No video :(

A Day in the Life of a Cyber Security (SOC) Analyst (MSSP)

Подписаться 35 тыс.

Просмотров 42 тыс.

50% 1

Curious about the exciting world of a Tier 1 Jr security SOC analyst in a managed security service provider? Dive into their day to day life and discover what they typically do. Gain valuable knowledge in learning how to take advantage and practical tips for pursuing a career in security analysis.
If you want to become a SOC Analyst grab the no BS SOC roadmap here
mydfir.gumroad...
#SecurityAnalyst #Cybersecurity #careertips #mssp #SOC #cybersecurityanalyst #dayinthelife
_________________________________
THE MYDFIR SOC ANALYST COURSE:
With 8 chapters and 30+ hands-on labs tailored to security operations, I am focused on transforming you into a standout SOC analyst. Beyond tools, you'll master the investigation process and uncover hidden details. Let's make a real difference together.
▸Enroll here: academy.mydfir...
_________________________________
SIGN UP FOR FREE MENTORSHIP
Getting started in Cybersecurity is difficult and you don't have to do it alone.
Let me help you on your journey.
▸Sign up for FREE here: www.mydfir.com...
_________________________________
RECOMMEND COURSES FOR BEGINNERS:
Coursera Google Cybersecurity Program
Affiliate Link - imp.i384100.ne...
Microsoft Cybersecurity Analyst Professional Certificate
Affiliate Link - imp.i384100.ne...
Coursera Google IT Support Professional Certificate
Affiliate Link - imp.i384100.ne...
_________________________________
PRODUCTS TO HELP YOU GET STARTED
🗺️ 1-Year Cybersecurity Roadmap: mydfir.gumroad...
📄 Resume Template: mydfir.gumroad...
📑 Cover Letter Template: mydfir.gumroad...
🎙️ Interview Questions: www.mydfir.com...
📚 Cybersecurity bookmarks: mydfir.gumroad...
_________________________________
EARLY ACCESS & EXCLUSIVE VIDEOS
Patreon: / mydfir
_________________________________
🕒 TIMELINE
00:00 - Intro
00:57 - Day in the life
01:25 - Monitor Queue
01:53 - Create Ticket
02:02 - Triage
02:35 - Escalate or Close Ticket
02:42 - Use case tuning
03:11 - Summary
03:18 - Number 1
03:24 - Number 2
03:33 - Side Note
03:44 - Number 3
04:10 - Number 4
04:28 - Number 5
04:35 - How to take advantage
05:20 - Story
06:10 - How to improve
_________________________________
FOLLOW ME ON SOCIAL MEDIA:
▸Instagram: / mydfir
▸X: x.com/@MyDFIR
Disclaimer: All opinions in my videos are solely my own. Some links provided are affiliate links!
#cybersecurity #cybersecuritytrainingforbeginners #cybersecurityforbeginners #socanalyst #soc

Опубликовано:

16 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 131

@MyDFIR Год назад

SIGN UP FOR FREE MENTORSHIP Getting started in Cybersecurity is difficult and you don't have to do it alone. Let me help you in your journey by providing you with tips to put you on the right path. ▸Sign up for FREE here: MyDFIR.com

@distinguishedcatt Год назад

This kind of videos happen once in a blue in my recommendation! I'm 101% fan. And I loved that you are very concise. Keep it up, I'm looking forward to seeing your new videos

@MyDFIR Год назад

Thanks for the kind words ❤️ videos every tuesday & thursdays!

@neverhomepnw Год назад

Thanks for making things simple to understand. I am studying for CYSA+ and looking to start off as a SOC. Looking forward to more videos!

@MyDFIR Год назад

Thanks for watching! Best of luck on the cert and your job hunt

@callmebigpapa Год назад

Just remember VT is not perfect. Blue Teaming really is a Team sport. The scope of what you have to know is vast. You need lots of brains so use your teammates. Also AI is helping now with some analysis. Also Cyberchef for the win!

