Chapter 1
So You Want to
Be a SOC Analyst
By John Hammond
The thing about being a SOC analyst
The thing about being a SOC analyst is that it isn’t always about being a SOC analyst.
You know the daily grind: signing on to your rapid communication platform, checking the dashboard for any new alerts or signals to triage, and cruising through investigations or writing reports. You’re also keeping up with the news and the latest security events. This is the typical “day in the life” of a SOC analyst.
Don’t get me wrong, that work is incredible. It’s super fulfilling to respond to incidents, hunt for threats, and make a difference in protecting your organization—or many others. Every day is different, too, whether you’re uncovering new malware, finding fresh threat actor activity, or improving security on the frontlines.
But, sometimes, it’s not all it’s cracked up to be. From the outside looking in, it may look like a flashy and cool career, but it’s not always sunshine and rainbows. There are many long days. For example, maybe you’re on shift and your team member is getting online late, and they need to rely on you to finish up some more investigations. You’ve already been working eight hours, you’re tired, and you want to do just about anything other than continue staring at the screen.
Other times, you might be struggling to figure out what a threat actor did or how to unravel a malware attack, or maybe you’re just exhausted and overwhelmed by all the alerts. Alert fatigue is real—our work is plagued by digital alarm bells and figurative sirens going off.
You get to hear about all the success stories, the wins, and the accomplishments, but people don’t always talk about the low points. No one thinks about when you make a mistake while working a case and things go wrong. No one talks about burnout, imposter syndrome, and the long hours, from sleepless nights to working weekends, holidays, and even during vacation time. That stuff isn’t flashy and doesn’t make for an inspiring LinkedIn post.
This book highlights the best parts of being a SOC analyst for a career, but don’t forget that life comes first, and sometimes, life gets in the way.
The Good Outweights the Bad
Sometimes, things get tough, but ultimately, none of these things overpower how awesome being a SOC analyst can be. After all, no job is immune to hardship.
When you’re in the trenches and it’s starting to bog you down, don’t forget about the progress you’re making. That’s just part of the journey. There are so many great things that outweigh the bad: the sense of achievement and accomplishment, your own growth and development, the camaraderie with your team, and the feeling you get when doing something you love.
Here’s something to consider that might be unorthodox for this book:
Maybe you don’t want to be a SOC analyst forever. This is a “SOC Analyst Career Guide,” but let’s say you’ve done it: you got the gig and you’re working what may be your dream job.
Now, stop and ask yourself: Is it a job or a career? Is it your passion or your vocation? Or is it both? These are the questions you should ask at the beginning of your career and throughout it to take stock of your own feelings and goals as they evolve over time. For example, maybe you start your first role and discover that you want to use it as a stepping stone or springboard to even more incredible things in your life and work within cybersecurity that you find more compelling. There’s nothing wrong with that!
In any case, this should be some food for thought. Even as a SOC analyst, what’s next for you? Do you want to specialize in malware analysis or reverse engineering? Do you want to focus on vulnerability research or unravel the latest zero-day exploits? What if you were the lead incident response manager, digging deeper into digital forensics and the artifacts and indicators of compromise?
You could even be a dedicated detection engineer and write rules or logic to help flag new threats. Don’t be afraid to think about the bigger picture, too, even if it seems far off. For example, do you want to be a CISO one day?
Don’t forget about the whole other side of the playing field, either.
Maybe being on the “blue team” was cool for a bit, but you might find the ethical hacking world with penetration testing and “red teaming” just as compelling. If so, you could blend the two and embrace “purple teaming,” where the defensive and offensive security specialists work together.
Whatever your job hopes and dreams are, you should take the time to think about and decide on your career. Obviously, you don’t need to have all the answers right away—there’s no way to know what the future holds—but be open to exploring your passions and figuring out what you really love to do. That’s the best recipe to stave away those mental hardships when the going gets tough.
It should be fun to practice your craft and learn more, because that’s what the industry is all about: continuous learning and putting the effort in every day. This can be difficult, but it’s what I call “the dark bargain,” the hard deal you make to become the best practitioner you can be while still finding the balance for everything else in your life.
