Re: Certifications for SOC team

[krymson () gmail com]

Surprised I didn't see any responses to this, so I thought I'd chime in.

To me, people in the SOC need quite a few skills to properly analyze the traffic/alerts they see, as well as advise 
other teams on how to properly remediate issues. In this regard, I think anything may be helpful.

If you want customers to recognize the cert, you really have to delve down into CISSP (general) and CISA (audit) areas. 
Not because they demonstrate your talent, but simply because they're recognized widely.

For those team members you have with specific interests, it would be useful to be able to speak to operations teams 
realistically. This could mean getting similar certs to what they hold: Red Hat, CCNA, maybe even MCSE flavors. These 
should also help with understanding systems, alerts, and even false positives.

If you can afford it, GIAC/SANS would be an excellent choice, but not all of us work in places that splurge on such 
certs so I tend to rate it down a bit as cost-prohibitive. Also, while those of us in-the-know hold SANS up in pretty 
high regard, that does not mean people outside our business units know wtf they are. :)


<- snip ->

Hi List,

This question is specifically about certifications that may help us as
team members, to demonstrate competency to the global clients who have
assigned us a task to handle the SOC [security information center] for
them. We have been handed over this responsibilities mostly on the
basis of our experience. [ranging from 1 to 9 years]
Some of us already have CEH, but we all are looking for a line of
certs that has a good deal of respected in the industry.
Thanks in advance.

Cheers.