Getting into Cyber Security: Blue Team

Getting into Cyber Security: Blue Team

The Path I Am Choosing

I mentioned in my first post that I just wanted this one to be about which way I want to head in the huge field of cybersecurity. Again, I have been off and on researching the many different options for the past couple years and honestly I really enjoy all facets I have looked into. My choice comes from many factors and obviously could be different than a lot of people. Though I find the red team/ethical hacking side fascinating, I decided I really want to start as a SOC Analyst or Cybersecurity Analyst to hone my skills before diving more into Pen Testing.

As a starting point I believe this is the best option I have found for me and there is a lot about it that is very interesting. It seems like in this role you get to work a lot with other teams to bridge gaps when resolving issues. This means there is a chance to learn what those other teams do both for seeing if that might be something I would want to do in the future and just to continue learning. On that note, it would also mean it could be easier to pivot within a company rather than having to search again for something else. I have also seen open positions that are remote, which could be a good option for me to have a better work/life balance. It would also give me the chance to look other places for jobs besides my current city/state. These are some of the reasons I landed at this point.

My Learning Path

Holy cow there are so many resources out there to learn about cybersecurity. Most of what I have found has been free or low cost. I just want to share the path that I will be taking and some of the resources and information that I have found so far. This will be to keep me on track and moving through specific topics as well as hopefully showing others a good starting point or path to take.

By focusing on just going for SOC Analyst specifically I can just go to any job search site or Google and look for responsibilities or pre-requisites pertaining to that role. I can then make a list of possible certifications I can try to obtain, software I should know, and knowledge I need to do that job.

Most jobs show some sort of certification as part of their pre-requisites and for a SOC Analyst the main one is CompTIA Security+. I am currently studying the material for this exam through both Professor Messer on YouTube and a course I bought on Black Friday from Plural Sight. The CompTIA website itself also has an overview on what the exam entails so you know what to look for. While I would like to obtain the actual certification at some point, it is not my focus. I would rather study the material and prove I know it another way at first. Also, with most of my learning, I like to have the information from multiple sources just to have it reiterated or see if I can learn anything else from a different perspective.

Another big part is knowing a how to navigate a SIEM (Security Information and Event Management). I chose to start learning one of the more well known ones, which is Splunk. I just started on this and came into it knowing nothing at all about SIEMs. Splunk makes it easy with a bunch of free learning for their platform right from their site. I'm looking to do a post about SIEMs soon after learning more and to, again, learn by explaining it on here.

In addition to just looking at job posting there are a couple really good guides I have found that provide a solid roadmap of what to learn. The first one is just through Try Hack Me and their learning paths. These are amazing and in depth as far as the amount of different concepts in each path. I am current going through the Cyber Defense path and it starts with networking basics and goes all the way into Malware Analysis. I have also found a really good SOC Analyst Study Guide that was made by Jay Jay Davey. This great guide is on a Notion board where it outlines skills needed to get into a job in cybersecurity, links to where to get those skills (usually free), and the ability to keep track of your progress for each.

Throughout all this learning I will also be going back to the basics when needed. I want to make sure I really know things like Linux and networking concepts. This blog also has the added benefit of learning technical writing and documentation which is another thing I find on most job postings.  While I don't know a lot about this I'm ready to learn and apply it here when writing about the different technical aspects of being a SOC Analyst.