This is the second of a three-part series where we dive into the world of cybersecurity operations with an exclusive interview featuring Rob Line, Principal Talent Consultant at CyberSec People. Renowned for his expertise in recruiting top-tier talent for high-stakes positions in cybersecurity, Rob brings a wealth of knowledge and insights, particularly beneficial for those aspiring to launch their careers as Security Operations Center (SOC) analysts.
In this interview Rob sheds light on the importance of continuous skill development, highlighting the need for advanced technical skills like SQL querying and digital forensics tools for career progression. He emphasizes the significance of cultivating leadership and management skills, particularly for those aspiring to higher positions such as SOC Lead or CISO. Additionally, Rob discusses the benefits of specializing versus diversifying in cybersecurity, the crucial role of networking, and the impact of contributing to the broader cybersecurity community. His insights provide a roadmap for SOC analysts aiming to navigate and excel in the ever-evolving landscape of cybersecurity operations.
For the experienced SOC analysts out there, what advanced technical skills or knowledge areas do you think are crucial to master for taking the next step in their career?
This one is very much dependent on their career aspirations. Again, advanced querying skills in SQL and other big data technologies will always be beneficial. For those who want to specialize in DFIR, for example, upskilling in the latest digital forensics tools like Axiom, KAPE, Velociraptor, etc., is essential. A candidate I recently placed, an experienced L3 escalation analyst who wanted to go exclusively into DFIR, built a home lab with some of these tools. Although he did not have commercial experience, his knowledge and understanding of the tools went down very well with his new employer, and he got the job. Most hiring managers want a candidate to have 70-80% of the skills, so there is room for growth in a give-and-take situation.
How important is developing leadership and management skills for career advancement beyond a SOC analyst role?
It is super important if the person envisions themselves as a SOC Lead, Manager, or even an executive like a CISO further down the track. The earlier a person can incorporate these skills into their daily role, the more beneficial it will be in the long term.
Can you suggest ways to cultivate these skills while still in a technical position?
Absolutely. For example, understanding risk management and business acumen involves familiarizing oneself with the frameworks and policies that underpin an organization's cybersecurity policy. A significant quick win can be knowledge management. Many companies do not give this enough attention, but if someone takes it on as a project to build out a knowledge management system that is constantly updated and socialized among the team, it will elevate everyone’s performance and can be directly linked to performance, giving an outcome to the person owning the project. Also, mentoring and upskilling more junior people with defined and documented outcomes from the learnings that show progression, and asking for constructive feedback from mentees, is key.
In your opinion, is it more beneficial for an analyst to specialize in a specific area of cybersecurity or to diversify their skill set across various domains?
My opinion, based on my daily experience in the market, is to be as generalist as possible early in your career, touching as many parts of security operations as possible and building up a holistic knowledge base. However, once you have a few years under your belt, unless being a jack of all trades is what you like doing, I would commit to becoming a master of one thing. This is where you excel, and your earning potential goes up significantly.
How can the approach taken impact a person’s career direction?
It allows the person to become an expert in a particular discipline, ensuring they will always be in demand, which essentially future-proofs their career and earning potential. This is evidenced by specialists in DFIR, for example, some of the highest-earning analysts I talk to. The value they bring in that particular domain has a significant financial impact on the business, aligning with the business acumen piece. As Elon Musk said, "you get paid proportionately to the problem you solve."
What opportunities are there for experienced SOC analysts to contribute to the broader cybersecurity community or influence the industry?
There are plenty of opportunities for experienced analysts to contribute to the Cyber community. They can give talks at conferences such as BSides, AISA, contribute to blogs, write Medium articles, or create YouTube videos, as I mentioned earlier.
How can involvement in these areas impact career growth?
It impacts immensely. Not only do these activities mean you are networking with other people who can open doors and present opportunities, but they also give potential employers an insight into your knowledge and how it can help their business. Demonstrating a passion and commitment to the industry is crucial, as passion and commitment will carry you very far.
For analysts looking to advance, what strategies would you recommend for identifying and seizing the right career opportunities?
If an analyst is looking to advance within their organization, they first need to talk to their line manager and be clear about what they want to do next and build a plan. Many of my clients are big on Learning and Development (L&D), but they want the employee to take the initiative. If you want to be a Threat Hunt SME in your team in 12-18 months, build a plan of what you think you need to do to get there, get input from your manager, agree on it together, and commit to doing the work. If you feel like you have hit a ceiling and are looking at new opportunities outside of your organization due to lack of training and development, my advice would be to find an organization that is doing the work you want to be doing. Make sure the company also has a need for the skills you currently possess. This is the give-and-take scenario I mentioned earlier: you give the employer your current skills that help their business now, and they give you the training or ability to learn new skills that align with your career aspirations. It’s a win-win; you get the training, and they get a committed employee, which is gold in such a competitive market.
How important is networking, and what are effective ways to network in our field?
Just do it! Go to as many meetups and conferences as possible. Seek out presenters who are relevant to you, introduce yourself to them before the event, and try to catch them in person when you are there. Reach out to people who are in the role now that you want to be in and ask them for advice on how they got there, their biggest challenges, and what they would do differently if they were starting over. People generally like to help others. Also, platforms like Twitter are an untapped resource for learning and networking. I have known many candidates to land jobs just due to their engagement and commitment to the platform.