SOC analysts must have a large amount of formal knowledge and the analytic abilities to derive actionable insights from the data collected by the company’s various security tools. Moreover, the analyst is expected to use human behavioral and business context to identify threats and make decisions about how to respond to keep the organization safe. However, most junior security staff enter the cybersecurity job market with only theoretical knowledge of what “security” is, lacking practical analytical methodologies, detection techniques and more advanced specialized skills. New graduates often lack the practical analysis and synthesis skills, which leaves them unprepared to face the challenges they will meet in the cybersecurity world.
The 2018 SANS survey states that “gamification of the SOC via simulations, exercises, training or any other form of targeted practice is becoming the standard operating procedure for providing a SOC skill set and an effective way of retaining skilled staff”. Institutions of higher education are starting to address the deep asymmetry between frontal instructionand practical exercises by incorporating a cyber range into their cybersecurity curricula.
I have 15 years of experience in information security. I think I would enjoy a cyber range course and learn something new.