All those long nights, challenging work, and hardships
are a sacrifice you make on the journey to success.
All those long nights, challenging work, and hardships are a sacrifice you make on the journey to success.
Embracing a Growth Mindset
What’s the secret to being an incredible SOC analyst? What does it mean to be an incredible security professional and a contributing member of the community who goes on to do even more incredible things beyond their SOC analyst role?
To be honest, there’s no secret here—sometimes, you never find a good balance, and there’s no skeleton key that will open every door of opportunity for you. But what can you do to become the best SOC analyst you can be?
Often, the best thing you can do is center yourself on doing what you love. No matter where you are in your career, whether you’re still hunting for that SOC analyst role or you’re thinking about what’s next after your time in the SOC, get into the growth mindset. Learn to love the journey, not just the destination, but make sure you always have some goals on the horizon to work toward, too.
While there are lots of cutesy, trite, and cliche analogies to help keep you chugging along with your work, there is one that’s always stuck with me, and I’d love to share it with you:
Imagine there's an ice cube
That’s the destination, but you’ve got to love the journey, even when it’s slow and it seems like you’re not making progress. Just remember: everything you did to make that change is the real value.
07 / 07
Eventually, you will see the difference. That ice cube will start to melt, and one day, it’ll be nothing more than a puddle.
06 / 07
But you keep putting the pressure on and heating things up one degree at a time, slowly making a difference and knocking out what you know you need to do. No matter how long it takes, you still put in the effort to accomplish that goal. Whether it’s getting that SOC Analyst job, earning that promotion, or pursuing a whole new role, you keep chipping away at it.
05 / 07
No one sees change until it happens. Despite raising the temperature one tenth of a degree consistently, the ice cube still looks solid and frozen every day. To others, it may look like there is no difference being made.
04 / 07
While you whittle away at this task, you might have people around you or certain elements bogging you down. “Why are you wasting your time? You won’t be able to get this done—there’s already too much going on. It’s not going to make a difference anyway, so don’t bother trying.”
03 / 07
Now, think about what task this ice cube represents in your own life, whether it’s chipping away at a growing mountain of alerts or studying to ace that test or grab that next certification.
02 / 07
It’s your goal to make this ice cube melt. You can increase the temperature to heat up the ice cube, but here’s the kicker: you can only change the temperature by a tenth of a degree at a time—maybe one unit of change every day.
01 / 07
Click arrows to read more
Having a mindset of growth in your SOC analyst career
means finding your passion, following it wherever it
goes, and loving the hard work along the way.
And who knows, maybe the proverbial ice cube never melts—but the fun is keeping the heat on.
🔥
About the author
John Hammond
John Hammond: Threat operations at Huntress and cybersecurity researcher, educator, and content creator. As part of the Threat Operations team at Huntress, John spends his days analyzing malware and making hackers earn their access. Previously, as a Department of Defense Cyber Training Academy instructor, he taught the Cyber Threat Emulation course, educating both civilian and military members on offensive Python, PowerShell, other scripting languages, and the adversarial mindset. He is an online YouTube personality showcasing programming tutorials, CTF video walkthroughs, and other cybersecurity content.
Youtube
Twitter
LinkedIn
Additional social links
Next Chapter
The Hard and Soft Skills Needed to Crush a SOC Role
[ The Good Outweighs the Bad ]
[ Embracing a Growth Mindset ]
Chapters
01
So You Want to Be a
SOC Analyst
02
The Hard and Soft Skills Needed to Crush a SOC Role
03
Advancing Cybersecurity and Career-Readiness in Academic Institutions
04
Break into Cybersecurity by Leveraging LinkedIn
05
Navigating Your Cybersecurity Career as a SOC Analyst
06
Becoming a Security Researcher: 5 Questions Answered
07
Positioning Yourself for a SOC Leadership Role
08
Balancing Your Career and Wellness: A Hopeful Message for the SOC Community
09
Change, Challenges, and Priorities
Back to Home
Chapter 1
So You Want to
Be a SOC Analyst
By John Hammond
The thing about being a SOC analyst is that it isn’t always about being a SOC analyst.
