Blue Team Resources (SOC Analyst)

Intro:

This is just a quick braindump of the resources that I used to get acclimated with Cybersecurity, and helped me to land an entry level role as a SOC Analyst. I hope that this brief post will help those who are trying to break into the field. I will continue to edit this page as I think of more resources or come across new ones. God Bless!


Courses:


SOC Core Skills
John Strand is a legend in the infosec/cyber space. This “Pay what you can” training is a great way to get introduced to core skills needed by SOC analysts, and the payment model allows practically anyone to participate. I haven’t had the privilege of attending this course yet, but it comes highly recommended.

Splunk Power User
As a SOC analyst most of your time will be spent inside of a SIEM, therefore it’s highly advantageous to get familiar with one fast. Splunk is a very popular SIEM and takes up a large majority of the market share. This course helps to acclimate you to working with searches and SPL in Splunk. After taking this course, you put yourself in a great position to pass the “Splunk Core Certified Power User” certification exam. Passing it will make yourself more marketable to recruiters/HR.

MITRE ATT&CK Defender™ (MAD)
This course was recommended by a Senior colleague. If you want to get more familiar with attacker TTP’s/Threat intelligence/Adversary detection, then this is the course for you.


Certifications:


Networking Fundamentals:

Cisco CCNA
Probably the most recognized networking certification in the world. Networking is extremely important in Cyber-Security especially for day to day security operations. If you don’t take this cert/training, then take the CompTIA Network+ or at least complete the training material. You can find free resources all over YouTube.

CompTIA Network+
A great certification that gives the student a broad overview of common network protocols, implementations, operations, and troubleshooting. Even includes a bit of network security content.

101 Labs - CompTIA Network+
Networking labs that you can do at home to prepare for the Network+. You can also just do the labs for hands on Networking experience.

Security Operations:

CompTIA Security+
Fulfills the DoD 8570 compliance requirement and is one of the most well-known Cybersecurity certifications. A lot of private companies require this certification for security operations positions.

CompTIA CySA+
Next step up from the CySA+. This certification piggybacks on a lot of the material covered in the Security+, great for those wanting to level up their skills and validate their security knowledge.

Hands on Security Operations:

Security Blue Team BTL1
Practical 24-hour incident response exam that covers 6 domains (Security Fundamentals/Phishing Analysis/Threat Intelligence/Digital Forensics/SIEM/Incident Response). Really looking forward to taking this one!!

Certified CyberDefender (CCD)
Full disclaimer, not much is known about this certification course, however CyberDefenders is a well known and vetted platform.


Training Platforms:


TryHackMe
The CyberDefender path is phenomenal! Can also be used as a resource to study for the CompTIA CySA+.

LetsDefend.io
The most realistic SOC/SIEM training platform that I have come across. It’s a bit expensive, but if you want hands on SIEM experience then this is the lowest bar to entry

CyberDefenders
Amazing resource, contains tons of hands on lab activities, FOR FREE!!!

Blue Team Labs Online
Hands on DFIR, security Operations, reverse engineering, threat hunting, and OSINT challenges. (Similar to CyberDefenders, but contains paid elements)

Splunk BOTS
Using this currently to level up my SPL/Investigation skills in Splunk. Highly recommend!

DFIR Diva
Not really a training platform, but Elan Wright has cultivated some awesome resources on her website.


Windows Domain/Active Directory:


Build an AD Lab with TCM
Create a small home-lab that you can use to practice security configurations/learn about common attacks against Windows Domains.

AD Security
“Active Directory & Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…”

SANS DFIR Webcast - Incident Response Event Log Analysis
Tips/tricks for event log analysis using a real world incident response scenario.


Extras:


Resume/LinkedIn Hacks

Hack your LinkedIn PROFILE to get a job
David Bombal

How to use LinkedIn to land an ENTRY-LEVEL SOC Analyst role
TechTual Chatter

How to apply to CyberSecurity Jobs Using LinkedIn Job Search Hacks
TechTual Chatter

LinkedIn Hacks to Get a Cybersecurity Job | Skill Based Searches (Less Time On Job Boards)
Nato as Code

Resume Template
u/SheetsGiggles

Job Hunting

THE Cybersecurity career and job hunting guide
An amazing place to start if you are looking to get into Cyber. Stefan Waldvogel goes from A to Z and includes everything you need to get started.

Cyber Job Heatmap
Actionable data about supply and demand in the cybersecurity job market.

Content Creators:

I.T Security Labs
One of the inspirations for my home-lab, I love his threat detection and lab videos. Top tier!

Gerald Auger
Dr. Auger is extremely active in the Cyber community and his interviews are top notch! I learn so much from this channel!

Josh Madakor
One of my favorite YouTubers by far, has amazing content and a breadth of knowledge that is unmatched.

Day CyberWox
This guy’s story is amazing, he managed to climb the ranks to Cybersecurity Engineer by the age of ~19. Really inspirational!

John Hubbard
Really awesome SANS instructor that breaks down complicated topics into an easily digestible and beginner friendly format

Black Hills Information Security
Black Hills is a pillar in the Cybersecurity community, they own several companies (including Active Counter Measures) and provide plenty of free/paid/affordable training and webinars

Active Counter Measures
Free webinars sponsored by BHIS, a huge fan of their threat hunting content!

Cyber-Security Community on Reddit:

r/NetSecStudents

r/CyberSecurity

r/SecurityCareerAdvice

r/NetSec

r/NetworkSecurity

Written on February 5, 2022