Skip to content

Commit c7eb953

Browse files
Update SOC-ANALYST.md
1 parent 6593aa5 commit c7eb953

1 file changed

Lines changed: 49 additions & 50 deletions

File tree

ROADMAPS/SOC-ANALYST.md

Lines changed: 49 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,10 @@
11
# SOC Analyst Certification Roadmap
22

3-
A structured path to becoming a Security Operations Center Analyst, from entry-level to senior/management positions.
3+
A structured path to becoming a Security Operations Center Analyst, from zero to landing your first SOC role. Five certifications, in order, each building on the last.
44

55
## Career Path Overview
66

7-
SOC Analysts monitor, detect, investigate, and respond to cybersecurity threats. This roadmap progresses from foundational knowledge through incident handling and intrusion analysis.
7+
SOC Analysts monitor, detect, investigate, and respond to cybersecurity threats. This roadmap progresses from foundational knowledge through hands-on defense and SIEM tooling, in the order that actually gets you hired: foundation first, tool skills last.
88

99
---
1010

@@ -14,21 +14,22 @@ SOC Analysts monitor, detect, investigate, and respond to cybersecurity threats.
1414

1515
## Certification Path
1616

17-
| Level | Certification | Organization | Link |
18-
|-------|--------------|--------------|------|
19-
| **Entry** | **Security+** | CompTIA | [Website](https://www.comptia.org/certifications/security) |
20-
| **Core** | **CySA+** | CompTIA | [Website](https://www.comptia.org/certifications/cybersecurity-analyst) |
21-
| **Intermediate** | **GCIH** (Certified Incident Handler) | GIAC | [Website](https://www.giac.org/certifications/certified-incident-handler-gcih/) |
22-
| **Intermediate** | **CEH** (Certified Ethical Hacker) | EC-Council | [Website](https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh/) |
23-
| **Advanced** | **GCIA** (Certified Intrusion Analyst) | GIAC | [Website](https://www.giac.org/certifications/certified-intrusion-analyst-gcia/) |
24-
| **Senior/Management** | **CISSP** | (ISC)² | [Website](https://www.isc2.org/Certifications/CISSP) |
17+
| Step | Certification | Organization | Approx. Cost | Link |
18+
|------|--------------|--------------|--------------|------|
19+
| **01 - Foundation** | **Security+** | CompTIA | ~$404 | [Website](https://www.comptia.org/certifications/security) |
20+
| **02 - Analyst** | **CySA+** | CompTIA | ~$404 | [Website](https://www.comptia.org/certifications/cybersecurity-analyst) |
21+
| **03 - Hands-On** | **Blue Team Level 1** | Security Blue Team | ~$399 | [Website](https://securityblue.team/certifications/blue-team-level-1) |
22+
| **04 - SIEM Tool** | **Splunk Core Certified User** | Splunk | ~$130 | [Website](https://www.splunk.com/en_us/training/certification-track/splunk-core-certified-user.html) |
23+
| **05 - Cloud SOC** | **Microsoft SC-200** | Microsoft | ~$165 | [Website](https://learn.microsoft.com/en-us/credentials/certifications/security-operations-analyst/) |
24+
25+
*Costs are approximate USD exam-voucher prices and change over time. Check each vendor for current pricing. Splunk and Microsoft both offer free official training.*
2526

2627
---
2728

2829
## Recommended Learning Path
2930

3031
### Phase 1: Foundation (3-6 months)
31-
**Target:** Security+
32+
**Target:** Security+ (~$404, CompTIA)
3233

3334
Build fundamental knowledge in:
3435
- Network security concepts
@@ -42,8 +43,8 @@ Build fundamental knowledge in:
4243
- Practice labs and simulations
4344
- Security fundamentals courses
4445

45-
### Phase 2: Core SOC Skills (4-8 months)
46-
**Target:** CySA+
46+
### Phase 2: Analyst Skills (4-8 months)
47+
**Target:** CySA+ (~$404, CompTIA)
4748