The thing about being an SOC analyst is that it isn’t always about being a SOC analyst.
You know the daily grind: signing on to your rapid communication platform, checking the dashboard for any new alerts or signals to triage, and cruising through investigations or writing reports. You’re also keeping up with the news and the latest security events. This is the typical “day in the life” of a SOC analyst.
Don’t get me wrong, that work is incredible. It’s super fulfilling to respond to incidents, hunt for threats, and make a difference in protecting your organization—or many others. Every day is different, too, whether you’re uncovering new malware, finding fresh threat actor activity, or improving security on the frontlines.
But, sometimes, it’s not all it’s cracked up to be. From the outside looking in, it may look like a flashy and cool career, but it’s not always sunshine and rainbows. There are many long days. For example, maybe you’re on shift and your team member is getting online late, and they need to rely on you to finish up some more investigations. You’ve already been working eight hours, you’re tired, and you want to do just about anything other than continue staring at the screen.
Other times, you might be struggling to figure out what a threat actor did or how to unravel a malware attack, or maybe you’re just exhausted and overwhelmed by all the alerts. Alert fatigue is real—our work is plagued by digital alarm bells and figurative sirens going off.
You get to hear about all the success stories, the wins, and the accomplishments, but people don’t always talk about the low points. No one thinks about when you make a mistake while working a case and things go wrong. No one talks about burnout, imposter syndrome, and the long hours, from sleepless nights to working weekends, holidays, and even during vacation time. That stuff isn’t flashy and doesn’t make for an inspiring LinkedIn post.
This book highlights the best parts of being a SOC analyst for a career, but don’t forget that life comes first, and sometimes, life gets in the way.
The Good Outweights the Bad
Sometimes, things get tough, but ultimately, none of these things overpower how awesome being a SOC analyst can be. After all, no job is immune to hardship.
When you’re in the trenches and it’s starting to bog you down, don’t forget about the progress you’re making. That’s just part of the journey. There are so many great things that outweigh the bad: the sense of achievement and accomplishment, your own growth and development, the camaraderie with your team, and the feeling you get when doing something you love.
Here’s something to consider that might be unorthodox for this book:
Maybe you don’t want to be a SOC analyst forever. This is a “SOC Analyst Career Guide,” but let’s say you’ve done it: you got the gig and you’re working what may be your dream job.
Now, stop and ask yourself: Is it a job or a career? Is it your passion or your vocation? Or is it both? These are the questions you should ask at the beginning of your career and throughout it to take stock of your own feelings and goals as they evolve over time. For example, maybe you start your first role and discover that you want to use it as a stepping stone or springboard to even more incredible things in your life and work within cybersecurity that you find more compelling. There’s nothing wrong with that!
In any case, this should be some food for thought. Even as a SOC analyst, what’s next for you? Do you want to specialize in malware analysis or reverse engineering? Do you want to focus on vulnerability research or unravel the latest zero-day exploits? What if you were the lead incident response manager, digging deeper into digital forensics and the artifacts and indicators of compromise?
You could even be a dedicated detection engineer and write rules or logic to help flag new threats. Don’t be afraid to think about the bigger picture, too, even if it seems far off. For example, do you want to be a CISO one day?
Don’t forget about the whole other side of the playing field, either.
Maybe being on the “blue team” was cool for a bit, but you might find the ethical hacking world with penetration testing and “red teaming” just as compelling. If so, you could blend the two and embrace “purple teaming,” where the defensive and offensive security specialists work together.
Whatever your job hopes and dreams are, you should take the time to think about and decide on your career. Obviously, you don’t need to have all the answers right away—there’s no way to know what the future holds—but be open to exploring your passions and figuring out what you really love to do. That’s the best recipe to stave away those mental hardships when the going gets tough.
