If you’re looking for a practical entry point into cybersecurity, few paths are as well-defined — or as in-demand — as the SOC analyst track. Security Operations Centers sit at the heart of every serious cyber defense program, and the people who run them are increasingly hard to find and even harder to replace. This guide covers everything you actually need to know: the skills that matter, how to build a lab from scratch, which certifications are worth your time, and what the job market looks like in 2026. For a real-world architecture case study, read Building a 24/7 Tier-1 SOC in Malaysia.
What is a SOC (Security Operations Center)?
A Security Operations Center (SOC) is where an organization’s security monitoring and incident response come together — a centralized team responsible for detecting, investigating, and responding to threats around the clock.
What is SIEM (Security Information and Event Management)?
If the SOC is the defensive team, Security Information and Event Management (SIEM) is the platform they rely on to do their job. A SIEM pulls security data from every corner of an environment — firewalls, endpoints, servers, identity providers, cloud services — and puts it all in one place where analysts can actually make sense of it.
Without a SIEM, an analyst trying to trace an attack would have to bounce between dozens of separate tools. The SIEM solves that by processing millions of events at once and surfacing the patterns that matter:
-
Log Ingestion & Aggregation: Centralizing telemetry from across the entire environment into a single, searchable data store.
-
Correlation Rules: Connecting dots across unrelated events — like a login from an unusual country immediately followed by a large data transfer — to flag likely attacks.
-
Alerting: Notifying analysts when a rule is triggered, so they can investigate while the trail is fresh.
-
Forensic Auditing: Keeping a full historical record of log data so investigators can trace exactly what an attacker did, and when.
-
Compliance Reporting: Generating the audit trails that regulators and frameworks like PCI-DSS and ISO 27001 require.
Still deciding what platform fits? See SIEM vs. SOAR - Which One Do You Need?.
Whether you end up working with commercial platforms like Splunk, Microsoft Sentinel, or Palo Alto Cortex XSIAM, or open-source tools like Wazuh and the Elastic Stack, SIEM proficiency is the single most important technical skill for landing a SOC role.
Advertisement
SOC Analyst Roles and Career Path (Tier 1, 2, 3 and Beyond)
Most SOCs organize their work using a tiered model. The idea is simple: junior analysts handle the high-volume triage work, while more experienced specialists focus on complex investigations and forensics. Here’s what each level actually looks like in practice.
Tier 1 — Triage Analyst (L1): This is the starting point for most people breaking into the field. L1 analysts live inside the SIEM, reviewing incoming alerts, filtering out false positives, and following playbooks to investigate the ones that look real. A big part of the job is the initial research — checking IP reputation, reviewing email headers, correlating events — and then escalating anything that warrants a deeper look. Speed and consistency matter a lot here.
Tier 2 — Incident Responder (L2): When Tier 1 escalates something, the L2 analyst picks it up and goes deeper. Their job is to determine the full scope of the compromise — analyzing network traffic, digging into endpoint logs, evaluating malware behavior, and deciding what containment actions to take. This might mean blocking a port, disabling an account, or pulling a host off the network entirely. Most L2 analysts have between two and five years of hands-on experience.
Tier 3 — Threat Hunter & Forensic Specialist (L3): Senior analysts don’t wait for the alerts to come to them. They actively hunt through the environment looking for advanced threats that bypassed detection — fileless malware, living-off-the-land techniques, stealthy lateral movement. They also handle deep forensics, reverse-engineer malware samples, write new detection rules (like Sigma or KQL queries), and take point on major incident response engagements.
SOC Lead / Manager: The person keeping everything running. Managers handle shift scheduling, define the detection strategy, own the tooling stack, track KPIs like Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), and translate all of it into language executives can act on.
Beyond the traditional tiers, there are some exciting specializations worth knowing about — Detection Engineering (building and tuning the analytics platform), Threat Intelligence (tracking adversary groups and translating intelligence into actionable defenses), and DFIR (digital forensics and incident response).
