Let’s first begin with not expecting everyone to know what SOC means!
Security Operations Center = SOC
And the purpose of a SOC is to protect an organization against cyber threats.
So now let’s discuss what a SOC Analyst is.
SOC Analysts are the first line of defense when defending corporate networks and information. By monitoring security tools, you will decide whether incidents are real threats or not. It is like police work as an investigator. You will always be part of a team that is focused on the safety of the organization. It is a fun and challenging career where many feel the pros outweigh the cons.
Different titles SOC Analysts are called:
- Information Security Analyst
- Application security.
- Data loss prevention.
- Incident response.
- Network security.
- Security architecture.
- Threat intelligence.
- Vulnerability management.
Like any profession or position, there are always upsides and downsides, as I experienced while I performed the role of SOC Analyst at Raytheon. I now also have contact with more Analysts than ever before, while performing the role of SOC Manager and Program Director for CyberNow Labs.
Some of the downsides (cons)
- You may work shifts overnight or on the weekend from time to time, however, many security analysts work weekdays and during the day.
- Like any position, when you start, you are low on the totem pole.
- New technologies and attacker techniques are constantly changing. This can challenge you to stay current and keep learning.
- Might have to work at an on-site Security Operations Center (SOC)
- Might have to take a position as a Junior Analyst where you might do more remedial or mundane ticketing etc, for a little while.
Some of the upsides (pros)
- Great work-life balance - Most analysts I know work 40 hrs/week. You work your shift, and you go home, end of work!
- Fantastic pay - Mean Income of Security Analysts is $55 per hour or $113k per year (source noted below DOL).
- Great environment to work in - whether you work from home or have an on-site SOC position, the people and environments are usually pretty good.
- Doing something worthwhile - Acting like a defender or protector of company data, corporate devices, and client data. Heroes!
- Great benefits - Good health benefits, time off, training budgets, bonuses.
- There is a lot of upward and lateral mobility - There are many positions in the SOC and its organization.
- High Demand - This allows you to find the right environment and get higher pay if you have the right attitude and skill set.
- Longevity - Because of the growing need for Security Analysts, there is a long-term benefit that will lead to a long career in the industry. It’s also a recession-resistant career path.
- Cutting-edge technologies and leading corporations that provide great experiences.
I have seen some chatter about SOC organizations being kind of like an “IT Sweatshop”. From first-hand knowledge, they are not. That doesn’t mean that staffing issues sometimes can’t create issues. Thus, creating a need for creative solutions to the shortages. Working in cyber is not a job. It is a career! A career where you can be making 6 figures very quickly, I might add. The Department of Labor (DOL) States that the average hourly pay rate is around $55/Hr with an annual rate of about $113K.1 These are high-paying positions with many upsides, as you can see above. Demand continues to grow, and so do SOC organizations.
Remember that there are always people that don’t like a particular career, environment, people, responsibilities, location, etc. Many of those people are vocal and tend to bad mouth what they don’t like to bring people to their same level of frustration, so they don’t feel alone! This is an amazing industry, and although it might not be right for everyone, there is a place for anyone.
Stay tuned for my next blog post, where I cover what I think the real issue is that some SOC organizations are facing and why I think this is the source of the complaints.
Sneak peek...there will need to be some changes in the industry, and that’s a tall order!!
Watch this episode of the 2 Bald Nerds A Day in the Life of a Cybersecurity Analyst with Mike Meyers and me on our YouTube playlist.
Richard Chapman, CyberNow Labs Program Director