<aside> ✅ Objective: Analytical thinking is fundamental to being successful as a SOC analyst. At its core, the function of a SOC analyst is to collect raw data, enrich data through correlation, analyze the enriched data to form a hypothesis, hunt for indicators of malicious activity, and report those findings. I find these mental models helpful during analysis and investigations. You’ll likely combine these mental models during your investigations.
</aside>
Reading:
<aside> ✅ Objective: Networking is essential to how organizations, people, and technology operate. A SOC analyst should understand the fundamentals of networking. Being able to easily identify ports, protocols, and addresses will enable you to be analyze and interpret packets in order to identify malicious traffic.
</aside>
<aside> ⚠️ Caution: Be careful not to focus too much on the tool (i.e Wireshark). Too often new SOC analyst want to “learn wireshark” instead of learning packet analysis. The objective is to analyze and interpret packets in order to identify malicious traffic no matter what protocol analyzer you use. I recommend alternating between wireshark and another protocol analyzer so that you don’t become tool dependent.
</aside>
Skillsets & Tools: