We’re touching base with Christopher Generazio, one of MindPoint Group’s Security Operations Center (SOC) Analysts.
How my Day Starts in the SOC
Before I start my shift, I stick my phone in the lockers next to the door to our secure room and then badge into the SOC. When I enter the Watchfloor, I can see that I am just in time for the daily stand-up meeting. In this meeting, we transition from different shifts, and each team gives a report. I take a few notes of pertinent items from the Engineering Lead, but I know that I can also reference the turnover document from the previous shift if I need to. The stand-up concludes, and I saunter over to the lead from the shift before so he can provide me with pertinent information. After he provides me a rundown, we discuss anything that needs my immediate action. Right now, there is nothing that is high-profile or needs immediate attention. Once the turnover is complete, I sit down and login, pulling up my tools.
As I pull up my inbox, I see an email comes in with a Cisco Security Advisory. So much for it being a slow day! I communicate with my partner to let him know that I am going to be out of pocket for a little while. I open the advisory and realize that thankfully it’s only for one security risk. Usually, the advisories are for 10 to 15 security risks, which can be much more time-consuming. After getting a full rundown from Cisco’s website, I start to do some independent research. This allows me to provide the best recommendation and report on this vulnerability and any potential impacts on our client’s network. After completing my research, I provide a recommendation for an advisory or a patching requirement that may need to be published. I then look at our secondary systems and deal with the incident reports that are there. An alert pops up on my desktop, letting me know that it is 1640. The blocklist needs to be completed and published by 1700 daily. I go through and validate all the items submitted to be blocked. I approve and publish it by 1657...phew, just made it! Our system pushes an email out with the updates to the block list. Now I can help my partner out with the rest of our tasks. We continue to grind through the alerts until things start to slow down around 1830. Now that things have decelerated, I get a chance review to the Standard Operating Procedures (SOPs). We have an annual requirement to review all SOPs, so if I can knock one or two out during this lull, it will pay off in the long run for us. I got through two of them with minor tweaks, but pretty much nothing changed. I’ve annotated this in our tracker, so they are good for the next year.
Transitioning for the Next Shift
Now it’s 2030, and the end of the second shift is nearing. The triage channel and the inbox have remained quiet for the most part. I begin to put together my summary report of our shift for our client. The summary report consists of the day’s tickets and a count of the different types of devices that have been lost. I do a quality check of the document, and I send it out at 2100. I check-in with my partner to make sure everything on his end is going well too. At this point in the evening, it is eerily quiet. All the employees have left for the day, except for my colleague and me. The light is dimmed so that our eyes adjust, and the floor is quiet. I begin to prep my shift turnover report, which annotates the shift’s accomplishments and leftover tasks for the night shift. As I write the turnover, I look in the inbox to make sure that I didn’t miss anything. I see a new email from our client. The recommendation that I completed and submitted earlier in the shift has been reviewed. I stop my work on the shift turnover and respond to our client acknowledging that we have received their response and that we are currently working on the issue. After I complete the response, I get back to completing the shift turnover and I make sure to add this new development. I make a mental note to tell the night crew that this is a priority and it needs to be completed as soon as possible. It 2153, I hear the door beep and open from the night crew’s arrival. They walk-in, sit at their desks, login and I commence the turnover.
Stay tuned for part 3 of the Day in the Life of a SOC Analyst blog series. In the meantime, check out current job openings at MindPoint Group!