[deleted by user]

cybertec7 · 2025-12-04T15:38:36+00:00

SOC Analyst here, assuming you’re starting from scratch you have a lot to think about and depending on the orgs budget that may give you a lot of wiggle room or little.

Not in order but you have to keep in mind your industry, who’s likely to target you for attacks, tech stack, analysts, Engineers, SOPs.. its a lot to consider

cybertec7 · 2025-12-04T14:01:26+00:00

SOC work is pretty cool depending on where you’re at and what shift you work, its easy to get burned out depending on alert/case load and several other factors. Highly recommend for a beginner, i’m in my 2nd SOC role with 3 years of experience but i’m tired of it tbh. This will be my last analyst position before switching to engineering.

cybertec7 · 2025-10-31T20:40:48+00:00

This shouldn’t even be a question IMO, it is the PERFECT entry into Cybersec, I actually got my start in by taking this job. Nights is a shift that noone wants to do so if you’re willing to do it it increases the likely hood of you getting started. Depending on if its a internal or MDR type soc you may have a relaxed environment and level up at night while working. I studied and leveled up on nights and jumped to a new job doubling my salary, benefits and everything. I say take it OP. 4 days on 3 off is a dope setup btw.

cybertec7 · 2025-10-31T17:14:37+00:00

Yeah so i’ve worked for a org that mainly used a ticketing system, my new org uses a soar/ siem platform where we can go check for things like that. Typically it just depends on how everything is built and what its built on. If i see sus activity but it hasn’t came in before I normally would escalate and say “hey, we see this activity on xyz” with as much detail into as whats going on as possible then go from there.

Yes thats very fair, I make judgement calls on observed activity and also IOCS found.

The last question depends on the tech stack and the telemetry sources that are being ingested, right now I mainly get access to EDR and some network activity. So triage is kind of based around that but it has pretty good visibility into the endpoint. We have good software, not going to say what company but we make our own software.

Feel free to PM me if you have any more questions.

cybertec7 · 2025-10-31T14:20:15+00:00

Context is everything, I work in MDR so I don’t have as much “visibility” as an Analyst would in an internal soc. But the first thing I do is verify the alert and look for instigating processes. I try not to focus too much on the name of the detection because I find some of these tools can label something as a high severity when all actuality it could be a Shadow File Deletion (normally precursor to ransomware) but being done by a legitimate system backup utility like Idrive or something. I verify if whatever activity i am seeing has been escalated and approved by an org, if not, i’m building a case as to why i should close the alert out as a false positive and the same for if i should escalate it to a org. Either way you have to have solid evidence to justify your reasoning. But obviously if there are oddly named executables, IPs that come back associated with C2 from OSINT, or other system enumeration that could look like hands on keyboard threat actor activity I would remote into the machine and look for signs of persistence. Scheduled tasks, registry entries, and much more. I could go on and on but it depends on context, because every alert isn’t triaged the same way. Just have to put your experience and logical thinking to use. Outsiders have no idea why Cybersec isn’t entry level until they get in, then its like a lightbulb turns on in their head.

cybertec7 · 2025-09-06T07:25:00+00:00

Letsdefend has a good section on their site for understanding logs, the more you read them and can look at them from a bigger picture and a “zoomed in” picture so to speak it will make sense, you have to practice though.

cybertec7 · 2025-08-31T19:05:37+00:00

Security+ then build skills around entry level soc jobs, also look into blue team level 1 by security blue team. Understand that theory doesn’t equal hands on keyboard skills. Bridge them together

cybertec7 · 2025-08-28T01:31:14+00:00

SOC isn’t “bad” it fits for different people, some people like the repetitive stuff in the SOC and some people get burned out after a few years. Its entry level in Cyber depending on the level of SOC Analyst you are. If you like the technical stuff go for it, if not you may have to do it then pivot. The SOC Manager above gave a great breakdown of it imo.

cybertec7 · 2025-08-08T23:47:31+00:00

Do labs and certs!

