

      @@MyDFIR Thankyou, much appreciated.

    • @OiVinn-eq1ml
      @OiVinn-eq1ml 3 місяці тому

      If you have an interest in getting it do it! More education is better right? It’s not necessary though. It can help you move up

  • @highlui4222
    @highlui4222 Рік тому +3

    Well disappointed is Greg area to the scheduling. I’ve been studying for my sec+ and doing TryHackMe SOC analyst 1 room but I also have 2 young kids and a baby boy that should be here in January. Not saying it’s impossible but if I can’t get that 8-4 shift or even doing overnight shift when little man is older and not likely to wake up in the middle of the night then it would be doable. Might have to forget SOC and go for an engineer role???

    • @MyDFIR
      @MyDFIR  Рік тому +2

      I’ll be honest with you, it will be difficult. BUT it is temporary that I can promise you. In the beginning you *may* get 9-5 for the initial shadowing period (~3 months) but you’ll eventually transition into shifts (at least from my experience) but after a year or 2 you can transition into permanent 9-5 or 8-4 which you mentioned. But in the beginning, that rarely happens unfortunately.
      As for forgetting the SOC and go for an engineer role, although possible, unless you are skilled in coding/architecture it may be more difficult getting into compared to a SOC.
      Hope that helps!

  • @tonya.1786
    @tonya.1786 9 місяців тому

    What role would be similar to SOC but without the high level stress and unrealistic expectations?

    • @MyDFIR
      @MyDFIR  9 місяців тому

      Great question, all jobs will have some level of stress but I thought of a system administrator as they would still have some of the SOC duties which are detect, monitor & respond to threats but they are not tied down to that. However with system admins, they have a different kind of stress haha

  • @patrickchan2503
    @patrickchan2503 4 місяці тому

    you make me nervous now 🙂 thanks for sharing. I think because you work for a company that offers SOC as a service, you get more stress.

    • @MyDFIR
      @MyDFIR  4 місяці тому +1

      Haha that was not my intentions! Thanks for watching!

  • @darkomatic-c5t
    @darkomatic-c5t Рік тому +1

    😢
    Great video! Not so many blue teamers talk about it.
    If you were to choose between a job at MSSP or a company that has their own SOC which one would you choose?

    • @MyDFIR
      @MyDFIR  Рік тому +2

      That is a great question! My views are this: what do you value more, time or experience?
      Time = In-house SOC - you are limited to detecting & responding to attack vectors targeting your single organization. Once you fine tune you will be in a good spot which will give you TIME to breathe.
      Experience = MSSP - you detect & respond to many different attack vectors. Everybody is attacking everybody and you get to see all that and you’re not limited to 1 single organization but that means you will likely have 0 time to breathe but you’ll gain valuable EXPERIENCE.

    • @darkomatic-c5t
      @darkomatic-c5t Рік тому +1

      @@MyDFIR Thank you! Yes, I have no doubt that working for MSSP you can learn much more than working at in-house SOC..

    • @Gxnnelle
      @Gxnnelle Рік тому

      @@MyDFIRI hate working at an MSSP, it moves so fast, no time to breathe and no time to thoroughly learn anything😔

  • @tigerscott2966
    @tigerscott2966 Рік тому +2

    Good video...
    Some people just work better alone...
    Being part of a team can be a drain if your team mates are slackers or don't have soft skills like time management and dealing with prickly clients....
    Thanks.

    • @MyDFIR
      @MyDFIR  Рік тому +1

      Agreed! It is nice to have teammates to bounce ideas off of but I definitely work best alone.

  • @faisalkhan5410
    @faisalkhan5410 Рік тому

    Great video ❣

  • @treedents839
    @treedents839 6 місяців тому

    i could be ready for such a thing, my worry is how long could you be stuck in a tier 1 analyst job?
    I am currently trying to get out of tier 1 service desk and seems impossible, i passed a few certs, studying here and there, but still nothing comes up..

    • @MyDFIR
      @MyDFIR  6 місяців тому

      The market isn’t that great right now, have you talked about your next steps/interests with your manager?

