Cybersecurity & SOC

Cybersecurity & SOC

Introduction

Cybersecurity is all about protecting computers, networks, systems, and data from attackers and keeping it safe. It’s one of the crucial pillars of today’s tech infrastructure. Today, everything is online – banking, shopping, social media, companies, governments. Because of this, attacks are also increasing and that’s why cybersecurity is important.

What is Cybersecurity ?

cybersecurity means keeping systems safe.

It includes protecting :

  • Computers
  • Servers
  • Networks
  • applications
  • data

from things like :

  • hackers
  • malwares
  • virus
  • ransomwhere
  • phishing attacks ( most common attack vector )

In short : Stop bad people from doing bad things online.

Who attacks systems ?

attackers can be :

  • Scrip Kiddies ( random hackers relying on tools only, not deep knowledge )
  • Cyber Criminals ( mostly money motive )
  • Insider employees
  • Hacktivists ( philosophy or political beliefs )
  • Nation-State hackers ( often backed by government itself)

KEY POINT : Not every attacker is a genius. Many attack happen because of basic mistakes – weak passwords or weak security monitoring.

What is SOC ?

SOC – Security Operations Center.

SOC is a team, not a tool.

This team works 24*7 to :

  • Monitor systems
  • Detect attacks
  • Respond to security incidents

Think of SOC as a security guard of IT systems.

Why SOC ?

Companies have :

  • Millions of Logs
  • Many servers
  • Many users

Humans can’t manually check everything.

SOC helps to :

  • Watch logs continuously
  • Catch attacks & threats early
  • Reduce damage

Without SOC, attackers can stay hidden for months.

What does a SOC analyst do ?

A SOC Analyst mainly :

  • Monitor alerts
  • Analyze Logs
  • Investigates suspicious activity
  • Escalates incidents
  • Document everything

They do not Hack Systems, they Defend Systems.

Different levels of SOC :

1. SOC L1 (Level 1)

  • First Line of Defense
  • Handles alerts
  • Does basic investigation
  • escalates to senior team ( L2 / L3 ) if needed

2. SOC L2 (Level 2)

  • Deeper investigation
  • Threat Hunting
  • Root cause analysis

3. SOC L3 (Level 3)

  • Advanced Incident Response planning
  • Malware steps which are out of scope of SOC L1 & SOC L2

Tools used in SOC

some common tools :

  • SIEM (like Splunk, QRadar)
  • EDR Tools (Endpoint Detection & Response)
  • Firewall
  • IDS / IPS
  • Anti-Virus

Skills needed for Beginner SOC Analyst

You don’t need to know everything.

Basic Skills are enough :

  • Networking fundamamentals
  • Linux / Windows basics
  • Logs understanding
  • Security concepts

Most learning happens on the job.

Is soc a good career start ?

Yes, SOC gives :

  • Real-world exposure
  • Strong fundamentals
  • Clear career growth
  • Scalability option (like your own Cybersecurity Firm)

Many people move form SOC to :

  • Threat Hunting
  • Red Team (malware analysis, exploit development, etc)
  • Cloud Security
  • DFIR – Digital Forensics & Incident Response

Final thoughts

Cybersecurity is :

  • Observation
  • Logic
  • Patience
  • Creativity
  • Continuous Evolvement & Learning

SOC is a good place to start if you want to understand how real attacks look and behave in real systems.

Just to start, you don’t need to be perfect, you just need to be curious & consistent.

Tags: , ,