@MyDFIR Год назад

Love this - You are absolutely correct. I've seen SOC analysts rely on VT to the point where if it is green == safe. There is such a thing called evasion, 0 days etc. Keeping this in mind and look for CONTEXT will help you fully understand what you are looking at. Couldn't agree more with the team sport. Communicate, collaborate and you'll be golden. Cyberchef ♥

@johndank2209 Месяц назад

@@MyDFIR what do you do if virustotal doesn't recognize a specific process hash?

@joshholmes1372 10 месяцев назад

This video just makes me happy we run a tierless soc. Everyone is trained on an expected to know how to do almost everything except somw admin stuff.

@MyDFIR 10 месяцев назад

Thats awesome - I’ve seen some of these and they work wonders.

@ericperry72 4 месяца назад

What company?

@kimjayme357 Год назад

Hey man, I just started as a SOC Analyst last June 5. It's almost a month now and all you're saying is literally the summary of a Tier 1 SOC Analyst. Great video man :D

@MyDFIR Год назад

Thanks! Congrats on starting as a SOC analyst! How is it so far? Do you enjoy it?

@saywhat4229 Год назад

Did you get the job without a degree ?

@kimjayme357 Год назад

@@saywhat4229 I have a degree in Electronics Engineering

@Vyper443 Год назад

on-site or remote yung work mo?

@kimjayme357 Год назад

@@Vyper443 on-site po

@thatboisam2378 Год назад

Good video, I'm currently an intern for the service desk and a rising sophomore at college, which hopes of being an analyst. Thanks for the information.

@MyDFIR Год назад

Awesome! Experience in service desk would compliment your skills overall, not just in cybersecurity. Great start and if needed, let me know how I can help!

@gokusguns8818 Год назад

I just finished my first week as a SOC Analyst I and this is one of the best videos explaining the day in the life, good job bro keep it up! Do you have any tips on how to know what to look for/know it is normal?

@MyDFIR Год назад

That is a great question. First - Congratulations on becoming a SOC Analyst!!! In terms of tips on how to know what to look for - This is a topic that I love talking about. I want to introduce you to the MITRE ATT&CK framework. This should provide you with some understanding of what to look for as MITRE will introduce you what a threat actor may perform to reach their objectives. As for "know it is normal", each organization will be different so I cannot explicitly say that is bad and that is good. Instead, I'll direct you to SANS FOR508 poster and combining the two, MITRE ATT&CK with SANS Poster, you should be in good hands. MITRE: attack.mitre.org/ SANS: www.sans.org/posters/hunt-evil/ I hope that helps.

@Nick-jo1cm Год назад

I am having a hard time landing my first SOC analyst position. Any advice, also cheers on the new job!

@johnvardy9559 Год назад

could you give us some inforamtions,which tools did you used and was that , great to hear that.

@johnvardy9559 Год назад

Goku give us some Tips.

@nikkiem.4573 Год назад

Congratulations on your new role! If I may ask, slightly off-topic, how long did it take to get hired from your application to your first day?

@ohlookitsalex Год назад

this was incredibly helpful!!!

@MyDFIR Год назад

Thanks! I am happy to hear that 😁

@user-xc5vj1hb6w 9 месяцев назад

Hello sir Thank you for the video, and we support you with new video to help us better understand our environment as an analyst soc MSSP.

@0xC47P1C3 3 месяца назад

Lab work, lab work, lab work. Nothing beats getting your hands dirty with this stuff

@MyDFIR 3 месяца назад

100% agreed!!

@bluemarvel697 Год назад

Unfortunately, In some SOCs the T2 doesn't know much more than the T1 so getting assistance on new alerts isn't so easy in those circumstances. What would you suggest in those situations?

