Top 5 SOC Analyst Skills

April 14, 2014

Post to Twitter Post to Facebook Post to Reddit

SOC Analyst CandidatesSimilar to an article we covered before on training your SOC analysts, Rick Howard recently penned this one detailing what to look for when initially recruiting that staff. The leading sentence pretty much summarizes it all — emphasizing “passion, experience, and communication skills” while downplaying certifications and degrees. And of course you get what you pay for…

Although experience comes with time, for passion Rick notes that if analysts do not have a Linux box at home, then they are probably not qualified. For key character traits I usually like to add curiosity and a love for technology as well. Experience-wise his fantasy SOC analyst would have spent “time on the IT help desk, managing servers in the datacenter, and finally, managing some of the security devices in the security stack.” Basically, an analyst needs to understand the devices they are protecting in order to best defend them.

Hiring that right person is already difficult given Rick’s two requirements above. Add in an analyst with good communication skills and the pool quickly dries up. He describes good communication as the ability “to write or present intelligence derived from raw information.” And lastly salary-wise, you can expect to pay talented analysts with these traits well over $100K depending on location.

To sum it up … here is Rick’s list of the top 5 SOC analyst skills to look for when recruiting. As a bonus he also includes the skills needed for a more senior person.

Top 5 Skills for Entry-Level SOC Analyst

  • Strong understanding of basic computer science: algorithms, data structures, databases, operating systems, networks, and tool development (not production-quality software but tools that can help you do stuff)
  • Strong understanding of IT operations: help desk, end-point management, and server management
  • Strong ability to communicate: write clearly and speak authoritatively to different kinds of audiences (business leaders and techies)
  • Strong understanding of adversary motivations: cybercrime, cyber hactivism, cyberwar, cyber espionage, and the difference between cyber propaganda and cyber terrorism
  • Strong understanding of security operations concepts: perimeter defense, BYOD management, data loss protection, insider threat, kill chain analysis, risk assessment, and security metrics

Top 5 Skills for Senior-Level SOC Analyst

  • Strong understanding of vulnerability management: what vulnerabilities are, how do we find them, and how do we mitigate them?
  • Strong understanding of malicious code: reverse engineering skills, practitioner tactics, techniques and procedures from common motivations (see above)
  • Strong understanding of basic visualization techniques, especially big data
  • Strong understanding of basic cyber-intelligence techniques
  • Strong understanding of foreign languages: (First Tier: Chinese, Russian, Arabic, and Korean; Second Tier: Japanese, German, French, Portuguese, and Spanish)”

Source: “The Right Stuff: Staffing Your Corporate SOC” –


Today’s post pic is from See ya!

Tags: , , , ,

7 Responses to Top 5 SOC Analyst Skills

  1. grecs (@grecs) on April 14, 2014 at 5:40 pm

    #NOVABLOGGER: Top 5 SOC Analyst Skills

  2. Kevin Figueroa (@KevinFigueroa) on April 14, 2014 at 8:55 pm

    Top 5 SOC Analyst Skills

  3. @g33kspeed on April 14, 2014 at 11:33 pm
  4. Nicolas Caproni (@ncaproni) on April 15, 2014 at 3:31 am

    Top 5 SOC Analyst Skills

  5. Brian Stephenson (@bahnhacker) on April 15, 2014 at 9:34 am

    Top 5 SOC Analyst Skills

  6. Howard Fuhs (@Hfuhs) on April 15, 2014 at 12:48 pm

    Top 5 SOC Analyst Skills –

  7. Ann on September 27, 2016 at 8:07 am

    Hi there,

    Can someone help me to choose a course which will help me with my SOC Role,as I am new in SOC and would like to improve my skills and knowledge.

    Thank you

Leave a Reply

Your email address will not be published. Required fields are marked *

About Us

Founded in 2008, NoVA Infosec is dedicated to the community of Metro DC-based security professionals and whitehat hackers involved in the government and other regulated verticals. Find out more on our About Us page.