Introduction
As our daily lives become increasingly connected to the digital world, ensuring its security has never been more important. There are threat actors ranging from kids looking to cause mischief to nation states bent on creating chaos for their adversaries, and the battleground is ones and zeros traveling through cyber space.
But the attackers are not the only ones who operate in the digital aether. Defenders monitor and protect the networks and information that keep the world as we know it running smoothly. One of these defenders is the SOC Analyst.
This blog will explore the duties of a SOC analyst, some lasting motivations for pursuing defensive cyber security, and resources for getting started and progressing in the role.
The Why
Understanding your motivation is a beneficial move, no matter the pursuit. So, asking yourself “Why do I want to become a SOC Analyst?” is an important first step.
Defensive cyber security is a rewarding and usually well-paying job, but it can also be repetitive, high-pressure, and demanding. These factors are a recipe for burnout from the profession and possibly the industry. This is the reason for the ‘why’.
There are a few attributes that can help you through those moments when you question why you thought that being a SOC Analyst would be a good idea.
Service – You are helping people. Even if you are protecting the network of the biggest corporation, at the end of the day, threat actors are trying to get customer information or disrupt life as we know it. If the trains don’t run on time (or the power doesn’t work), there is a trickle-down effect that has outsized implications for lots of people.
Justice – Similar to service, if you want to see the bad guys lose, defensive cyber security can scratch that itch. Identifying a malicious IP or file and locking a threat actor out of the system can be an exhilarating feeling, and can provide a little sharpness to contrast the more tedious days.
Curiosity – This is a vital trait for anyone in the field of cyber security, red or blue. So many times, that extra ounce of “why?” or “how?” can mean the difference between uncovering the problem or not. If chewing on a problem for long periods of time before finding the answer brings you joy, then SOC Analyst role might be for you.
These are just a few examples of answers to that basic ‘why’ question. You may find another, but you would be doing yourself a favor by giving it some thought before you invest your time and money.
Why SOC Analysts Matter
The purpose of cyber defenders is not just to protect networks from intrusion. It is to instill and maintain trust. As the wise matriarch of the Heeler family once said, “The whole point of promises is to build trust. If there’s no trust, none of this is possible… No libraries, no roads, no power lines.” When people hand over their personal data or financial information to an organization, they are trusting that organization to keep that data safe and not abuse or lose it. If an organization breaks that promise, people are less likely to trust another organization in the future. That could mean a small business that wants to expand beyond its local market may have a hard time convincing people to entrust it with their credit card information.
Beyond this, institutions like public utilities are counted on by the whole world to deliver clean water, consistent power, and consumer goods. The ripple effects of some attacks extend far beyond the initial target and intent (see NotPetya), and many times these attacks could have been prevented in some organizations through the most basic cyber security hygiene.
It may be frustrating at times (especially in bigger organizations where the pace of adoption for cyber security changes can be slow) to see that measures like MFA on company accounts are not implemented as quickly as you’d like. But it’s important to remember that even 99.9% adoption for such security controls still leaves the possibility of a breach.
This is why the work of the SOC analyst is so important. Whether through defensible means, like misconfigurations, or indefensible, such as zero-day exploits, proper monitoring and logging are the next line of defense and means by which the attack is quickly detected and the damage mitigated. It is truly noble work.
What Does a SOC Analyst Actually Do?
In the range of responsibilities that make up the defensive cyber security field, the SOC Analyst is primarily a monitor. When someone is knocking on the door of the network, the SOC Analyst is the one looking through the peephole to see who’s there. When the trip wires inside the network are disturbed, the SOC Analyst is the first one on the scene.
In more technical terms, the SOC Analyst receives alerts from the organization’s detection systems and investigates whether or not these situations are malicious. This can be as simple as triaging the alerts and flagging the suspicious ones to be investigated, and disregarding the rest, or taking initial steps to limit access for possible threat actors, such as blocking IP addresses or revoking user access.
Here is a general overview of the blue team ecosystem:
- Monitoring: Manning the castle walls and watching for signs of attack.
- Incident Response: Kicking the bad guys out and restoring order.
- Digital Forensics: Discovering how intruders got in and what they did.
- Threat Hunting: Finding threats before they strike.
- Defensive Engineering: Building better defenses and smarter detection tools.