Below is a summary of the SOC analyst tiers and their focus areas:
| SOC Role | Typical Experience | Key Focus & Responsibilities |
|---|---|---|
| Tier 1 SOC Analyst (L1) | 0-2 years (entry level) | Monitor alerts (SIEM, IDS); initial triage of events; identify false positives vs. real threats; follow playbooks for common incidents; escalate serious issues to Tier 2. |
| Tier 2 SOC Analyst (L2) | ~2-5 years (mid-level) | Deep investigation of incidents; malware analysis and network forensics; containment and remediation actions; coordinate with IT/engineering teams; adjust security tool rules to improve detection. |
| Tier 3 SOC Analyst / Threat Hunter (L3) | 5+ years (senior) | Proactive threat hunting in logs and systems; analyze advanced/stealth threats; lead incident response for major breaches; root cause analysis; develop new detection techniques; mentor junior analysts. |
| SOC Lead / Manager | 5-10+ years | Team leadership & mentoring; ensure 24/7 coverage; incident response planning; KPI reporting (e.g. response times, number of incidents); strategy and improving SOC processes; liaise with upper management. |
Essential Skills and Certifications for SOC Analysts
Getting into a SOC role takes a mix of technical depth, sharp analytical thinking, and the ability to communicate clearly under pressure. Here’s where to focus your energy:
- Networking & OS Internals: You can’t defend something you don’t understand. Build a solid foundation in TCP/IP, DNS, routing, and common ports. On the OS side, get comfortable with both Windows and Linux — specifically reading Windows Event Logs, parsing Linux syslog output, and understanding what normal process behavior looks like versus what doesn’t belong.
- Security Fundamentals: Know your attack vectors — phishing, ransomware, credential stuffing, SQL injection, API abuse. More importantly, learn to map those attacks to defensive frameworks. The MITRE ATT&CK matrix should feel like second nature, and the Cyber Kill Chain gives you a useful mental model for understanding where in an attack you have detection opportunities.
- SIEM & Log Querying: Get hands-on with at least one query language — Splunk’s SPL or Microsoft Sentinel’s KQL are the most marketable. The ability to write a targeted query and pull back exactly the logs you need is what separates a good analyst from an average one.
- Incident Response Process: Understand the standard lifecycle: Preparation, Detection & Analysis, Containment, Eradication, Recovery, and Post-Incident Review. Knowing what to do next when an alert fires is just as important as knowing how to spot it.
- Scripting (Python/Bash/PowerShell): You don’t need to be a software developer, but basic scripting goes a long way. Being able to write a quick Python script to parse a log file, query a threat intel API, or automate a repetitive triage step makes you significantly more effective — and more hireable.
- Documentation & Technical Writing: Incident reports, SOPs, executive summaries — writing is a bigger part of this job than most people expect. If you can translate a chain of cryptic log entries into a clear, readable narrative, you’ll stand out from the crowd.
For wider career planning tips, read Cybersecurity Career Accelerator.
Recommended Certifications:
Practical skills get you the job, but certifications get your resume past the initial filter — especially in competitive markets like Singapore and Malaysia. Match your cert choices to your current experience level rather than jumping straight for advanced credentials.
| Career Stage | Certifications to Consider |
|---|---|
| Entry-Level (0-1 years) | - CompTIA Security+: The industry standard for foundational cybersecurity knowledge. - ISC2 Certified in Cybersecurity (CC): An accessible entry-level certificate covering security basics. - CompTIA Network+ (or Cisco CCNA): Critical for establishing network routing and switching fundamentals. |
| Intermediate (1-3 years) | - CompTIA CySA+ (Cybersecurity Analyst): Highly practical, focusing on threat detection, SIEM log analysis, and incident response. - Cisco/Splunk Core Certified Power User: Demonstrates practical hands-on proficiency in using Splunk. - Microsoft SC-200: Shows capabilities in managing Microsoft Sentinel and Defender operations. |
| Advanced (3+ years) | - ISC2 CISSP: The premier, management-level security certification (requires 5 years of experience). - GIAC GCIA / GCIH: Premier technical certifications from SANS focusing on intrusion analysis and incident handling. - ISACA CISM: Ideal for those transitioning into security management. |
Note: In Malaysia and Singapore, most HR departments run resumes through Applicant Tracking Systems (ATS) before a human ever sees them. Keywords like Security+, CySA+, and SC-200 carry real weight at this stage. Get the certifications, but pair every credential with something you can actually demo.
