Cloud Security, PowerShell Expertise Emerge as Key SOC Analyst Skills

  /     /     /  
Publicated : 23/11/2024   Category : security


Cloud Security, PowerShell Expertise Emerge as Key SOC Analyst Skills


SOC analysts should also cultivate skills like incident handling and response, threat hunting, digital forensics, Python, and bash scripting.



Though artificial intelligence is poised to drastically transform enterprise security operations centers (SOCs), for the moment at least, the top three technologies for new hires to be familiar with remain SIEM, host-based extended detection and response, and vulnerability remediation.
But a trio of other hard skills scored highly in a survey of some 400 cybersecurity practitioners that the SANS Institute
conducted on behalf of Torq
. These include a knowledge of cloud security issues, PowerShell expertise, and the ability to automate repetitive tasks and systems management functions.
Besides the top three skills, the core hard skills that are currently essential for SOC analysts include: incident handling and response, threat hunting, cloud security, digital forensics, Python, PowerShell, and bash scripting, says Dallas Young, senior technical product manager at Torq.
As for soft skills, those include critical thinking and creative, informed problem solving, attention to detail in rapidly changing environments, and communication skills at both a technical and interpersonal level, he says.
The SANS survey polled respondents from small, medium, and large companies in the US and other countries about their top SOC challenges. The responses showed that many organizations continue to struggle with issues that have plagued them for years. These include a lack of automation and orchestration of key SOC functions,
high-staffing requirements
, a
shortage of skilled staff
, and a lack of visibility. They also reported a pervasive silo mentality among security, incident response, and operations teams.
On the positive side though, the survey showed a surprising uptick in staff retention rates at many SOCs. Some 30% of respondents — a plurality — identified the average SOC tenure at their organization as being between three and five years, compared to the one-to-three year tenures that respondents indicated in previous SANS surveys.
Young chalks up the trend to the increasing automation of Tier-1 triage and analysis at more organizations. This has enabled SOC analysts to focus on more strategic and intellectually stimulating activities, such as threat hunting and advanced incident response. Its also helped alleviate the
analyst burnout
problem, he says.
Other factors that appear to have contributed to the increased retention rates include better work environments, with remote and flexible hours and management-track leadership training for high performers. In addition, for security analysts who want to maintain a technical focus, organizations are paying for more training and certification opportunities in areas of interest such as penetration testing, reverse malware engineering, and cloud security subject matter areas as examples, Young says.
Jake Williams, faculty at IANS Research and vice president of R&D at Hunter Strategy, says current job market conditions have allowed many organizations to secure more experienced SOC analysts at the same budget than they could a few years ago. This is a good thing for organizations short term, but they should be making plans now for when the job market rebounds, Williams says. Many organizations are camouflaging a lack of process with the skills these more senior analysts bring to the table.
Like Young, Williams says the biggest in-demand SOC skills — outside of the obvious core skills of SIEM and XDR — are knowledge of cloud platforms such as AWS and Azure, and understanding of Active Directory and Entra ID. Ive seen a lot

more expectation of baseline cloud knowledge, especially for senior SOC analysts, Williams notes. Given the prolific use of M365 in enterprise, theres an expectation that many senior SOC analysts know PowerShell to query GraphAPI, he says, PowerShell experience and cloud platform knowledge were niche skills a few years ago. For midtier to senior SOC analysts today, it seems like table stakes.
The SANS survey showed that many SOC practitioners arent thrilled with their initial usage of artificial intelligence and machine learning tools for SOC analysis purposes. In fact, respondents gave AI and ML tools the lowest rating when asked to rate SOC tools. However, theres little doubt that AI and GenAI technologies are set to fundamentally change the SOC and, in the process, the skills landscape as well.
Young says AI will fundamentally continue moving forward to enhance automated threat detection, proactive threat hunting, automation of repetitive and time-consuming tasks, alert fatigue reduction, and predictive analytics. Increasingly, SOC analysts are going to need to be familiar with machine learning algorithms and data analysis techniques to interpret AI-generated insights, Young says. They will also need skills to handle complex security incidents identified by AI systems and be willing to continuously learn and adapt to new AI technologies and methodologies, he says.
Williams expects AI tools to reduce the need for analysts whose sole role has been to respond to basic alarms. Junior analysts should be looking now at what tasks AI does — and doesnt — do well and educating themselves in the places they cant be replaced by AI, such as critical thinking, he says. The SOC of the future will be less about knowing that port 3389 is RDP — AI will provide that context on demand — and more about providing the why does that matter in this context?
Creative thinking when it comes to interesting problems and correlations will remain a key asset for SOC professionals, says Sajeeb Lohani, senior director of cybersecurity at Bugcrowd. Nowadays, SIEMs are capable of raising alerts, so it is quite easy to fall into a rut and churn tickets, he says. However, in my opinion, the most successful professionals are able to correlate events and understand business context when triaging and responding to such alerts. That context is key.
Lohani expects that some threats that are considered relatively niche issues in the SOC will become more important over the next few years. Currently, a large portion of SOCs havent had to deal with more niche threats like supply chain security issues, he says. I believe, over time, that will start to change, and more mature practices will [be needed] to prepare and adapt.

Last News

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security

▸ Homeland Security Background Checks Breach Raises Concerns. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Cloud Security, PowerShell Expertise Emerge as Key SOC Analyst Skills