@MyDFIR Год назад

Great question and I've experienced that quite a bit unfortunately. In those cases, I'll try and look for documentation on those alerts. Typically there is a master file of alerts/usecases with definitions and what it is trying to look for/alert on. IF there is no such document, ask amongst your peers and see if they are able to assist

@Vyper443 Год назад

I have been looking for these kind of videos. Thanks for the explanation man 👊

@MyDFIR Год назад

Glad you enjoyed it!

@Vyper443 Год назад

Did you get any certifications before entering cs?

@MyDFIR Год назад

@@Vyper443 The only certificate I had was CCNA. I had 1 year work experience in IT Support prior to starting my first role in cs.

@KenPryor 7 месяцев назад

Just found your channel yesterday and I'm really liking your videos. I think I'd love working in a SOC but have to wonder if I'm too old. I'm a retired police officer/digital forensic guy and used to hold the GCFA, but that's been about 8 years ago. Not sure if I''m past the point of getting into something like this. Anyway, really liking your content and keep up the great work!

@MyDFIR 7 месяцев назад

You’re never too old. If you want to do it I’d say go for it! Try and apply and see what happens 😁

@user-xc5vj1hb6w 9 месяцев назад

I'm a SOC analyst, but as a beginner, in our department, we lack processes and documentation. This causes us to often get stressed about alerts. I'd like to have some examples of processes and documentation that a soc analyst can use. It will help me a lot as well as our service. Thank you in advance for your reply.

@MyDFIR 9 месяцев назад

It really depends on each organization however you mentioned "we lack processes and documentation" what exactly are you missing? or how do you know you are lacking processes/documentation? The answer to that question is where you put your focus on building said documentation. For example, not sure what a certain alert means? or how to track false positives? Create documentation on it and outline the steps. Hope that helps!

@OLAScape_ Год назад

Thank you for this, this is absolutely helping with my career choice in joining CyberSec. Theres a lot of videos talking about the pay/WFH aspect, but people need to realize no job with that pay is sunshine and rainbows. With that being said i feel like anyone with a desire to learn and get knee deep in a problem will have a good time in this industry and be rewarded accordingly. Thanks again for the fantastic video.

@MyDFIR Год назад

YES!! For me, the correct mindset is required to excel in this field. "I feel like anyone with a desire to learn and get knee deep in a problem will have a good time in this industry and be rewarded accordingly. " - Spot on my friend.

@OLAScape_ Год назад

@@MyDFIR HA! Well i'm glad i have the right mindset. Currently i'm working as a Jr. sys admin mostly making automation scripts and such for our company to keep track of all our networks, but eventually im hoping to making the tranisiton in to CyberSec once i actually get some certs for that pesky HR software lol...

@MyDFIR Год назад

@@OLAScape_ 🤣those darn pesky HR software... You know how to find me if you have any questions!

@Ricknroll9 Год назад

Thanks, great video. I like to see content like this bc keep me motivate to studying and get a job as soc analyst #BlueTeam

@MyDFIR Год назад

Love it - stay motivated, you’ll get there.

@cryptomarkla69 Год назад

Thank you for the video!

@MyDFIR Год назад

Anytime! Hope you enjoyed it 😃

@blackamericanlesbianprofes4357 11 месяцев назад

I see your video in my RU-vid suggestions. Thank you for sharing your thorough career experience. I am building my next career as a Forensic Accountant or similar Investigator, especially with technology investigations. I want to learn more about Cybersecurity to help me build. I finally have some time to start back with looking to further my SANS Cyber Aces beginner information I was learning on my own briefly last year (I have been busy learning my new work position this year). 02sept23

@MyDFIR 11 месяцев назад

Awesome! I am super excited for you - Let me know anytime if you have any questions along the way, ill be happy to provide support!

@PCX425 2 месяца назад

Are you finding yourself doing a lot of research after normal work hours to keep up with new security threats or are you learning as you monitor and investigate these issues?