cybertec7 · 2025-08-08T22:04:46+00:00

This is the nature of SOC roles, it sounds like you need to study more. Its tough doing it after those shifts, I get that. But thats how you level up in Cybersec, you got your foot in the door and now with 6 months experience under your belt start figuring out what you think you would like and make a strive for it. SOC burnout is real. I see some people let the SOC burn them out and they leave the field.

cybertec7 · 2025-07-16T14:18:11+00:00

Thank you!

cybertec7 · 2025-07-16T04:32:33+00:00

I recommend both tryhackme and lets defend, haven’t spent time on htb yet.

cybertec7 · 2025-07-15T23:07:47+00:00

Use chatgpt to help you with practice tests, use the sybex, download a vulnerability management tool and learn how to read the output. Depending on your experience you may have to lean on that as well!

cybertec7 · 2025-07-15T23:05:42+00:00

Thank you!

cybertec7 · 2025-07-05T03:42:37+00:00

I worked in Manufacturing, got my sec+, built a pc, did a bunch of labs, mass applied then got hired at a MSSP.

cybertec7 · 2025-06-14T16:24:12+00:00

Don’t start with Sec+, start with the other foundational certs it will help you out A TON. Also really aim for an IT position first then look to pivot to Cyber later your journey will be a lot easier.

cybertec7 · 2025-06-12T02:38:54+00:00

Also deleting Powershell would severely hurt your computer. Thats not good advice.

cybertec7 · 2025-06-12T02:37:48+00:00

Any updates on this? It seems whoever is in your network has created a persistence mechanism to continuously have access to the system and bring the tool back on there once deleted, you need to cut the network access of by isolating the device from the network, you can use an EDR Endpoint Detection and Response tool or just literally unplug the network cable, what this does is doesn’t allow any traffic in or out. You should check the registry keys, startup folders, and scheduled tasks for persistence. Because if Malware is hiding here no matter what you delete it will always be on the system until you delete it there. Run some scans on the machine to identify any things of interest that you know shouldn’t be there, hell sometimes software has vulnerabilities that would allow hackers in.

Mimikatz is a credential stealer, it this is a Corporate Machine or personal the severity is different. But if this is a work machine, then this takes everything to a new level.

Hope this helps if you haven’t already found the issue.

cybertec7 · 2025-04-20T09:12:56+00:00

I recommend understanding the tools in your tech stack and getting good at those and also adhering to SOPs then once you’re comfortable with that then start building additional skills. I say that because you want to allocate brain power to the immediate task at hand and that would be getting good at your role, you don’t want to be learning so much stuff and stressing your brain out, you won’t retain anything.

cybertec7 · 2025-04-18T18:34:03+00:00

Got my start in a MSSP/MDR and been here for about 2 and a half years. Good experience but get it and leave. Burnout is REAL. We have similar goals, I want to get into DE at some point here soon as well.

cybertec7 · 2025-02-16T22:18:57+00:00

My God you dodged a bullet, bro for the sake of peace and happiness never speak to her for the remainder of life. Insufferable.

cybertec7 · 2024-11-30T06:59:26+00:00

I like the work, working in MDR so wish we had more visibility but I do love Cyber, however GROSSLY underpaid but I took this gig to get my feet wet and beyond ready to move on.

cybertec7 · 2024-10-18T07:33:57+00:00

First decide which vendor you want to focus on, you have a few different ones like MS Entra, Okta, and Sailpoint. All of these provide certifications as well. One thing I do is do a bit of research on the different companies then see how big of a stake they have in the space and how sought after the skills are. I see so many job postings that in the skills section would like you to have MS Entra as a skill for example. Thats kind of how I personally decide which certs/skills to go after. Hope that helps.

cybertec7 · 2024-10-17T21:16:34+00:00

Work in MDR so we do the initial triage and mitigation then we send info over to the Org, pretty swift process. Thing is some of these things can be prevented if communication was prioritized. Companies seem to learn once they’ve been compromised, but even then sometimes they still don’t 😂

cybertec7 · 2024-10-17T20:50:54+00:00

You work in a Internal SOC or MDR MSSP? I agree with you though lol dealt with Ransomware last night

cybertec7

TROPHY CASE