    • @treedents839
      @treedents839 6 місяців тому

      @@MyDFIR feels strange with all of those attacks happening everyday that big company do not extend their security team.
      I spoke to my manager to swap position due to have opening in the IAm team but also as a AD specialist but, they do not care much.
      they like me where i am

  • @ABDELZEMIHORIOUATTARA
    @ABDELZEMIHORIOUATTARA Рік тому

    Hello SIR,
    I hope you're well, very good video...
    Can you give me some examples of processes and documentation that need to be included in an MSSP SOC base to ensure it works properly?
    Thank you in advance for your feedback.

    • @MyDFIR
      @MyDFIR  Рік тому

      Not sure what you mean when it comes to "ensure it works properly" however, some of the documentation that I noticed that were lacking or non-existent when I worked in a SOC were the following.
      1) Updated client information. - This includes how to escalate, what are their SLAs, what do we manage or what services are they enrolled in and most importantly, who are the contacts that we should call when an incident occurs?
      2) SOPs on how to access certain tools or request access to these tools.
      3) Usecase knowledge base. - If applicable, it is important to have something similar as this should explain to the analyst what this use case means and what are some pointers to investigate it. It should also include the trigger actions to show WHY it triggered.
      Hope that helps.

  • @MustafaSahil
    @MustafaSahil Рік тому +2

    Great video 🎯, what will you recommend to a fresh CS graduate SOC or full stack web development? Specially in long-run , in terms of money 💰as well, who makes more ?
    Specially when moving to US from india in future is a goal as well.
    Thanks

    • @MyDFIR
      @MyDFIR  Рік тому +2

      I hate to be THAT person but it all depends on you, what do you enjoy most? I am biased towards a SOC because that is where Is started and unfortunately I do not have much experience within the full stack web development realm. Nonetheless, these two fields should provide you with valuable skills. The money portion will depend on how you will utilize those skills.
      Hope that helps!

    • @MustafaSahil
      @MustafaSahil Рік тому

      @@MyDFIR thank you so much, i enjoy and hate both, i have little experience as administrator of local network of a educational institute. I enjoyed it But this is very basic i mean i need more intense learnings if i set my goal as SOC analyst,
      On the other hand i have very little experience in development, i am full of dedication to learn, but actually i am poor at both side, mentally not that sharp i loved computers which makes me fall into this field, i am more kind of writer/poetic personality.
      personally i prefer independence, flexible working hours, work from home, and to fullfil responsibilities i have to look for money as well.
      So i am stuck in deciding....

  • @Charliejam.
    @Charliejam. Рік тому

    Great Video🔥

  • @rejwar
    @rejwar 7 місяців тому

    carry on bro

  • @shinigamirenegade
    @shinigamirenegade Рік тому

    How did you get your foot in the door .

    • @MyDFIR
      @MyDFIR  Рік тому +1

      Great question, foot in the door for Security was via a colleague of mine, he referred me to a SOC position when I said I was interested, which is why I stress the importance of networking with others! Prior to that, I started my career in IT helpdesk and got in by applying to helpdesk roles simply accepting anything in terms of compensation. My mindset was experience > money.

    • @shinigamirenegade
      @shinigamirenegade Рік тому

      @@MyDFIR thanks bro. I might have to take the hit financially .

  • @SuperMdogo
    @SuperMdogo Рік тому

    How did you manage to get your GIAC certifications? Did you pay for them or did the employer pay?

    • @MyDFIR
      @MyDFIR  Рік тому +1

      Great question - it was a mix of both. Employers & myself. Although the price is insane, I always tell myself that the best investment you will ever make, is in yourself.

  • @seetsamolapo5600
    @seetsamolapo5600 Рік тому

    Not sure if youvemade a video on this as I've just subscribed but what certifications pathway would you recommend for getting that entry level job? I'm about yo check your video on the projects below

    • @MyDFIR
      @MyDFIR  Рік тому +1

      Hey! There is no “correct” pathway per se, but a lot of organizations tend to love Security+ so it won’t hurt to go after that. I would then go for either BTLO or CCD (CyberDefenders) as they both provide topics that focuses on analysis.
      The trajectory is pointing towards automating out the Tier 1/ junior SOC position where it will reduce the work they typically do so you will need to start focusing on “deep-dive” investigations, typically what a Tier 2 would do. In order to focus on that, work on labs, learn what data sources are and which ones are more “useful”, and understand how the Operating System works.