It should be fun to practice your craft and learn more, because that’s what the industry is all about: continuous learning and putting the effort in every day. This can be difficult, but it’s what I call “the dark bargain,” the hard deal you make to become the best practitioner you can be while still finding the balance for everything else in your life.
All those long nights, challenging work, and hardships are a sacrifice you make on the journey to success.
Embracing a Growth Mindset
What’s the secret to being an incredible SOC analyst? What does it mean to be an incredible security professional and a contributing member of the community who goes on to do even more incredible things beyond their SOC analyst role?
To be honest, there’s no secret here—sometimes, you never find a good balance, and there’s no skeleton key that will open every door of opportunity for you. But what can you do to become the best SOC analyst you can be?
Often, the best thing you can do is center yourself on doing what you love. No matter where you are in your career, whether you’re still hunting for that SOC analyst role or you’re thinking about what’s next after your time in the SOC, get into the growth mindset. Learn to love the journey, not just the destination, but make sure you always have some goals on the horizon to work toward, too.
While there are lots of cutesy, trite, and cliche analogies to help keep you chugging along with your work, there is one that’s always stuck with me, and I’d love to share it with you:
Imagine there's an ice cube
That’s the destination, but you’ve got to love the journey, even when it’s slow and it seems like you’re not making progress. Just remember: everything you did to make that change is the real value.
07 / 07
Eventually, you will see the difference. That ice cube will start to melt, and one day, it’ll be nothing more than a puddle.
06 / 07
But you keep putting the pressure on and heating things up one degree at a time, slowly making a difference and knocking out what you know you need to do. No matter how long it takes, you still put in the effort to accomplish that goal. Whether it’s getting that SOC Analyst job, earning that promotion, or pursuing a whole new role, you keep chipping away at it.
05 / 07
No one sees change until it happens. Despite raising the temperature one tenth of a degree consistently, the ice cube still looks solid and frozen every day. To others, it may look like there is no difference being made.
04 / 07
While you whittle away at this task, you might have people around you or certain elements bogging you down. “Why are you wasting your time? You won’t be able to get this done—there’s already too much going on. It’s not going to make a difference anyway, so don’t bother trying.”
03 / 07
Now, think about what task this ice cube represents in your own life, whether it’s chipping away at a growing mountain of alerts or studying to ace that test or grab that next certification.
02 / 07
It’s your goal to make this ice cube melt. You can increase the temperature to heat up the ice cube, but here’s the kicker: you can only change the temperature by a tenth of a degree at a time—maybe one unit of change every day.
01 / 07
Having a mindset of growth in your SOC analyst career
Having a mindset of growth in your SOC analyst career means finding your passion, following it wherever it goes, and loving the hard work along the way.
And who knows, maybe the proverbial ice cube never melts—but the fun is keeping the heat on.
🔥
About the author
John Hammond
John Hammond: Threat operations at Huntress and cybersecurity researcher, educator, and content creator. As part of the Threat Operations team at Huntress, John spends his days analyzing malware and making hackers earn their access. Previously, as a Department of Defense Cyber Training Academy instructor, he taught the Cyber Threat Emulation course, educating both civilian and military members on offensive Python, PowerShell, other scripting languages, and the adversarial mindset. He is an online YouTube personality showcasing programming tutorials, CTF video walkthroughs, and other cybersecurity content.
Youtube
Twitter
LinkedIn
Additional social links
Next Chapter
The Hard and Soft Skills Needed to Crush a SOC Role
Chapters
01
So You Want to Be a SOC analyst...
02
The Hard and Soft Skills Needed
to Crush a SOC Role
03
Advancing Cybersecurity and Career-Readiness in Academic Institutions
04
Break into Cybersecurity by Leveraging LinkedIn
05
Navigating Your Cybersecurity Career as a SOC Analyst
06
Becoming a Security Researcher:
5 Questions Answered
07
Positioning Yourself for a SOC Leadership Role
08
Balancing Your Career and Wellness: A Hopeful Message for the SOC Community
09
Change, Challenges, and Priorities
Back to Home