This roadmap organizes certifications into domains, skill levels (Expert, Intermediate, Beginner), and relevant sub-domains.
481 certifications listed | July 2024
✨ Communication and Network Security
The communication and network security domain covers the ability to secure communication channels and networks. Topics include secure and converged protocols, wireless networks, cellular networks, hardware operation (warranty and redundant power) and third-party connectivity. IP networking (IPSec, IPv4 and IPv6) are also included in this domain.
Expert
- CCIE Sec (Cisco Certified Implementation Expert - Security -
$2,050 Hands-on Lab, $12,000 est Travel cost) - CCIE Ent (Cisco Certified Internetwork Expert - Enterprise Infrastructure -
~$2,050 hands-on lab, ~$12,000 in travel costs) - JNCIE Sec (Juniper Networks Certified Internet Expert, Security -
$1,400 Hands-on Lab) - CCDE (Cisco Certified Design Expert -
~$1,600 written exam with hands-on lab) - FCX (Fortinet Certified Expert -
$400 written exam, $1600 in-person lab)
Intermediate
- CCNP Sec (Cisco Certified Network Professional - Security -
~$1,200 exam) - JNCIP Sec (Juniper Networks Certified Internet Professional, Security -
$400 exam) - PCNSE (Palo Alto Networks Certified Network Security Engineer -
$175 exam) - FCSS ZTA (Fortinet Certified Solution Specialist - Zero Trust Access -
$800 two exams) - F5 CSE Sec (F5 Big-IP Certified Solution Expert - Security -
$135 exam) - CCNP Ent (Cisco Certified Network Professional - Enterprise -
~$600 exam) - CCSM (Checkpoint Certified Security Master -
$350 exam) - PCSAE (Palo Alto Certified Cloud Security Automation Engineer -
$350 exam) - PCCSE (Prisma Certified Cloud Security Engineer -
$350 exam) - FCSS NS (Fortinet Certificed Solution Specialist - Network Security -
$800 two exams) - CCSE (Checkpoint Certified Security Expert -
$250 exam) - JNCIS Sec (Juniper Networks Certified Internet Specialist, Security -
$300 exam) - F5 CTS APM (F5 Big-IP Certified Technical Specialist - Access Policy Manager -
$135 exam) - FCP NS (Fortinet Certified Professional - Network Security -
$400 for 2 exams) - CCNA (Cisco Certified Network Associate -
~$330 exam) - F5 CTS DNS (F5 Big-IP Certified Technical Specialist - Domain Name Services -
$135 exam) - PCDRA (Palo Alto Networks Certified Detection and Remediation Analyst -
$155 exam) - CWSP (CWNP Certified Wireless Security Professional -
$325 exam) - CREST CCNIA (CREST Certified Network Intrusion Analyst -
$2,481 exam & essay, Hands on exam in UK)
Beginner
- F5 CA (F5 Big-IP Certified Administrator -
$135 exam) - eNDP (eLearnSecurity Network Defense Professional -
$400 exam) - MNSE (Mosse Institute Network Security Essentials -
$450 certification programme, 100% practical. No expiry.) - PCNSA (Palo Alto Networks Certified Network Security Administrator -
$155 exam) - OWSE (ISECOM OSSTMM Wireless Security Expert -
$100 annual sub, Unknown exam cost) - JNCIA Sec (Juniper Networks Certified Internet Associate, Security -
$200 exam) - FCA (Fortinet Certificed Associate -
Free course and exam required) - WCNA (Protocol Analysis Institute Wireshark Certified Network Analyst -
$299 exam) - CCSA (Checkpoint Certified Security Administrator -
$250 exam) - ITS-NS (Certiport IT Specialist - Network Security -
$127 exam) - CCT (Cisco Certified Technician -
$165 exam) - SOG NSP (SecOps Group Certified Network Security Practitioner -
$249 exam) - Net+ (CompTIA Network+ -
$369 exam) - FCF (Fortinet Certified Fundamentals Cybersecurity -
Free 3 courses with exams req) - PCCET (Palo Alto Networks Certified Cybersecurity Entry-level Technician -
$110 exam)
✨ IAM (Identity and Access Management)
(The identity and access management domain covers the attacks that target the human gateway to gain access to data. Other topics include ways to identify users with rights to access the information and servers. Identify and access management covers the topics of applications, Single sign-on authentication, privilege escalation, Kerberos, rule-based or risk-based access control, proofing and establishment of identity.)