@MyDFIR 2 месяца назад

Great question - When I was working in a MSSP, it was quite difficult to do any research or learning due to the fast paced environment. After a shift I would be mentally drained and wouldn’t want to do anything outside of work. But long story short, i learned on the fly. I tried leaning on senior analysts, reviewed others work and tried to understand why/how they came to that conclusion. As for learning new threats, I tried to take 30minutes to read whats happening around the industry before I began my shift.

@RoryM_ Год назад

Good advice, cheers dude! subbed.

@MyDFIR Год назад

Thanks!

@cuddy90210 Год назад

Very nice video, thank you so much!.. I'm strongely thinking about becoming a Security Analyst... how realistic is it to expect to work a (Monday thru Friday/9 to 5) schedule?

@MyDFIR Год назад

If you are planning on becoming a JR SOC analyst, those hours are quite rare and typically given to senior analysts (tier 2/3 for example). However, some SOCs have offices all over the world so 9-5 might actually work but in most cases, I have not seen this except during the probation periods (first 3 month of hiring). I'd say don't let that dissuade you, instead break into the field and work your way up. You'll land that 9-5 sooner than you think :)

@lamilem5615 8 месяцев назад

Thank you 🙏

@MyDFIR 8 месяцев назад

Thanks for watching ❤️

@christoferrian Год назад

nice explanation, thank you sir

@MyDFIR Год назад

Thanks for watching!

@librev5881 4 месяца назад

I currently work at an SOC as an alarm monitor, do you have any recommendations on how this may relate to security work? I am currently finishing up my Google cybersecurity certificate and then it will be on security+

@MyDFIR 4 месяца назад

Hm I could assume what that role entails but if you could provide me with some more details I could see how it might relate. Great path so far!

@johnflorence2672 9 месяцев назад

leaving tier 2 firewall vendor support to pursue a soc carreer, I understand how hectic it gan get, but not having to make customer calls and fixing their company bad implementation (and ofc blaming the vendor device) is a plus +++ to me, idk, maybe I'm just burnt with customer support

@MyDFIR 9 месяцев назад

Bad implementation 😂 these make me cry when I am doing an IR… especially if they are using default settings

@treninajohnson3304 Год назад

Thank you for this video! Do you mind sharing how you got into this role? Did you start at Help Desk?

@MyDFIR Год назад

I am glad you enjoyed it! - I did start off my career as a Help Desk analyst and eventually transitioned into cyber security about a year into that role. My journey on how I got started: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-npgMSETCKfM.html

@treninajohnson3304 Год назад

@@MyDFIR Awesome! I should be hearing back today for a Help Desk role. I'm trying to decide which sector I would like to go into, but as for now, I'm going to focus on my experience at Help Desk and hopefully it provides some clarity for me.

@MyDFIR Год назад

@@treninajohnson3304 Sweet! Best of luck to you! If you ever need someone to bounce ideas off of, I am always happy to help.

@MyDFIR 8 месяцев назад

Hey! Just wondering if you heard back from getting that help desk role?

@treninajohnson3304 8 месяцев назад

@@MyDFIR hello! No, I didn't. I landed a sales job as a Business Development Representative and I hate it! It was very hard to land a help desk job with my lack of skills. Thanks for checking in.

@skyscope8409 Год назад

Just passed my Comptia Security + but I don't have any other IT work experiences. Do you think i should apply for a SOC tier 1 role or until i get the Comptia Network+ as well? Thanks!

@MyDFIR Год назад

You can apply but simply having a certificate likely will not be enough. Network+ is great to reinforce your networking knowledge and ill always stand by it however, I would recommend tackling some labs and target those job specific related skills as well.

@YaseenAliKhan804 Год назад

I am your 50th Subscriber

@MyDFIR Год назад

Thank you!! Never thought I would hit 50 subscribers this quick 😭 super grateful

@Wesjapa100 9 месяцев назад

Thanks for this overview! How often do you use SQL, Linux or Python at your job, or if you use either at all? Just seems to me that everything taught on Google Cert is kind of overwhelming, I mean, there are different instructors for each course/skill so I don't think one person can be very good in all those skills, but at the same time, if they teach all of that, are we supposed to know that all when we are starting???

