Who Would You Hire in Your SOC?

December 10, 2018 | Kate Brew
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

I got curious about what kind of people are most desired in a Security Operations Center (SOC). I wondered how accepting InfoSec blue teamers would be to having a team member with a great attitude and system administration or network management skills, versus someone with deep InfoSec knowledge and skills. So I did a poll on Twitter to learn more. 

After reviewing the Twitter poll results and the very insightful comments, I was even more curious about how SOC hiring decisions are made. Luckily, one of my Twitter pals reached out via DM and indicated he is a SOC hiring manager! And he’d be happy to have a call with me to give me the scoop on what he looks for when hiring for his SOC as long as he remained anonymous! 

While I can’t name him, I can tell you he has 20+ years of experience in the InfoSec industry and is in the process of building his second SOC. The first team he built had about 25 people, was focused on infrastructure rather than cloud, and encompassed both SOC and GRC. The team he is building out now is focused on outsourcing (MSSP), which is a different story entirely. Here are his insights:

Age is a Number

He made the excellent point that the terms "junior" and "senior"  SOC analysts relate more to experience in a SOC vs the person's age. Older folks doing a career transformation might well be considered “junior" and someone in their 20’s who has had a home lab and network might have years of useful experience and be considered “senior”.

A Balanced SOC Team

The best team mixes some senior folks with junior people. A lot of SOC work is a *grind* with eyes always on the glass. Whereas junior folks can be quite happy to do that for a few years, some more senior folks may want to get into other roles than the front line of defense.

In addition, your first job in InfoSec may be a stepping stone to where you want to get. You might want to be a malware researcher, but starting as a blue team defender is an excellent way to learn more about malware.

Mainly Cloudy

Times are changing – whereas deep skills on particular hardware, like a specific firewall, may have been important in the past, now SOC hiring managers tend to me more cloud oriented. They’re looking for a blend of skills, including DevOps, SecOps, scripting, cloud instrumentation and understanding of cloud infrastructure. Hiring managers are looking for nimble applicants with a flexible skill set. For example, to be good in a SOC job today, you will likely need to know how to monitor application logs as well as traditional security controls.

Advice for Students

Don’t be afraid to get your hands on tech. Classes are one thing – but also build yourself a home lab. Show some enthusiasm and initiative. Be flexible – avoid just knowing a few specific tech tools. Network! (More to come on that).

Advice for Curmudgeons

Curmudgeon in SOC

If you’ve “seen it all” – you might appear grumpy. Grumpiness is OK, as long as you work with and support the junior folks. The SOC team isn’t a great place for a grump who wants to just be left alone. Toxic people are not welcome on a SOC team, no matter what skills they may have.

Important Tech Checklist for SOC

  • Coding / scripting
  • Understanding of network stack and knowing things like how routing, VLANs and ACLs work
  • Machine Learning / Automation (at least take some free courses for awareness)
  • Core security controls
  • Cloud technology infrastructure

Can a Red Teamer Be Good in a SOC?

Sure, if they want to be on the Blue Team. They typically have the right skill set. However, Red Teamers live to find and exploit weaknesses. Red Teamers don’t always have to follow rules. Blue Team is defense in depth. Blue Teamers have to follow rules.

Career Networking

On social, Twitter is great. LinkedIn can be useful too. There are local meetup groups all over that are free to attend. You can hear talks and meet other people in the industry without having to travel to attend an expensive conference.

Here's the Poll and Some Excellent Comments and Observations: 

The best part was the comments! Here are a few excerpts to demonstrate the common threads. 

A Good Attitude Is Clearly Appreciated

In Defense of Curmudgeons  

 No Love for Toxic People!

SOC Needs a Team / Balance

Conclusion

I really appreciated the insights I got from the Twitter poll and speaking with my Twitter pal who is a SOC hiring manager. I hope this info is helpful to folks looking to move into Blue Team. Here’s another blog with career and networking advice.

 

Kate Brew

About the Author: Kate Brew
Kate has over 15 years experience in product management and marketing, primarily in information security.
Read more posts from Kate Brew ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
Get Price Free Trial