Intermediate
- CIMP (Identify Management Institute Certified Identity Management Professional -
$295 + Membership) - FCSS SASE (Fortinet Certified Solution Specialist - Secure Access Service Edge -
$800 two exams) - CIAM (Identify Management Institute Certified Identify and Access Manager -
$390 Exam) - CIDPRO (IDPro Certified Identity Professional -
$700 exam) - SF CIAMD (SalesForce Certified Identity and Access Management Designer -
$400 exam) - CIGE (IMI Certified Identity Governance Expert -
$395 exam)
Beginner
- CIST (IMI Certfied Identity and Security Technologist -
$295 exam) - SC-300 (Microsoft Certfied: Identity and Access Administrator Associate -
$165 exam) - CAMS (IMI Certfied Access Management Specialist -
$195 exam) - SC-900 (Microsoft Certified: Security, Compliance, and Identity Fundamentals -
$99 exam)
✨ Security Architecture and Engineering
(The security architecture and engineering domain covers important topics concering security engineering plans, designs, and principles. Topics include assessing and mitigating information system vulnerabilities, fundamental concepts of security models and security architectures in critical areas like access control. Cloud systems, cryptography, system infiltrations (ransomware, fault-injection and more) and virtualized systems are also covered in this domain.)
Expert
Cloud/SysOps
- VCDX DCV (VMware Certified Design Expert in Datacenter Virtualization-
$3,995 exams, Application also req.) - VCIX DCV (VMware Certified Implementation Expert in DatacenterVirtualization -
$900 two exams) - AWS SAP (Amazon Web Services CertifiedSolutions Architect - Professional -
$300 exam) - AZ-305(Microsoft Azure Solutions Architect Expert -
$330 exam) - VCIX NV (VMware Certified Implementation Expert in NetworkVirtualization -
$900 two exams) - Google PCSA(Google Professional Cloud Architect -
$200 exam)
*nix
- RHCA (Red HatCertified Architect -
~$3,745 exam, plus travel) - RHCE (Red HatCertified Engineer -
$400 exam) - LPIC-3(Linux Professional Institute Certified: 303 Security -
$200 exam) - SCE (SUSE CertifiedEngineer -
$195 practical exam)
ICS/IoT
- ISA CE (ISACybersecurity Expert -
$2,700 course + exam, Course required) - CACE (Excida IEC 62443 CertifiedAutomation Cybersecurity Expert -
$700 exam)
General Engineering
- CREST CRTSA (CREST Registered TechnicalSecurity Architect -
$2,300 two exams, In person in the UK) - SABSA SCM (SABSA Chartered SecurityArchitect - Master Certificate -
$3,750 exam & thesis, Branded courserequired) - GDAT(GIAC Defending Advanced Threats -
$979 exam, SANS course recommended) - SC-100(Microsoft Cybersecurity Architect -
$165 exam) - SABSA SCP (SABSA Chartered SecurityArchitect - Practitioner Certificate -
$3,750 written exam, Branded courserequired) - GDSA (GIAC Defensible SecurityArchitecture -
$979 exam, SANS course recommended)
Intermediate
Cloud/SysOps
- FCSS PCS (Fortinet Certified Solution Specialist -Public Cloud Security -
$400 exam) - GCTD(GIAC Cloud Threat Detection -
$979 exam, SANS course recommended) - MS-100 (Microsoft 365 Certified EnterpriseAdministrator Expert -
$165 exam) - GPCS(GIAC Public Cloud Security -
$979 exam, SANS course recommended) - GCSA(GIAC Cloud Security Automation -
$979 exam, SANS course recommended) - FCSS SO (Fortinet Certified Solution Specialist -Security Operations -
