September 28, 2023 By Mark Stone 3 min read

As careers in cybersecurity become increasingly more specialized, Security Information and Event Management (SIEM) engineers are playing a more prominent role. These professionals are like forensic specialists but are also on the front lines protecting sensitive information from the relentless onslaught of cyber threats. SIEM engineers meticulously monitor, analyze and manage security events and incidents within an organization. They leverage SIEM tools to aggregate and correlate data, enabling them to detect anomalies, identify potential threats and respond swiftly to security incidents.

In their arsenal of tools, SIEM engineers also employ Security Orchestration, Automation, and Response (SOAR) and Extended Detection and Response (XDR) products. SOAR is a suite of solutions that allow organizations to collect data about security threats from multiple sources and respond to low-level security events without human assistance. It streamlines and automates the response process, enabling SIEM engineers to focus on more complex tasks. XDR solutions unify control and visibility across multiple security layers endpoints, network and servers, extending detection and response capabilities beyond the traditional perimeter, providing a holistic view of the threat landscape. By integrating SOAR and XDR into their workflows, SIEM engineers can enhance their threat detection capabilities, automate repetitive tasks and respond to incidents more efficiently and effectively.

This article aims to help aspiring SIEM engineers on their career journey, shedding light on the skills, qualifications and experiences that will equip them for this challenging yet rewarding profession.

In this exclusive Q&A, we spoke with Rod Soto, a senior principal security research engineer for a leading SIEM solution provider. He has years of experience as a SIEM engineer and is a regular presenter at many cybersecurity conferences, researcher for HackMiami and founder of Silicon Valley’s Pacific Hackers Meetup group.

What is SIEM?

Did you go to college?

Yes, I went to college. I have a bachelor’s degree in Psychology.

What did you go to school for? If not, what certifications did you obtain?

Psychology. I did obtain several IT Security certifications such as CISSP, Security+, Pentest+, GIAC, INE, etc.

What was your first role in IT?

System administrator.

If it wasn’t in security, what pushed you to pursue security?

I was always interested in information security and the hacking culture.

What is the most valuable skill you learned in your role?

Learn to think outside the box.

What soft skills do you think make a person successful a) in cybersecurity and b) specifically in SIEM engineering?

You have to have the ability to communicate and put yourself in someone else’s shoes, the ability to learn new things and technologies that will work with or integrate with SIEM.

Operating SIEM usually involves operators being able to pick up on abnormal signals, which then need to be triaged and discussed with teams of peers and superiors. The ability to spot and communicate the reasoning behind chosen alerts or incidents is fundamental to maintaining efficient operations. Also, many times when in SIEM, operators will have to communicate with either internal clients (other departments or users) or external clients.

Any parting thoughts or final piece of advice to someone looking into becoming a SIEM engineer?

Learning the fundamentals of manipulating texts and logs. Operation and knowledge of *nix operating systems are very important. Networking skills and knowledge of TCP/IP are also necessary, and this will also include packet analysis skills (Wireshark, tcpdump). Some security certifications, such as Security+ or CCNA Cyber, can help a lot in understanding security fundamentals, data labels and security operations center fundamentals.

Become familiar with SIEM technology vendors as well, download free versions of them and practice; many of them have free training and certifications — take them.

More from Security Services

How a new wave of deepfake-driven cyber crime targets businesses

5 min read - As deepfake attacks on businesses dominate news headlines, detection experts are gathering valuable insights into how these attacks came into being and the vulnerabilities they exploit. Between 2023 and 2024, frequent phishing and social engineering campaigns led to account hijacking and theft of assets and data, identity theft, and reputational damage to businesses across industries. Call centers of major banks and financial institutions are now overwhelmed by an onslaught of deepfake calls using voice cloning technology in efforts to break…

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today