day in the life of a soc cyber security analyst (you NEED to learn these security tools RIGHT NOW!)

Подписаться 82 тыс.

Просмотров 35 тыс.

50% 1

So you want to become a soc cyber security analyst?! Ever wondered how soc (cybersecurity) analysts REALLY work from home? Are they living up to the expectation? Well... Let's find out!
Timeline
0:00 Intro
0:52 Types of Tickets/Alerts
3:27 Breakdown of High Severity Alert
Cybersecurity Certification Study Resources
CISSP Study Guide - amzn.to/3LmjOLM
CISSP Practice Tests - amzn.to/3oreDRO
Security+ Study Guide - amzn.to/3mTGPwg
A+ Study Guide - amzn.to/3KWS27n
Check Out My Setup
Gaming Chair - amzn.to/3V0nAhg
Monitors - amzn.to/3L1DVgT
Mouse - amzn.to/3H6A5Su
Keyboard - amzn.to/3mNXLVa
Microphone - amzn.to/40BQPId
Camera - amzn.to/41BqwmX
Disclaimer: Some links are affiliate links.
Welcome to Mad Hat. I'm a Cyber Security Analyst at an undisclosed Fortune 500 company. Here, we talk about tips and tricks on how to land a successful career in tech. If you are interested, make sure to hit that subscribe button!
Filmed with a fancy razer camera - link above!
a day in the life of a cyber security analyst
a day in the life of a soc analyst
what do cyber security analysts do
what do soc analysts do
what do cyber security analysts do on a daily basis
what does a soc analyst do on a daily basis
typical day for a cyber security analyst
what do soc analysts do on a daily basis
what do threat detection engineers do
what is threat detection engineering
Music by Infraction
Link to channel: / @infraction
Music provided by Ross Bugden
Song: Intense and Upbeat Electronic Trailer Music - Black Heat
Link to video: • ♩♫ Intense and Upbeat ...
MAD HAT
Cyber Security Professional - All Things Tech
#DayInTheLife #CyberSecurityAnalyst #SOCAnalyst
#ThreatDetectionEngineering #WorkFromHome #madhat

Наука

Опубликовано:

4 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 122

@Jesse_Johnson Год назад

Open up your CherryTree 🍒. Take notes kids. This is the real OG shizz right here.

@madhatistaken Год назад

😎

@bigbojangles4585 Год назад

Bro your content is exceptional! The videos you created about your job have been incredibly helpful. I've learned so much from them, but I'm still struggling with how to apply what I'm learning to real-life situations. That's why I find the stories you share so valuable, they help connect the dots and make the information more relatable. I have an idea for a future video(you have some similar content): it would be great if you could share some of the things you wish you had known before starting your job, or things you felt were unnecessary to learn. Additionally, it would be interesting to hear about the skills or knowledge that actually helped you in your job and made you feel more prepared.

@madhatistaken Год назад

Thank you for watching, I'm glad to hear it's somewhat helpful! Definitely adding that to the upcoming video ideas, there's a lot I would do differently going back. Awesome idea! 💚

@bigbojangles4585 Год назад

@@madhatistaken HELL YEAH, I DID AN IRL FIST PUMP WHEN I READ THIS. I honestly don't know where it even came from, I never do that.

@madhatistaken Год назад

@@bigbojangles4585 😅 I hope it's worthy of your excitement. I'll try to provide some good info in it 💚

@shuttlecrab 11 месяцев назад

Well freaking said

@octaviouswilliams1091 Год назад

My guy, your content is super entertaining and informative! Please keep it coming.

@madhatistaken Год назад

I'm glad to hear it was helpful! I'll keep trying to provide informational and somewhat humorous security content, thank you for watching! 💚

@jamest9638 Год назад

Love your humor with all your videos, keep this runnin! I myself, taking notes to aid me heading into the blue team side of things. You rock!

@madhatistaken Год назад

Thank you for watching! 💚 Keep keepin on with the learning! I'm learning tons daily 😅

@clacketyclack 10 месяцев назад

Hiya bud, just wanted to say you have a new subscriber! I’m currently 15 years working a non IT job and thinking of doing a career change. Your stuff is a mix of really informative, high value content and belly laugh inducing skits. Thanks for what you do.

@chaya6344 Год назад

Keep us update if you manage to move up on a different position. Great video as always!

