Part 1: Mental Models for Analytical Thinking and your career

<aside> ✅ Objective: Analytical thinking is fundamental to being successful as a SOC analyst. At its core, the function of a SOC analyst is to collect raw data, enrich data through correlation, analyze the enriched data to form a hypothesis, hunt for indicators of malicious activity, and report those findings. I find these mental models helpful during analysis and investigations. You’ll likely combine these mental models during your investigations.

</aside>

Reading:

  1. Reasoning
    1. Learn the differences between these three types of reasoning
    2. Deductive vs Inductive vs Abductive Reasoning
  2. Hanlon’s Razor - People are more stupid than malicious
  3. Ockham's Razor - Keep It Super Simple
  4. Begging the Question - Avoid circular thinking
  5. Cognitive Bias - Check your assumptions
  6. Falsification - Prove yourself wrong
  7. Gotchas
    1. Don’t get distracted by the tools
    2. Focus on the certs AND the skills

Part 2: Networking Fundamentals and Traffic Analysis

<aside> ✅ Objective: Networking is essential to how organizations, people, and technology operate. A SOC analyst should understand the fundamentals of networking. Being able to easily identify ports, protocols, and addresses will enable you to be analyze and interpret packets in order to identify malicious traffic.

</aside>

<aside> ⚠️ Caution: Be careful not to focus too much on the tool (i.e Wireshark). Too often new SOC analyst want to “learn wireshark” instead of learning packet analysis. The objective is to analyze and interpret packets in order to identify malicious traffic no matter what protocol analyzer you use. I recommend alternating between wireshark and another protocol analyzer so that you don’t become tool dependent.

</aside>

Skillsets & Tools: