Re: SOC

nawaz73kaif

What do we have to do to get a SOC Analyst job without any professional certification?

I want to become a SOC analyst, but I can’t afford expensive certifications like CEH because the price is too high.

Nawaz Kaif

dcontesti

I suggest that you take the CC exam (it's free and will show the basic level of Security understanding). This would be step one. Congrats, I see you are a member of the CC study group. Try to find study buddy.

Not sure where you are located so cannot comment on what groups have meetings in your areas but you can join or if you are presently working however you could spend time on the Internet studying SIEM technologies (you can find come groups through LINKEDIN) You can read documents from various agencies ( .

https://www.cyber.gc.ca/en/guidance/using-security-information-event-management-tools-manage-cyber-s...) or documents presented free from vendors. This step will provide and understanding of the terminology that is being used.

You should also gain a basic understanding of Networking.

In addition to @emb021 s suggestions, try to find a local group. Try to find a mentor that can help guide you.

d

emb021

@nawaz73kaif Understand that employers are basically looking for knowledge, skills, and experience. Certifications are a way to show you have knowledge, maybe skills, mainly to people OUTSIDE our field.

This is why many companies use credentials like degrees and certifications to weed out candidates quickly before presenting potential candidates to more qualified people to review and possibly interview.

Your focus should be on getting the skills and experiences needed for a SOC analyst.

Take a look at job postings and seeing what skills they are looking for. And note what certifications they are asking for. You should ALSO be networking with peers in the field, IDEALLY with those in your local area, not just ones on international forums. So look for local chapters of groups like ISSA, ISACA, ISC2, etc. Networking is often the best way to get a job then just sending your resume to companies. Further, they can give you practical advise for the field.

There are more certifications out there then just CEH. Look at the certs available from SANS/GIAC, ISC2, ISACA, and CompTIA. ISACA has recently rolled out one aimed at SOC analysts, CCOA. CC from ISC2 is a good entry level cert, as is CompTIA Sec+, despite there being too many of them. CySA+ is also a good one.

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow

Ademola38

Hi, how about earning the free CC badge.

nkeaton

@nawaz73kaif It will definitely depend on the organization’s requirements but could be possible, but you have to become your own best advocate as there are hundreds of thousands also trying based on bad information on the CS field (based on CompTIA’s brag of 700K+ Security+ certified), and no one is handing out jobs. Become aware of cloud data centers and CS local active chapters. Definitely avoid CEH. ECC should be completely avoided. Their ethical issues and questionable training mean that if our folks want a similar certification, we have them do PenTest+ for offensive security. You may want read materials to sound believable in terms and knowledge. There are very few of those positions available at any organization because are not a profit center. Most of us do not do that. ECC was always too expensive, and the ethical issues are fairly flagrant although had smaller lapses for years. If you want to know more about the reason many of us have our organizations boycott them, you can search for thor ceh as he is well respected and did not renew his CEH over it. Shouldn’t be able to sell ethics when have none.

nawaz73kaif

What do we have to do to get a SOC Analyst job without any professional certification?

I want to become a SOC analyst, but I can’t afford expensive certifications like CEH because the price is too high.

Nawaz Kaif