@madhatistaken Год назад

I shall make awkward update videos as I progress through! 😅 Thank you for watching! 💚

@jesseC0806 Год назад

Insightful! Awesome video mad! Thank you!

@madhatistaken Год назад

Thank you for watchin'!💚

@AugustusAsgeir 11 месяцев назад

So grateful for you bro... goin towards this path myself

@quintonswader3041 Месяц назад

Thank you for all of your videos. Between you and OTW I have a better understanding of what "Cyber Security" truly is. I now have an idea of what direction I would like to go in the industry.

@trapizonn3603 11 месяцев назад

I’m happy i stumbled upon your channel i will make sure to utilize this information.

@jurielle3231 Год назад

Man great content, subscribed, I'm also a new hire SOC Analyst this was a great help on what to expect!

@SnipesRuntheNavy Год назад

Great channel man!!

@madhatistaken Год назад

Thank you! I'm tryin 😅💚

@miguelothemelo7396 Год назад

Been looking into data analytics and cybersecurity. For a second job would love to make it my main career. Thanks for the knowledge

@romancancode Год назад

love your style of content its dope

@madhatistaken Год назад

💚

@Strive117 Год назад

Great videos, gonna learn the terms / tools and just paste that into the Resume and we'll see how it goes.

@madhatistaken Год назад

Fluff up your resume with buzz words for sure! I'm suspicious with my last batch of applications. Thinking there's a lot of automation involved and just pumping applications through a bot 😅Let us know if you land some solid interviews!

@YankeeTM 10 месяцев назад

Could you make a video on how you deal with suspicious outbound connections? Loving your videos!!!

@eagletvv4926 Год назад

Great video thanks :)

@Bangarang341 3 месяца назад

i digs me this content, my dude

@evemackenzie6138 Год назад

Wow i didnt know that soc analyst's life is so interesting! Cant wait to finish my courses and get a job as a soc analyst!

@R_echonnect77 Год назад

New subs. Yeaah Awesome humor also insightful vid 🤙 more vids pls 🤙

@madhatistaken Год назад

💚

@jacobferguson35 Год назад

Wooo let's get you going on the algorithm hit all the buttons!!

@shuttlecrab 11 месяцев назад

Entertaining: ✅ Informative: ✅ Easy to understand: ✅ Inspiring: ✅ Really glad I came across your videos. The first one was the review of the google cyber cert with coursera, which was also mega helpful. Looking forward to watching more of your content. Keep up the good work and best of luck in your endeavours!

@madhatistaken 11 месяцев назад

Thank you for the kind words of support! I'll keep trying to make helpful stuff that is edu-taining. 🫡💚 Hope the Google cert was helpful!

@zorooverluffy2665 Год назад

Great video

@madhatistaken Год назад

💚

@fahadmussadaq8222 10 месяцев назад

Hey Mad Great Video, Can you please make a video on how you landed the remote job and how can we connect with a recruiter who can help us land an entry level job. Thanks

@franklinmccullough85 Год назад

Comment for algorithm. Plus I'm curious how your journey to 100K is going. Looking forward to your progress!

@madhatistaken Год назад

Me too!🤞🤞🤞 Maybe I'll get the Facebook job and spill all the security secret sauce and beans to all y'all 😅

@Denspion 6 месяцев назад

I'm currently working toward a bachelors in Cyber Security, and I'm still early on in the process, I do consider myself tech savvy and IT literate, though even just preparing for my CompTia A+ Core 1 and Core 2 certs, feel I may be in a bit deep. Now I know I need to learn Python and command code and more down the road, just want to make sure i'm not in over my head.

@thtnydude 11 месяцев назад

So I just wanted to say, I have been so sure that I wanted to be a Red Teamer, and I just want to say that you're making Blue Team look cool.

@domnuinginer2011 2 месяца назад

Thanks for the video! What's the other EDR solution you've mentioned that complemented the Crowdstrike one?

@missmary7503 Год назад

Great content madhat. Are the baselines written in companies SOP or you just have to figure it out

@madhatistaken Год назад

Our company doesn't have a baseline, I'm not sure most would as that would be difficult to create and upkeep. The threat rules have suppressions and false positives in the coding notes which does provide some insight to baseline behavior, however most alerts are more one of a kind where I have to use a combination of previous knowledge on what is normal behavior from operating system process and programs AND a lot of figuring it out as I go along. Since there's so much available old/new software that I've never heard of. I often have to research the reputation and weigh the business use case to determine whether or not an uncommonly used program should be allowed to remain installed on an endpoint.

