Similar to an article we covered before on training your SOC analysts, Rick Howard recently penned this one detailing what to look for when initially recruiting that staff. The leading sentence pretty much summarizes it all — emphasizing “passion, experience, and communication skills” while downplaying certifications and degrees. And of course you get what you pay for…
Although experience comes with time, for passion Rick notes that if analysts do not have a Linux box at home, then they are probably not qualified. For key character traits I usually like to add curiosity and a love for technology as well. Experience-wise his fantasy SOC analyst would have spent “time on the IT help desk, managing servers in the datacenter, and finally, managing some of the security devices in the security stack.” Basically, an analyst needs to understand the devices they are protecting in order to best defend them.
Hiring that right person is already difficult given Rick’s two requirements above. Add in an analyst with good communication skills and the pool quickly dries up. He describes good communication as the ability “to write or present intelligence derived from raw information.” And lastly salary-wise, you can expect to pay talented analysts with these traits well over $100K depending on location.
To sum it up … here is Rick’s list of the top 5 SOC analyst skills to look for when recruiting. As a bonus he also includes the skills needed for a more senior person.
Top 5 Skills for Entry-Level SOC Analyst
- Strong understanding of basic computer science: algorithms, data structures, databases, operating systems, networks, and tool development (not production-quality software but tools that can help you do stuff)
- Strong understanding of IT operations: help desk, end-point management, and server management
- Strong ability to communicate: write clearly and speak authoritatively to different kinds of audiences (business leaders and techies)
- Strong understanding of adversary motivations: cybercrime, cyber hactivism, cyberwar, cyber espionage, and the difference between cyber propaganda and cyber terrorism
- Strong understanding of security operations concepts: perimeter defense, BYOD management, data loss protection, insider threat, kill chain analysis, risk assessment, and security metrics
Top 5 Skills for Senior-Level SOC Analyst
- Strong understanding of vulnerability management: what vulnerabilities are, how do we find them, and how do we mitigate them?
- Strong understanding of malicious code: reverse engineering skills, practitioner tactics, techniques and procedures from common motivations (see above)
- Strong understanding of basic visualization techniques, especially big data
- Strong understanding of basic cyber-intelligence techniques
- Strong understanding of foreign languages: (First Tier: Chinese, Russian, Arabic, and Korean; Second Tier: Japanese, German, French, Portuguese, and Spanish)”
Source: “The Right Stuff: Staffing Your Corporate SOC” – DarkReading.com
Today’s post pic is from IanMartin.com. See ya!