April 27, 2023 By Mark Stone 3 min read

The role of a Security Operations Center (SOC) analyst is crucial in maintaining an organization’s security posture. A SOC analyst wears many hats but typically acts as a watchdog looking out for attacks in progress while also finding ways to boost defenses and prevent or mitigate future attacks.

In this exclusive Q&A, we spoke with Ben Philip, a level 3 SOC analyst with Acora, about his background and experience.

Did you go to college? What did you study?

I went to Queen Mary College in Basingstoke and studied a BTEC in IT, financial
management and math. In my final two years, I just focused on IT.

I then went on to complete four years at De Montfort University in Leicester, studying
Computer Security. This course included a sandwich placement year at Sir Jonathan North Community College, where I was able to gain experience as their general IT technician. This experience reinforced what I had learned in the first two years at university and enabled me to build the foundations to develop practical skills and build my confidence.

What certifications did you obtain?

Other than my college diploma and university degree, I did not study any additional cybersecurity courses.

However, once I joined Secrutiny (now Acora), they put me through a CybSafe course, which is a CCSA Qualified, IISP and GCHQ-accredited course. It was great to have found a company that was invested in me and my personal development, putting me through the courses I needed.

What was your first role in IT?

Whilst at college and my first few years of university, I worked in a car garage to pay the
bills. My first official role in IT was as a general IT technician during my sandwich placement in my third year of university.

What pushed you to pursue security?

I’ve always been interested in PCs and how they work from a young age, and it kind of took off from there. When I was approaching the end of secondary school and was choosing what I wanted to do next, I thought about what I really enjoyed doing.

I had an interest in IT and the whole problem-solving aspect. I spent a lot of time keeping up with the latest news by reading about the latest hacks, how exploits happened and how to prevent cyberattacks. At that point, I didn’t know all the intricacies of IT, but just thinking about the elements that I enjoyed really drove my enthusiasm towards cybersecurity.

What is the most valuable skill you have learned in your role?

Team communication. You’re only as good as the tools you use, but being able to communicate inside and outside your team is crucial. By having the confidence and communication skills, you can discuss ideas with people who may have different viewpoints to yourself. That creates a well-rounded team.

I know that some people in IT can sometimes be in their shells. I know what it’s like. So, clear communication is the most important skill I’ve learned.

Because of this, I have been able to grow from an “awkward” teenager to a professional and confident adult, which is a great achievement for me.

What soft skills do you think make a person successful in cybersecurity?

I’ve spoken about how confidence and communication skills are important, but also
determination, persistence and willingness to do your own background work, as well as putting in the hours, is CRUCIAL.

It’s all about getting involved at work as well as outside of work. I remember when I was first learning the ropes of my first IT role, I used to stay very late to learn new things, which really helped me in the long run — so determination and persistence are key.

Any parting thoughts or final piece of advice to someone looking into your type of role?

The best advice I could give is to read, read and read more. Stay on top of the news of IT (cyber or general IT), but don’t limit yourself to just one source of information. Be sure to get different viewpoints from multiple articles and make connections.

From a technical point of view, you don’t need to know everything already, but you should learn the basics on how operating systems work, learn the different cyber kill chains, etc. And even if you do not code, try to understand syntax and learn the basics of what it’s trying to achieve, as it really helps. By developing a basic level of understanding, you can then branch out and expand.

From a soft skills perspective, there are lots of IT and cybersecurity jobs out there, but standing out is still critical. Showing what you know and being able to explain why shows real understanding. The why is most important. Also, be honest if you don’t know something; don’t pretend to know it. Employers do not expect you to know everything right away, but they want to make sure that you are a good fit and that you have a willingness to learn.

And remember, you get in what you put out.

Review the 2023 SOC Survey

More from Security Services

Pentesting vs. Pentesting as a Service: Which is better?

5 min read - In today's quickly evolving cybersecurity landscape, organizations constantly seek the most effective ways to secure their digital assets. Penetration testing (pentesting) has emerged as a leading solution for identifying potential system vulnerabilities while closing security gaps that can lead to an attack. At the same time, a newer entrant into the security arena is Pentesting as a Service (PTaaS). Although PTaaS shares some similarities with pentesting, distinct differences make them two separate solutions. This article will discuss how these methodologies…

How I got started: Attack surface management

4 min read - As the threat landscape multiplies in sophistication and complexity, new roles in cybersecurity are presenting themselves more frequently than ever before. For example, attack surface management. These cybersecurity professionals are responsible for identifying, mapping and securing all external digital assets an organization owns or is connected to. This includes servers, domains, cloud assets and any other digital points that could be exploited by cyber criminals. Their role involves continuously monitoring these assets for vulnerabilities, misconfigurations or other potential security risks…

X-Force uncovers global NetScaler Gateway credential harvesting campaign

6 min read - This post was made possible through the contributions of Bastien Lardy, Sebastiano Marinaccio and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related…

Does your security program suffer from piecemeal detection and response?

4 min read - Piecemeal Detection and Response (PDR) can manifest in various ways. The most common symptoms of PDR include: Multiple security information and event management (SIEM) tools (e.g., one on-premise and one in the cloud) Spending too much time or energy on integrating detection systems An underperforming security orchestration, automation and response (SOAR) system Only capable of taking automated responses on the endpoint Anomaly detection in silos (e.g., network separate from identity) If any of these symptoms resonate with your organization, it's…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today