- Compliance: Making sure the walls are up to code
There can be some overlap in these roles, but these make up the general foundations of a good defensive cyber security operation. SOC Analysts may wear one or more of these hats, become a liaison between these departments, or expand into other roles during their career, so knowing they exist is a good starting point.
Getting Started as a SOC Analyst
0. Foundations
Cyber security is all about understanding IT infrastructure, because how can you defend what you don’t understand? Basic networking and being familiar with the environments and languages that are used in IT are going to be the backbone of any successful cyber security career.
There are tons of resources for studying these concepts, and many affordable certifications that can signal competence to a hiring manager, but really getting your hands dirty with labs and real-world experience will help establish that foundation. Help a friend set up a home network. Set up and segment virtual networks in a safe environment. There are several ways to practice these skills in the real world.
Here are some resources that will provide some excellent training for getting started and preparing for certifications:
Basic IT
FREE (self-promotion) – TCM Security Academy – Practical Help Desk
FREE – Professor Messer – 220-1201 and 220-1202 A+ Courses
- https://www.youtube.com/watch?v=0hd6_bx0ydo&list=PLG49S3nxzAnnes8ZGI-OBlKEukHCX46N8
- https://www.youtube.com/watch?v=00dFDSv03EQ&list=PLG49S3nxzAnn7PDGQ17m5AYbDRhnW7vOb
PAID – Jason Dion – A+ Core 1 and 2
Linux
FREE (self-promotion) – TCM Security Academy – Linux 100: Fundamentals
PAID (self-promotion) – TCM Security Academy – Linux 101
FREE – OverTheWire – Bandit
Windows PowerShell
FREE – Don Jones – Learn Windows PowerShell in a Month of Lunches
FREE – Fernando Tomlinson – UnderTheWire, Wargames
FREE – PowerShell for Hackers
FREE (self-promotion) – TCM Security – Intro to PowerShell Series
Python
FREE (self-promotion) – TCM Security – Programming 100: Fundamentals
FREE – 30 Days of Python
0.1 The Help Desk / Sys Admin
While this probably isn’t what you had in mind when you thought “I want to find and stop hackers!”, entry-level IT can be an incredibly beneficial starting point for an aspiring SOC Analyst. You gain valuable insight into how real enterprise-level networks operate. You fulfill many security-centric tasks, learn how to operate in a technical/business environment, and (very important) you will learn good documentation habits. Many current cyber security professionals can trace their origins back to an entry-level IT position.
The Practical Help Desk Associate is an entry-level certification that puts the student through a day as a Help Desk Technician. You close real tickets, work with real tools, and gain an abbreviated, but eventful, experience as a Help Desk Technician.
1. Security Basics
Getting your feet wet with IT work will take you far, but there are some fundamentals of cyber security that you should be acquiring if you want to be prepared for a SOC Analyst role. Studying for some entry-level certifications will fill many of the gaps coming straight out of IT, and hands-on practice executing methodologies and using tools will be a real benefit.
Developing an investigative methodology is going to be a crucial step in pursuing defensive cyber security. A natural curiosity and desire to unravel mysteries are helpful traits, but turning those into a scientific method for finding evil in a network is what will get the job done. Learning frameworks like MITRE ATT&CK are a good starting point for understanding how threat actors conduct recon, prep, and execute attacks, and otherwise disrupt networks. There are several resources for gaining this knowledge and practice:
FREE (self-promotion) – TCM Security – Practical Security Foundations
PAID (self-promotion) – TCM Security – Security Operations (SOC) 101
FREE – Professor Messer – SY0-701 Security+ Course
FREE – Antisyphon Training – SOC Core Skills with John Strand
2. Advanced Security Disciplines
Once you have some time working in a SOC and are racking up experience, you may start to wonder what advancing in the field looks like. There are many disciplines that you could choose to pursue, including incident response, digital forensics, threat hunting, and malware analysis, among others.
Just as the path from IT to SOC required developing skills and then building on those with education, training, and practice, moving into one of these advanced disciplines will build on the experience you gain in the SOC. If possible, it is a good idea to look for ways to incorporate the responsibilities attached to these skills into your daily duties.