$400 exam) - PDSO CDE(PDSO Certified DevSecOps Expert -
$1199, Exam and training bundled) - VCP DCV (VMware Certified Professional in Datacenter Virtualization -
$375exam, Branded course required) - CCSP ((ISC)2 Certified CloudSecurity Professional -
$599 exam) - FCP PCS (Fortinet Certified Professional - PublicCloud Security -
$400 for 2 exams) - AWS CSS(Amazon Web Services Certified Security - Specialty -
$150 exam) - SFCCCC(SalesForce Certified Community Cloud Consultant -
$200 exam, Must beSalesForce Admin Certified) - EXIN PCSA (EXIN Professional CloudSolution Architect -
$315 exam) - VCP NV (VMware Certified Professional in Network Virtualization-
$375 exam, Branded course required) - AZ-500 (MicrosoftAzure Security Engineer Associate -
$165 exam) - CSA CGC (Cloud Security Alliance CloudGovernance & Compliance -
$315 exam) - GCLD (GIAC Cloud Security Essentials -
$979exam SANS course recommended) - AWS SAA (Amazon Web Services CertifiedSolutions Architect - Associate -
$150 exam) - EXIN PCSerM (EXIN Professional CloudService Manager -
$315 exam)
*nix
- GCWN (GIAC Certified WindowsSecurity Administrator -
$979 exam, SANS course recommended) - CKS (Cloud Native ComputingFoundation Certified Kubernetes Security Specialist -
$375 lab, Brandedcourse required) - LFCS (Linux Foundation CertifiedSystem Administrator -
$300 exam) - FCP SO (Fortinet Certified Professional - SecurityOperations -
$400 for 2 exams) - RHCSA (Red HatCertified System Administrator -
$400 exam) - CKA (Cloud Native ComputingFoundation Certified Kubernetes Administrator -
$375 lab, Branded courserequired) - LPIC-2 (LinuxProfessional Institute Certified: Linux Engineer -
$400 2 exams)
ICS/IoT
- GRID (GIAC Response and Industrial Defense -
$979 exam, SANS course encouraged) - CSSA(Infosec Institute Certified SCADA Security Architect -
$4,599 exam, Courserequired) - ISA CDS (ISA Certified DesignSpecialist -
$2,700 course + exam) - TUV COTCP(TUV Rheinland Certified Operational Technology Cybersecurity Professional(GERMAN) -
$415 exam) - GCIP (GIAC Critical InfrastructureProtection -
$979 exam, SANS course encouraged) - ISA CRAS (ISA Certified RiskAssesment Specialist -
$2,700 course + exam, Course required)
General Engineering
- CIS LI (IBITGQ CertifiedISO 27001 Information Security Management Specialist Lead Implementer -
$2008 course exam, Branded course required) - SFCTA (SalesforceCertified Technical Architect -
$6000, Must be SF SA Certified) - SABSA SCF (SABSA Chartered Security Architect- Foundation Certificate -
$3,750 exam, Branded course required) - SPLK-3001 (Splunk Enterprise Security CertifiedAdministrator -
$130 exam, Branded course recommended) - SFSA (SalesForceSystem Architect -
$400 hands-on lab) - CCSE (ECCouncil Certified Cloud Security Engineer -
$100 exam, EC Council CourseRecommended) - MCSE (Mosse Institute Cloud SecurityEngineer -
$600 exam)
Beginner
Cloud/SysOps
- Google PCSE (Google Professional Cloud Security Engineer -
$200 exam) - EXIN PCSM (EXIN Professional CloudSecurity Manager -
$315 exam) - MDSO (Mosse Institute Certified DevSecOpsEngineer -
$450 exam) - CSA CCSK (Cloud SecurityAlliance Certificate of Cloud Security Knowledge -
$395 exam) - C)CSO (Mile2 Certified Cloud SecurityOfficer -
$550 exam) - Server+ (CompTIA Server+-