  • @deadmanstoolbox
    @deadmanstoolbox 10 місяців тому +1

    Thanks I have become a husk of a person

  • @ww-ld
    @ww-ld Рік тому

    Is there a monthly subscription for his website?

    • @MyDFIR
      @MyDFIR  Рік тому

      Im assuming you mean my mentorship? If so, nope - just trying to help where I can!

  • @rigo9691
    @rigo9691 Рік тому

    Great video!
    How do you go about finding SOC jobs in a MSSP?

    • @MyDFIR
      @MyDFIR  Рік тому

      I simply use a website called Indeed or use LinkedIn and search for SOC jobs. Those offering a role, I would search up and learn more about the company and look for services/words around “managed”

  • @puucca
    @puucca Рік тому

    nice video dude

  • @Shitoken1
    @Shitoken1 Рік тому

    What made you quit the SOC position and what are you doing now for work?

    • @MyDFIR
      @MyDFIR  Рік тому

      Great question, many reasons but mainly I wanted to specialize and to DFIR. I am now a DFIR consultant but still do SOC work on the side.

    • @Shitoken1
      @Shitoken1 Рік тому

      @@MyDFIR is there a road map to get into DFIR since it's so niche? Even finding that kind of work on LinkedIn or indeed is still far and few between.

  • @machelawili5473
    @machelawili5473 Рік тому

    Hey mind telling me the Mssps that hire globally

    • @MyDFIR
      @MyDFIR  Рік тому

      Off the top, I recall the bigger consulting firms such as Deloitte, PwC, Accenture to name a few, provide an MSSP service that hires globally.

  • @Strategic.
    @Strategic. Рік тому

    Is there a chance to land a pen tester job as your first job in cyber security?

    • @MyDFIR
      @MyDFIR  Рік тому

      Yea for sure! Will it be difficult? Maybe, but you’ll likely won’t be diving straight into pentesting depending on how/what you define pentest as. You would likely start out as a vulnerability analyst who will run scans and provide reports.

  • @iTzMobieTV
    @iTzMobieTV 10 місяців тому

    why not mention the starting salary/pay you had for the first job?

    • @MyDFIR
      @MyDFIR  10 місяців тому +1

      I do in later videos but the first job I made 45k

  • @arashautomationlab9088
    @arashautomationlab9088 Рік тому

    Great video
    Just one question from you,
    I recently certified In cybersecurity field after finishing ISC2 CC certification and I now study Splunk, Do you think after finishing Splunk, Am I ready to apply for job as a Junior SOC analyst?

    • @MyDFIR
      @MyDFIR  Рік тому +1

      Are you comfortable explaining technical terms? What about experience with hands on labs? As long as you are confident in your capabilities and have a good understanding of cybersecurity fundamentals, you can give it a try!

  • @yehyamneimne
    @yehyamneimne 6 місяців тому

    Where can I apply for SOC? I have done a lot of CTFs on THM and reached top 1%

    • @MyDFIR
      @MyDFIR  6 місяців тому +1

      I personally look for positions on LinkedIn/Indeed as my go to source.

  • @lxn7404
    @lxn7404 4 місяці тому

    Stress free job is worth double salary in 2024

  • @crikey204
    @crikey204 10 місяців тому

    THe MSSP i work for use a follow-the-sun model so no one is has to work night shifts which is excellent. They also do well hiring for culture so that weeds out the dickheads. I've yet to meet someone I don't like in the global SOC team

    • @MyDFIR
      @MyDFIR  10 місяців тому +1

      That is awesome! I wish I worked in a follow-the-sun model. Sounds like a great work environment. Super happy for you ♥

    • @crikey204
      @crikey204 10 місяців тому

      @@MyDFIR i have you to thank for! It was because of those lab projects you did, i was able to replicate and understand SOC in a real way and showed it in my interview!

  • @kevinbirmingham8629
    @kevinbirmingham8629 Рік тому

    I so want to do this for a living.

    • @MyDFIR
      @MyDFIR  Рік тому

      You can do it!