4849
Develop analyst capabilities:
4950
- Security operations and monitoring
@@ -57,50 +58,48 @@ Develop analyst capabilities:
5758
- SOC analyst training platforms
5859
- Hands-on lab environments (TryHackMe, HackTheBox)
5960

60-
### Phase 3: Incident Handling (6-12 months)
61-
**Target:** GCIH and/or CEH
61+
### Phase 3: Hands-On Defense (3-6 months)
62+
**Target:** Blue Team Level 1 (~$399, Security Blue Team)
6263

63-
Master incident response:
64-
- Incident detection and analysis
65-
- Malware analysis basics
66-
- Forensic investigation
67-
- Ethical hacking techniques
68-
- Attack methodologies
64+
Prove you can do the work in a live, graded investigation:
65+
- Practical SIEM and log analysis
66+
- Phishing analysis
67+
- Threat intelligence
68+
- Digital forensics fundamentals
69+
- End-to-end incident response
6970

7071
**Resources:**
71-
- SANS incident handling courses
72-
- EC-Council CEH training
73-
- Incident response simulations
72+
- Security Blue Team labs (included with the certification)
73+
- Hands-on ranges (TryHackMe, HackTheBox)
74+
- Real investigation practice
7475

75-
### Phase 4: Advanced Analysis (12+ months experience)
76-
**Target:** GCIA
76+
### Phase 4: SIEM Tooling (2-4 months)
77+
**Target:** Splunk Core Certified User (~$130, Splunk)
7778

78-
Specialize in intrusion analysis:
79-
- Advanced network traffic analysis
80-
- Threat hunting techniques
81-
- Deep packet inspection
82-
- Attack pattern recognition
83-
- Advanced persistent threat (APT) detection
79+
Get fluent in the SIEM most SOCs run all day:
80+
- Splunk Search Processing Language (SPL)
81+
- Building and reading dashboards
82+
- Field extraction and reporting
83+
- Alerts and scheduled searches
8484

8585
**Resources:**
86-
- GIAC training materials
87-
- Advanced threat hunting platforms
88-
- Real-world SOC experience
86+
- Splunk free official training (Intro to Splunk, Search Fundamentals)
87+
- Splunk Search Tutorial and sample data
88+
- Hands-on practice in a free Splunk instance
8989

90-
### Phase 5: Leadership (3-5 years experience)
91-
**Target:** CISSP
90+
### Phase 5: Cloud SOC (2-4 months)
91+
**Target:** Microsoft SC-200 (~$165, Microsoft)
9292

93-
Transition to strategic roles:
94-
- Security program management
95-
- Risk assessment frameworks
96-
- Security architecture design
97-
- Policy and governance
98-
- Team leadership
93+
Cover the cloud SIEM side SOCs increasingly hire for:
94+
- Microsoft Sentinel
95+
- Microsoft Defender XDR
96+
- Kusto Query Language (KQL)
97+
- Cloud detection and incident response
9998

10099
**Resources:**
101-
- CISSP study materials
102-
- Management and leadership training
103-
- Industry frameworks (NIST, ISO 27001)
100+
- Microsoft Learn (free SC-200 study path)
101+
- Hands-on Azure and Sentinel labs
102+
- KQL practice environments
104103

105104
---
106105

@@ -125,11 +124,11 @@ Transition to strategic roles:
125124

126125
## Estimated Timeline
127126

128-
- **Entry to Core:** 6-12 months
129-
- **Core to Advanced:** 1-2 years
130-
- **Advanced to Senior:** 2-3 years
127+
- **Foundation to Analyst (Security+ to CySA+):** 6-12 months
128+
- **Analyst to Hands-On (CySA+ to BTL1):** 3-6 months
129+
- **Tooling (Splunk + SC-200):** 4-8 months
131130

132-
Total time to senior-level: **4-6 years** with continuous learning and hands-on experience.
131+
Total time to job-ready: **~12-24 months** with consistent study and hands-on practice.
133132

134133
---
135134

0 commit comments

Comments
 (0)