$319 exam) - PDSO CDP (PDSO Certified DevSecOps Professional -
$799, Exam and training bundled) - EXIN PCD (EXIN Professional Cloud Developer -
$315 exam) - Cloud+ (CompTIA Cloud+ -
$369 exam) - Google ACE(Google Associate Cloud Engineer -
$125 exam) - SOG CCSP-AWS (SecOps Group CertifiedCloud Security Practitioner - AWS -
$249 exam) - AWS CP(Amazon Web Services Certified Cloud Practitioner -
$100 exam) - EXIN PCA (EXIN Professional CloudAdministrator -
$315 exam) - Cloud Essnt(CompTIA Cloud Essentials -
$138 exam)
*nix
- SCA (SUSE CertifiedAdministrator -
$149 exam) - DCA (Docker CertifiedAssociate -
$195 exam) - LPIC-1 (LinuxProfessional Institute Certified: Linux Administrator -
$400 2 exams) - KCNA (Cloud Native ComputingFoundation Kubernetes and Cloud Native Associate -
$250 exam, Brandedcourse required) - Linux+ (CompTIA Linux+ -
$369 exam) - LFCA(Linux Foundation Certified IT Associate -
$200 exam) - Apple ACSP (Apple CertifiedSupport Professional -
$250 exam, Limited test locations) - A+ (CompTIA A+ -
$253 exam)
ICS/IoT
- ISA CAP (ISA CertifiedAutomation Specialist -
$467 exam) - TUV COSM (TUV Certified OTSecurity Manager -
$3,070 Course) - GICSP (GIAC Global IndustrialSecurity Professional -
$979 exam, SANS course encouraged) - AZ-220(Azure IoT Developer Specialty -
$165 exam) - ISA CFS (ISA CertifiedFundamentals Specialist -
$2,700 course + exam, Course required) - EITCA/IS (EITCA/ISInformation Security Certificate -
$120 exam) - CACS (Excida IEC 62443 CertifiedAutomation Cybersecurity Specialist -
$700 exam) - TUV COSP (TUV Certified OTSecurity Practitioner -
$2725 course) - CIOTSP (CertNexus CertifiedInternet of Things Security Practitioner -
$250 exam)
General Engineering
✨ Asset Security
(The Asset Security domain deals with the issues related to the collection, storage, maintenance, retention and destruction of data. It also covers knowledge of different roles regarding data handling (owner, controller and custodian) as well as data protection methods and data states. Other topics include resource provision, asset classification and data lifecycle management.)
Expert
- ASIS CPP (ASIS Certified Protection Professional -
$485 exam)
Intermediate
- CIPT (IAPP Certified Information Privacy Technologist -
$550 exam) - CDPSE (ISACA Certified Data Privacy Solutions Engineer -
$880 Application) - EPDPP (EXIN Privacy and Data Protection Practitioner -
$243 Exam, Course req'd) - CIPA (IMI Certified Identity Protection -
$295 Exam) - DCPP (DSCI Certified Privacy Professional -
$205 Exam) - CIMP (IMI Certified Identity Management Professional -
$295 Exam) - CDP (IMI Certified in Data Protection -
$395 Exam)
Beginner
- ASIS APP (ASIS Associate Protection Professional -
$350 exam) - CRFS (IMI Certified Red Flag Specialist -
$295 exam) - CIPP (IAPP Certified Information Privacy Professional -
$550 exam) - EPDPF (EXIN Privacy and Data Protection Foundation -
$207 exam) - EPDPE (EXIN Privacy and Data Protection Essentials -
$145 exam)
✨ Security and Risk Management
(The security and risk management domain covers general on skills related to the implementation of user awareness programs as well as security procedures. Emphasis is also placed on risk management concerning the acquisition of new services, hardware and software (supply chain). Other skills include social engineering defense mechanisms.)