@0ijm3409fiwrekj Год назад

4:30 If you can share, what was your other EDR solution? was it SentinelOne?

@jeffu3248 10 месяцев назад

🔥🔥🔥🔥

@CyberFraudDawg Год назад

It feels nice to know that there are "experts" out there that are about 2 youtube videos smarter than I am. There's still hope for me.

@madhatistaken Год назад

I'm not an expert, but I've been told confidence goes a long way. I don't like to think I'm smarter than others, but the old adage "if you're the smartest person in the room, you're in the wrong room" comes to mind. I'm just trying to learn and feel like my learning curve in my current position is coming to a plateau, I find myself frustrated when I ask my fellow junior analysts questions only to get information I've already pointed out 😕 and I'm not blunt enough to say "I already knew that" and so I will listen as they explain for a few minutes. I know you're probably just as qualified (probably more) to do this job, but I hope I can at least be entertaining 😅

@orlovskyconsultinggbr2849 11 месяцев назад

I would like to hear some sort of review of the tools which used in the enterprise, because people there a lots of people.

@user-pf1hq5cs4d 11 месяцев назад

Please teach about Crowd strike and fishing Email

@yuverris Год назад

just how many cybersecurity positions can in a company also is coding/programming required for the majority ? and btw I really like your videos man great mix of decent content and humour

@CybSengh Год назад

Coding isn't really require unless you are a cybersecurity engineer. Cybersecurity analysts have many premade tools for doing what they need, but can also write their own scripts to do specific things they need.

@jasonsmart3141 7 месяцев назад

Is your job as a SOC analysts very stressful? Medium or low stress?

@dropz285 10 месяцев назад

What best helped you read Python logs better?

@vicariousviews007 11 месяцев назад

What can you recommend to study between gaining certs in coding & security+ and gaining employment to ensure one is ready to understand the necessary fundamentals for the interview process?

@jerk_berk 10 месяцев назад

If you’re just breaking in, I’d honestly recommend doing the google IT support and the Google cyber security cert. those certs won’t land you a job by themselves, but the info they provide with a beginner friendly presentation, it’s great 👍🏽

@grimmcat9727 4 месяца назад

Nice

@tracetv8115 11 месяцев назад

Can you drop a few names of the tools u use? I not, maybe some smiliary tools that are good to start with?

@allsdani Год назад

'We're all exactly where we need to be in life", yeah bud! You just slayed the imposter syndrome dragon right there!

@RandomVideos-hm3kg 10 месяцев назад

in order to be a Sec analyst 4 do you need code languages?

@abdelmalekamine7318 7 месяцев назад

What do you think about splunk?

@dancarpenter419 10 месяцев назад

Is a SOC analyst still a good starting career path ?

@anounTT 9 месяцев назад

I noticed you didn't mention reading the python file and seeing exactly what it was doing.

@trancefighter Год назад

hey bro what vm do you recommend for setting up a home lab on a Mac?

@madhatistaken Год назад

We used VirtualBox and VMWare all throughout my bachelors courses. I preferred VirtualBox for how easy it was to setup/use. You can even install a copy of KaliLinux on it so you don't have to deal with dual boot 😅 M1/M2 chips made compatibility tough...

@vinyldown8490 Год назад

I would love to see more triaging 101. basic stuff. thank you

@vinyldown8490 Год назад

I mean, how do you go to investigate a specific alert, how do you assume if something is malicious /suspicious or not. I work as soc level 1 and the impostor syndrome hits me hard

@madhatistaken Год назад

@@vinyldown8490 I treat every alert as guilty until proven innocent 😅 Regardless of where the alerts is generated (SIEM, EDR, etc.) I check what conditions were met in the alert to cause it to fire. Was it a process, installation, cmd line, etc. I treat installations with more scrutiny and have to dig up where the installation came from, what is normal file paths for the installation, who is installing and why would they need it, file hashes, check for process injections, potentially side loaded dlls. I just run through the surrounding processes to see if there is anything out of the ordinary. Sometimes it's just checking all the artifacts and activity and just knowing that all of it as a whole is benign. If I'm not sure on something I'll ask other analysts to check over what I've found so far. If I'm still not sure I'll reach out/escalate to senior analysts. My boss said it just takes time for you to get better at understanding and identifying what is suspicious/malicious in OUR environment and that every organization is different.