@MyDFIR 9 месяцев назад

Great question! It all boils down to the role and responsibility. Where I al at, I maybe use Python 5% of the time? That is me trying to craft a quick script or modify an existing script but that is about it. However, compare that to Linux, I use that almost every time when I am involved in Incident Response. In short, agree that it can be overwhelming but take these as “good to know” vs trying to be an expert at it. It is a good idea to be exposed to these and have a basic understanding. Hope that helps!

@Wesjapa100 9 месяцев назад

@@MyDFIR Yeah, I realised that I need to understand better the roles and focus/improve on 1-2 skills to get started and after that, I can go back to the other "good to know" skills to grow in the profession. Changing careers is really challenging. 😅 Cheers! )

@koushikraj9815 Год назад

Can make video for example. So that I can under process deeply and directly apply as experienced job. All fresher job asking min 6 months eco but how can get eco fresher

@MyDFIR Год назад

Hey! To clarify, did you want me to create a video on how to obtain experience?

@welovefootball2026 Год назад

After obtaining the security+ snd CASY+, which cert do you think should be next?

@MyDFIR Год назад

Depending on what your domain of interest is in, you could go for Blue Team Level One. However I would recommend making sure you dedicate some time for hands on lab work as well

@0xg484 Год назад

I love BTL1, just finished their BTJA. Quality platform/cert IMO@@MyDFIR

@ksherman51 Год назад

greatvideo thanks! should make a discord

@MyDFIR Год назад

Thank you! Discord is in the works 😀

@johnvardy9559 Год назад

which tools you need for network analysis ?

@MyDFIR Год назад

I typically use wireshark if the pcap is not too large otherwise ill utilize Zeek, tcpdump. These are great tools for network analysis.

@johnvardy9559 Год назад

@@MyDFIR glad to hear that,also im trying to learn wireshark i spent a lot of time and i found already more than 4-5 tools and i feel overhwelmed.Also for tcpdump any resource? i though what was only for real capture nothing else.

@MyDFIR Год назад

@@johnvardy9559 TCPDump can capture and read packets. I usually combine that with egrep with awk/cut to really help with the output. Some people also like to use ngrep however, I've yet to use that actually.. I should probably try it out. The key here is focus on 1 tool for now which I recommend is Wireshark. This tool has helped me in many investigations, great resource to get comfortable in.

@johnvardy9559 Год назад

@@MyDFIR hi There, about nmap is something we need?

@MyDFIR Год назад

@@johnvardy9559 something we need? Not really but something to know about? Sure. As a SOC analyst you likely won’t need to use nmap but it is a tool that doesn’t hurt to learn.

@johnvardy9559 Год назад

Which tools you use more in the days tasks?

@MyDFIR Год назад

Various types of tools as it will depend on your clients. Typically expect some sort of cloud based solution so the Microsoft stack (Defender for xyz, Azure Sentinel) or mix of CrowdStrike, Chronicle and/or Splunk.

@johnvardy9559 Год назад

@@MyDFIR I think Cloud become "must".I'm thinking BLT1 cert do you recommend as a first cert or to go on Cloud? Thanks your feedback was incredible with sense.

@MyDFIR Год назад

@@johnvardy9559 If I had to choose, I would go with BLT1. Yes the cloud is becoming a "must" but learning how to investigate should be primary focus if you want to get into a SOC environment. After, I would focus on getting some familiarity with the cloud.

@johnvardy9559 Год назад

@@MyDFIR you are the best thanks for everything

@1haychem Год назад

hey bro, im going to start cybersecurity next year, would you say it’s good to get a degree in it and to get certs at the same time? will it look good when applying for jobs in the future?

@MyDFIR Год назад

Yup, if you have the time and resources, i would highly encourage that. The certs should help compliment your knowledge learned via degree. I would also throw in there some hands on experience as well. Good luck!