Expert
- ITIL Master (ITIL Master -
$4,000 Interview) - GSE (GIAC Security Expert -
~$7475 for 10 exams) - PgMP (PMI Program Management Professional -
$1,000 exam) - CISSP Concentrations ((ISC)2 Certified Information Systems Security Professional Concentrations -
$599 exam) - NCSC CCPLP (NCSC Certified Cybersecurity Professional - Lead Practitioner -
$1388 interview) - Zach EAPro (Zachman Enterprise Architect Professional (Level 3) -
$2,999 exam & case study, Level 1 & 2 cert not req'd) - PMP (PMI Project Management Professional -
$555 exam) - CISM (ISACA Certified Information Security Manager -
$760 exam) - S-ISME (SECO Information Security Management Expert -
$850 exam) - NCSC CCPSP (NCSC Certified Cybersecurity Professional - Senior Practitioner -
$907 interview) - CISSP ((ISC)2 Certified Information Systems Security Professional -
$749 exam) - TOGAF (OpenGroup TOGAF Certified -
$360 exam) - CCISO (EC Council Certified Information Security Officer -
$3,150 course exam, Branded course required) - EEXIN ISM (EXIN Information Security Management Expert -
EST $799 oral exam) - GSTRT (GIAC Strategic Planning, Policy and Leadership -
$979 exam, SANS course recommended) - NCSC CCPP (NCSC Certified Cybersecurity Professional - Practitioner -
$225 interview) - PSM III (Scrum.org Professional Scrum Master III -
$500 exam, Branded course required) - GSP (GIAC Security Professional -
~$3735 for 5 exams) - GISP (GIAC Information Security Professional -
$979 exam, SANS course recommended)
Intermediate
GRC (Governance, Risk, and Compliance) & General Management
- ITIL SL (ITIL Strategic Leader -
$4,800 two courseexams, 2 branded courses required) - Zach EAP (Zachman Enterprise Architect Practitioner (Level 2) -
$2,999 exam & case study, Level 1 cert not req'd) - GSLC (GIAC Security LeadershipCertification -
$979 exam, SANS course recommended) - S-CISO (SECO Certified InformationSecurity Officer -
Resume review) - CASP+ (CompTIA Advanced SecurityPractitioner+ -
$509 exam) - ITIL MP (ITIL Managing Professional -
$9,600 4course exams, 4 branded courses requires) - Scrum SPS(Scrum Scaled Professional Scrum -
$250 exam) - GLEG (GIAC Law of Data Security &Investigations -
$979 exam, SANS course recommended) - CISSM (GAQMCertified Information Systems Security Manager -
$170 exam) - CGRC ((ISC)2 Certified inGovernance, Risk and Compliance -
$599 exam) - CRISC (ISACA Certified inRisk and Information Systems Control -
$760 exam) - CSM (GAQM Certified ScrumMaster -
$128 exam) - CASM (GAQM Certified AgileScrum Master -
$128 exam) - CM)ISSO (Mile2 Certified MasterInformation Systems Security Officer -
Complete C)SP, C)ISSO, C)ISSM andIS20 ($2200)) - S-ISP (SECO Information SecurityPractitioner -
$550) - Scrum PSD (Scrum Professional ScrumDeveloper -
$200 exam) - GCPM (GIAC Certified ProjectManager -
$979 exam, SANS course recommended) - BCS PCIRM (BCSPractitioner Certificate in Information Risk Management -
$287 exam) - PEXIN ISM (EXINInformation Security Management Professional -
$268 exam) - MGRC (Mosse Institute Certified GRC ExpertCertification -
$450 certification programme, 100% practical. No expiry.) - M_o_R P (Axelos M_o_R Practitioner Risk Management -
$560 exam) - CPD (GAQM CertifiedProject Director -
$210 exam) - PMI ACP (PMI Agile CertifiedPractitioner -
$495 exam) - EISM (EC CouncilInformation Security Manager -