@madhatistaken Год назад

Maybe I can make a triaging 101 video where I go through a few alerts at once and then let people guess what's malicious and not before moving on in the video 🤔It's unfortunate how many false positives there are because it gives you a false sense of security 😅

@vinyldown8490 Год назад

@@madhatistaken thanks this is great. Two things, 1st how many alerts do you have each day. In my previous job I has 15 a day and I could do that. In the Qradar I am right now, we have 200qradar offences per day, and all of that would be impossible. ( tuning is almost an unknown word in the organization I am in right now)

@madhatistaken Год назад

@vinyldown8490 I'm definitely on the 20 alert end like your previous position. If you're expected to bust through that many alerts then I imagine understanding baseline is even more important so you can make quicker decisions. Our security department used to have thousands of alerts daily and 30 security analysts before it was overhauled with different security tools, tuned, and the IR team brought down to roughly 10. Funny enough our SIEM used to be Qradar, but my bosses didn't like it 😅 If you're handling primarily SIEM alerts then checking the user field, URLs, IPs, and a few other artifacts might be good places to check for baseline normal behavior.

@everything-om3zx Год назад

any suggestion on how i can get a job? i applied to more then 400 jobs and i cant get any, i have eJPT, Security +, Cysa +, some other certification of completion and i also studied cyber security in a University bootcamp. and i still cant get any interview.

@madhatistaken Год назад

If you're not getting any interviews your resume might need tweaking and/or you might need to apply to more jobs. I applied to over 1000 and only heard back from 15 or so and only got recruiter interviews over the phone from about 6 or so. Have you researched resume tips? Do you have any projects, home labs, achievements in hacking sites, CTFs etc listed on it? Hard to say without looking at your resume if it's OK and you just need to apply to more but I'd say you're more than qualified to be landing some interviews.

@richritcherson9347 Год назад

You've mentioned in other videos that you have a degree, but what would you say is the minimum requirement for a soc analyst? As in, education and certs?

@madhatistaken Год назад

Requirements vary widely by company and position. Some positions you can get with just the sec+ and some cyber security projects on your resume. Others will require a bachelors plus several certs to even be considered. I suppose sec+ (if you don't have a bachelors) would be the minimum. The job market is really difficult at the moment, so people need to adopt a continual learning mindset throughout their job application process (and career too) where you continue your education through either certifications or formal college education until you can land that entry job.

@kiiturii Год назад

@@madhatistakenwhat exactly would a cybersecurity project be? Building your own labs or? What type of projects would look good on a resume?

@___m16 11 месяцев назад

Can yoi do these cyber security jobs working at home once you land a job ?

@muthannah-8 4 месяца назад

Is soc analyst a 12hr shift type job or a 9 to 5?

@nahidsarker69 9 месяцев назад

Bro r u an instant responder or SIEM splunk engineer who sits in front of a monitor to monetize the log that are come from the whole system?

@madhatistaken 9 месяцев назад

Both! My job has me doing a lot of different things. With opportunities to do more if I find the time.

@nahidsarker69 9 месяцев назад

@@madhatistaken Bro,i want to be a splunk engineer but don't know the whole certificate or knowledge/experience path. Does it need expert lvl of coding(i hate coding) or how hard it is to be a splunk engineer? Please make a complete video on it🙏. I can't find any video which contains all these informations and i think u can tell it better than anyone bcz u r in this role r8 now🔥

@algorworld7447 10 месяцев назад

I'm weak that he encrypted a sock at the beginning.

@evanj51 11 месяцев назад

im commenting because you said to. Hello World.

@ThatFlyGuy98 Год назад

What state are YOOU froom? I’m in Chicago area soo I’m assuming it won’t be hard to find a cyber gig cas it’s a huge market

@madhatistaken Год назад

I'm originally from California. Currently still on the West coast. Definitely still a huge market right now, proving your qualifications and experience is the hard part though with everyone and their family applying to these remote jobs 😅

@jainabaceesay5147 Год назад

Hi Mad Hat, do I need a degree to break into Cybersecurity? I have a BSC degree in Economics. You are my last hope before I start to give up

@madhatistaken Год назад

You definitely don't need a degree to get into cyber. A lot of government jobs might still require it, however certifications are quickly becoming highly sought after in the private sector. Having a bachelors even unrelated to cyber still shows you're willing to put in the work paired with a few choice certs, you will stand above someone with just certs. Just have to put in the effort to learn the content needed for whatever niche you decide to go after in cyber as it has many roles. A couple of my coworkers now started out from general IT and even a security guard at the company front desk prior to getting into their security analyst roles. My last job I had a coworker who was wicked smart and had a criminal justice degree who transitioned into azure cloud engineering from helpdesk. It's definitely possible! 💚Just have to study up and apply to relevant jobs!

