Offsec_Community

A background in IT is a great start already and a easy transfer that a lot of people do. My biggest advice is to start getting hands on experience. There are a lot of books out there but just reading can only get you so far. Offsec has our SOC200 training out with the exam that will be coming out as well. We also have challenge labs with a play button that launches an entire attack against a network and the student has to find it in the host logs. Tryhackme is also a good resource for hands on stuff as well. CTFs are a fun way to get some experience and hands on skills like PicoCTF. Getting some security certifications will help make that switch too.

There are a ton of ways for hackers to get into a network. The biggest security risk is people. You can have all the right security measures in place and someone will mess all that up. Email or phishing attacks are huge. An attacker sends an email with malware attached and then a user clicks on it to get all their free iTunes music and boom the attacker has a foot hold in the network. Social engineering is a big way for attackers to compromise a network

Web attacks are huge too. Mismanaged websites and application are always a way to get in a network. https://owasp.org/www-project-top-ten/ has a list of the top 10 web application security risk that they keep updated and is a great source for that.

A less common way is probably like the movies show a hacker just reinforcing their way into a network.

That is a tough question haha because that can be a lot of different things depending on what technique they are using. For a general answer I would say looking for "weirdness" on the network. I always say most of a SOC analysts job is verifying "good" things. Lots of things will look weird on the network and you dig in and find its something normal. So I would be looking for things a normal user would not be doing. Things like running command that are not necessarily bad but could be used in a bad way that a normal user would not be doing. Trying to access things on the system a normal user does not need to access. Those type of things.

Do not worry about being dead weight. I will always choose an analyst who is trying to get better and has a good work ethic over someone who knows a lot and does not try to get better.

I think about this a lot since I get scam calls a lot. What some people do not know is that answering these can cause more calls to happen. Some scam calls are just being sent to random numbers to just see if it is even a real number. Then they see it is real and keep calling. So it is best to never answer.

There does need to be some sort of regulation when it comes to this. It is hard to regulate though because often these scam calls come from outside the U.S. and that makes it tough to enforce any real consequences. I do not have a solution (If I did I would probably be rich) but maybe regulating the cell phone companies so they actually put real blocks in place. The are probably in the best place to do something about it all these calls so if they have a real incentive put in place by regulations then they might spend real time trying to solve the problem (This could be a thing already but I am not sure to be honest).