Summary (1.3)
In the beginning of the chapter you learned that people, companies, and even nations can all fall victim to cyberattacks. There are various types of attackers, including amateurs who attack for fun and prestige, hacktivists who hack to further a political cause, and professional hackers who attack for profit. In addition, nations may attack other nations to gain economic advantage through the theft of intellectual property, or to damage or destroy the assets of another country. The networks that are vulnerable to attack are not just business networks of PCs and servers, but also the thousands of devices on the Internet of Things.
SOCs are responsible for preventing, detecting, and responding to cybercrime. SOCs consist of people following processes to use technologies to respond to threats. There are four main roles in the SOC. Tier 1 Analysts verify security alerts using network data. Tier 2 Incident Responders investigate verified incidents and decide on how to act. Tier 3 SMEs/Hunters are experts and are able to investigate threats at the highest level. The fourth role is the SOC Managers. They manage the resources of the center and communicate with customers. Customers can be internal or external. A SOC may be operated by a single company or may provide services to many companies. Finally, although network security is extremely important, it cannot interfere with the ability of the company and its employees to fulfill the mission of an organization.
In order to work in an SOC, you learned that you can study to earn certifications that are offered by a number of different organizations. In addition, you can pursue degrees in higher education that are relevant to cyberoperations, and learn other skills such as programming in Python. Job leads can be found at a number of employment websites, and agencies can help you to find temporary jobs, internships, or permanent employment.