@jainabaceesay5147 Год назад

@@madhatistaken Thank you so much, I will definitely follow this guideline

@PlasmaBurns Год назад

"I've been saying all along that my biggest fear is that someone would program a machine to give a wrong answer. If that were to happen, the machine would still work fine, we just wouldn't know it." - Avi Rubin Professor, Computer Science Johns Hopkins University. "Why am I always being asked to prove these systems aren't secure? The burden of proof ought to be on the vendor. You ask about the hardware. 'Secret.' The software? 'Secret.' What's the cryptography? 'Can't tell you because that'll compromise the secrecy of the machines.'... Federal testing procedures? 'Secret'! Results of the tests? 'Secret'! Basically we are required to have blind faith." - Dr. David L. Dill Professor, Computer Science Stanford University Good luck with all that. its like learning that most if not all VPN companies are CIA honey hole front companies.

@madhatistaken Год назад

Not sure how the secrecy of the vendor provided software is concerning in this particular position. A lot to unpack there. If you're quoting to argue the tools aren't worth learning (I think that's what you're implying), knowing how they function fundamentally still helps in understanding how our data is being "protected", even if it does become fully AI or is "trade secret". Also, I agree that it's highly likely VPN companies are CIA backed, knowledge is power and they have a lot of money to back them up. I don't do anything of value for them on my computers. I do enjoy learning how to know you're being watched/tracked.

@PlasmaBurns Год назад

@@madhatistaken Hmm. if what you say is true then I have the Ultimate test for you. If you really want to see just how far reaching their control of information goes on all global platforms I can tell you, even show you as I have first hand experience. Example. to understand their control mechanisms you simply unleash information we are not supposed to have. I have spent 10 years now gathering and releasing specific information that is 100% forbidden. I have the US Air Force, US Navy, FBI, DHS, Israeli Defense Forces, Anti Defamation League and a dozen or so other govt agencies/private corps all on camera working together to stage attacks on Americans.. I could write a book on how they control/eliminate banned info. I can also name them, show their faces, and their crimes on HD video. Sounds crazy right? Of course, but the problem is I can prove it all. It would be interesting to melt the system with reality but I lack the knowledge on how to do that

@poopsmith4478 Год назад

I hope cyber security isn't a pipe dream I need a new career

@madhatistaken Год назад

Anyone can get into it if they put in the time and effort! It's an exciting career 🥳

@Shokeilive Год назад

Do you ever have downtime?

@madhatistaken Год назад

There was a good bit of downtime when I started, but a few months in we were all given documentation to do plus I was taken on to do the threat detection project. We aren't micromanaged, so I can make some down time provided the ticket queue is taken care of. My boss and his boss have given talks on how "we're all adults" and as long as work is getting done, then we have some freedom in our daily work. Really is an awesome work environment, albeit the pay is less than average 😅

@--Morpheus-- Год назад

@@madhatistakenwould you say 60k is too high for a tabula rasa entry soc role?

@alexandruaxentioi3006 Год назад

Is the voice real?

@madhatistaken Год назад

Indeed it is

@alexandruaxentioi3006 Год назад

@@madhatistaken h4xor

@thelitepredator Год назад

How many months into the job 😂

@madhatistaken Год назад

Too many months

@AlienWarTycoon Год назад

This whole process will be replaced or augmented by AI in the next 2 years. Probably not a great career choice for budding security pros

@madhatistaken Год назад

Same could be said about programming?

@AlienWarTycoon Год назад

@@madhatistaken I don't know about that. I think that it will be able to give great coding samples to integrate into your application but I don't see it generating a full application debugged and ready for production in the next two years

@madhatistaken Год назад

@@AlienWarTycoon Sweet, I'll pivot to programming once I'm replaced 😎