@Unforgettableblackness 8 месяцев назад

How can i become a SOC what are the steps to start

@MyDFIR 8 месяцев назад

I am assuming you are asking how can you become a SOC ANALYST vs becoming an actual SOC 😂 - Start your fundamentals, identify areas where you are weak in (IT/Network/Security) and work towards improving that. Then start to look for hands on experiences, there are free ones out there. Work on networking with people in this industry, update your resume and have a blog/github or anything to showcase your projects. - Afterwards, you can try to find a SOC related junior position. Hope that helps!

@Dahlah.FightMe Год назад

Nice :D New Subscriber on 2,12k :v

@MyDFIR Год назад

Thanks for subbing and supporting the channel!

@daddyfatsack68 Год назад

SO u r on the defensive side right?

@MyDFIR Год назад

Yup and I am loving it!

@VanguardxGaming Год назад

Is $50-60k for a tier 1 soc analyst kinda on par ?

@MyDFIR Год назад

That is pretty much spot on. Of course depending on where you live/work will be a factor.

@intelligentDrakwebsite 2 месяца назад

system hydrogen

@k0d4x 6 дней назад

Költhetnél a kinézetedre egy kicsit mert kilométerekről látni, hogy informatikus vagy

@onionboy7271 Год назад

owning the new alert is not scary, the scary thing is no body wanted to entertain/help you to solve that together. Or higher tier solve them by themself without involving you and you are in the dark. What even worse, the alert is causing something down, you make it even worse~~~lol~~~

@MyDFIR Год назад

Haha this is true - I take it you have experienced all of these? "higher tier solve them by themself without involving you and you are in the dark" This unfortunately happens so often but then there are times where the senior analyst actually put comments in the ticket on how they solved it but the junior analyst does not read & learn from it :(

@onionboy7271 Год назад

@@MyDFIR this is a channel where you not only getting something away from the content but from comment as well...😊 most of the time, update in ticket from higher tier will not be details enough to understand what exactly has been done. maybe i'm too dumb to understand. I actually sometime reach out to higher tier and ask more about it and no getting response or they will say something like it's not tier 1 responsibility....story end. btw, your reply seem very ai...lol

@MyDFIR Год назад

@@onionboy7271 LOL! I’ll take that as a compliment? 😂

@saywhat4229 Год назад

Shave your chin

@MyDFIR Год назад

Never!!!!

@Stankfish420 Год назад

Hey bro, nice vid. Just wondering if it’s a complete must to have a degree for this field. I have former law enforcement experience but only a few semester of college completed. Currently working on getting a CompTIA A+ and a few more certs before applying for a help desk position. Thanks for any info!

@MyDFIR Год назад

"Must have", no BUT will it help? 1000% Yes. - If you are in the position to obtain a relevant degree, I would say go for that option. CompTIA A+ is a great certificate to obtain to understand IT, good job on taking the initiative to work towards that cert. I have confidence that once you obtain A+, it will help you in search for that help desk position. Keep in mind that for junior roles, soft skills are more important than technical skills. Having both will make a killer combo. Good luck in your search & studies!

@Stankfish420 Год назад

@@MyDFIR thanks brother

@zigzagzallakabam4823 Год назад

@MyDFIR would skipping a+ and just getting security+ be good for a helpdesk role? Previous helpdesk role experience, years ago though.

@sigma-yn3qd Год назад

Soc analyst = tech support

@MyDFIR Год назад

🤣to some degree, this is true - Instead of receiving phone calls you receive alerts haha

@blackamericanlesbianprofes4357 11 месяцев назад

That makes sense. But you, sigma-yn3qd, do realize tech support is a demanding job. Many individuals and companies need that support consistently because of costs, time, knowledge, etc.

@sigma-yn3qd 11 месяцев назад

@@blackamericanlesbianprofes4357 yes i know but it's still basically tech support