2.1 Incident Response and Threat Hunting
PAID (self-promotion) – TCM Security – Security Operations (SOC) 201
FREE – Active Countermeasures – Threat Hunting Training Course
FREE – The Threat Hunting Project
PAID (self-promotion) – TCM Security – Detection Engineering for Beginners
2.2 Digital Forensics
FREE – 13Cubed – Introduction to Memory Forensics
FREE – 13Cubed – Introduction to Windows Forensics
PAID (self-promotion) – TCM Security – Practical Windows Forensics
FREE – SANS – Digital Forensics and Incident Response
2.3 Malware Analysis
FREE – 13Cubed – Introduction to Malware Analysis
PAID (self-promotion) – TCM Security – Practical Malware Analysis & Triage
Networking (with people)
Any conversation about breaking into, or advancing in, a field should include a section on professional networking. While this is not a technical advancement, it is nonetheless one of the most important factors in having your application reviewed and securing interviews for positions. At least some of your professional development time should be spent meeting people in your industry and maintaining those relationships in lieu of purely technical practice.
Here are a few links to check out if you’re interested in upping your people networking game.
- Soft Skills for the Job Market: https://academy.tcm-sec.com/p/soft-skills-for-the-job-market
- Networking on Social Media: https://tcm-sec.com/social-media-cybersecurity-networking/
- Perseverance: https://tcm-sec.com/perseverance-cybersecurity-job-search/
- Interview Prep: https://tcm-sec.com/how-to-prepare-for-your-cybersecurity-interview/
- Resume Writing: https://tcm-sec.com/crafting-a-winning-cybersecurity-resume-8-tips-and-tricks/
- Job Hunting: https://www.antisyphontraining.com/product/workshop-job-hunt-like-a-hacker-2025-edition-with-jason-blanchard/
Certifications: Knowledge vs. Ability
Certifications are often seen as a key milestone on the path to becoming a SOC Analyst, but it’s important to understand what they actually represent. Earning a certification proves that you have the knowledge, the theoretical understanding of tools, processes, and security concepts. However, the ability to apply that knowledge in real-world scenarios is what truly matters on the job.
You can’t demonstrate ability without a solid foundation of knowledge, but employers ultimately look for analysts who can respond effectively under pressure. Some certifications, like CompTIA Security+, are required in certain sectors (especially government roles) as a baseline credential. Still, ability is harder to show through traditional exams, which is why hands-on certifications such as TCM Security’s Practical Security Analyst Associate (PSAA) and Practical Security Analyst Professional (PSAP) are becoming more valuable; they test not just what you know, but what you can actually do.
In Parting…
The cyber security job market ebbs and flows, but time spent developing skills and getting to know people in the industry is never wasted. Learning the basics, developing skills, and learning continuously are steps that will give you the know-how to succeed as a SOC analyst. Sharpening your soft skills and networking with peers and industry professionals will help take you the rest of the way into a position. It may take some patience and persistence, but those are also learned skills and hallmarks of a good SOC analyst.
Good luck out there.
About the Author: Josh Daniels
Josh is an avid storyteller and writer who loves learning about the behind-the-scenes of the digital world we live in. While his professional experience is in content marketing, Josh began pursuing a career in cybersecurity in 2022, gaining a Sec+ certificate along with other training from industry professionals and a life long learner attitude. When he is not writing, Josh enjoys outdoor adventures with his family, watching movies, reading, and an unofficial (unpaid) side gig as a Game Master Consultant for several friends who play table top RPGs. At TCM, Josh has found a home where his passion for storytelling and cybersecurity meet. “Once men turned their thinking over to machines in the hope that this would set them free. But that only permitted other men with machines to enslave them.” – Frank Herbert
About TCM Security
TCM Security is a veteran-owned, cybersecurity services and education company founded in Charlotte, NC. Our services division has the mission of protecting people, sensitive data, and systems. With decades of combined experience, thousands of hours of practice, and core values from our time in service, we use our skill set to secure your environment. The TCM Security Academy is an educational platform dedicated to providing affordable, top-notch cybersecurity training to our individual students and corporate clients including both self-paced and instructor-led online courses as well as custom training solutions. We also provide several vendor-agnostic, practical hands-on certification exams to ensure proven job-ready skills to prospective employers. Pentest Services: https://tcm-sec.com/our-services/ Follow Us: Email List | LinkedIn | YouTube | Twitter | Facebook | Instagram | TikTok
Contact Us: [email protected]
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.