Keeping up to date in any field can be challenging, but this ethos might not ring more true than in cybersecurity. The dynamic nature of the industry requires SOC analysts to always be on their toes with new and emerging threats across a constantly expanding attack surface.
New threats and vulnerabilities can pop up on a nearly daily basis. Don’t let this discourage you because this is also what can make the role so satisfying! There are numerous content channels, communities, and networking opportunities out there that will help you stay on top of your game. Here are a few recommendations to help you get started.
All the Right Content
Blogs and newsletters from cybersecurity thought leaders and expert organizations dive deep into specific areas of the industry and enable you to become a true expert in your area. Because these channels publish frequently around industry news and events, you are often learning about the latest threat intelligence and the most up-to-date tips for keeping your organization safe.
Popular cybersecurity blogs and newsletters we like:
- The Hacker News (sign up for their newsletter on the home page)
- Unit 42
- The Cloud Security Reading List
These publications also often provide opinions and thought-provoking pieces that you can use as discussion pieces within your team.
Beyond blogs and newsletters, check in on well-known outlets such as SecurityWeek, Dark Reading, and KrebsOnSecurity. These news organizations provide commentary and insight that will help you stay ahead of the curve.
There are also plenty of cybersecurity-focused podcasts if that is your preferred way to consume content. The CyberWire, BluePrint, and Malicious Life are just a few that discuss the latest news and issues across the industry.
It’s also worth engaging with other security professionals on platforms like Reddit, LinkedIn, and Twitter. These platforms host active cybersecurity communities that provide real-time updates, insights, and discussions on emerging threats and trends. Note: there has been a bit of an exodus in the infosec community space away from Twitter over the past year. If you find someone who hasn’t been active on Twitter for a while, see if they post on other channels before counting them out.
A few thought leaders in the space worth following:
- @wendynather: Wendy Nather is the Head of Advisory CISOs at DUO Security and used to work for the NSA.
- @briankrebs: Brian Krebs is the author of the blog Krebs on Security (references above)
- @k8em0: Kate Moussouris created the bug bounty program at Microsoft
There are many, many more so take some time and explore others who may be more niche or relevant to you.
Attend Industry Conferences
Don’t underestimate the value of industry conferences. By attending these events, you can discover the latest tech trends, meet industry experts, and share ideas with colleagues. Black Hat, RSA Conference, DEF CON, and Innovate are some of the best-known annual conferences and attract knowledgeable keynote speakers and panelists.
You also may want to become a member of groups like InfraGard or industry-specific ISAC groups, which offer invaluable insights and trends. Many companies provide professional development stipends or reserve portions of their budget for attending these various events. It never hurts to ask, and it demonstrates your willingness to learn more about your craft.
The cybersecurity landscape never stands still. For SOC analysts, this represents both a challenge and an opportunity. By consistently reading and engaging with the right outlets and thought leaders and attending relevant industry conferences, it’s possible to keep up with—and even stay ahead of—evolving security environments.
Ready to SOC and roll? Check out our new career guide for more insights and advice.