$3,499, Branded course required) - CGEIT (ISACA Certified in theGovernance of Enterprise IT -
$760 exam) - EXIN 27001E (EXIN ISO/IEC 27001 Expert -
~$379 OralPresentation) - PECB 27005LM (PECB ISO/IEC 27005 Lead RiskManager -
~$1,595 exam, Course required) - DCCRP (DRI Certified Cyber ResilienceProfessional -
$400 Exam) - Scrum PAL (Scrum Professional AgileLeadership -
$200 exam) - CAPM (PMICertified Associate in Project Management -
$300 exam) - PSM II (Scrum.org Professional ScrumMaster II -
$250 exam) - APMG 20000P (APMG ISO/IEC20000 Practitioner -
$308 Exam, Foundation or ITIL req'd) - C)ISRM (Mile2Certified Information Systems Risk Manager -
$550 exam) - APMG 27001P (APMG ISO/IEC27001 Practitioner -
$400 exam, Application essay) - PECB 27001LI (PECB ISO/IEC 27001 LeadImplementer -
$930 exam, Course required) - Programming Language (Learning a programminglanguage is valuable to any IT professionals career. Recommendations:Python, Ruby, C++)
- CCP (EC First Certified CCMC Professional -
$2,995 exam, Courserequired) - C)ISSO (Mile2 Certified InformationSystems Security Officer -
$550 exam) - CIS RM (IBITGQ Certified ISO 27005Information Security Management Specialist Risk Management -
$2,783 courseexam, Branded course required) - EXIN 27001P (EXINISO/IEC 27001 Professional -
$279 exam) - PECB 27032CM (PECB ISO/IEC 27032Lead Cybersecurity Manager -
$899-$2,999 course exam, Course required) - C)HISSP (Mile2 Certified HealthcareInformation Systems Security Practitioner -
$550 exam) - BCS PCIAA (BCSPractitioner Certificate in Information Assurance Architecture -
$290 exam) - CCSA (EC First Certified Cyber Security Architect -
$695 exam) - PPM (GAQM Professionalin Project Management -
$210 exam) - C)ISSM (Mile2 Certified InformationSystems Security Manager -
$550 exam) - TUV ITSM (TUV ITSecurity Manager (GERMAN) -
$415 exam, Course required) - CCRMP (IBITGQ Certified in ManagingCyber Security Risk -
$2,629 course exam, Branded course required) - PECB 27005RM (PECB ISO/IEC 27005 Risk Manager -
~$995 exam, Course required) - CSBA (QAI CertifiedSoftware Business Analyst -
$350 exam + written essay)
Beginner
- CNDA (EC Council Certified NetworkDefense Architect -
$200 application, Requires CEH cert) - DACRP (DRI Associate Cyber ResilienceProfessional -
$200 exam, Course req) - CISRM (IBITGQ Certified ISO 27005Information Security Management Specialist Risk Management -
$2,783 courseexam, Branded course required) - DCRMP (DRI Certified Risk ManagementProfessional -
$400 exam, Application essay) - SSAP (SANS Security Awareness Professional -
$1219 Exam, SANS MGT433 courserecommended) - GRCP (OCEG Governance, Risk, and Compliance Professional -
$399 12 monthlicense) - SACP (The H Layer Security Awareness and CultureProfessional -
$369 Exam) - CISP (GAQMCertified Information Security Professional -
$170 exam) - Zach EAA (Zachman Enterprise Architect Associate (Level 1) -
$2,999 course exam, Branded course required) - CAD (GAQM Certified AgileDeveloper -
$128 exam) - CAC (GAQM Certified Agile Coach-
$170) - ISMI CSMP (ISMI CertifiedSecurity Management Professional -
$1159) - CSCS (EC First Certified Security Compliance Specialist -
$695exam) - APMG 27001F (APMG ISO/IEC27001 Foundation -
$400 exam, Application essay) - PECB 27001F (PECB ISO/IEC 27001 Foundation -
$500-749 exam, Course required) - C)SLO (Mile2 Certified Security LeadershipOfficer -
$550 exam) - GSEC(GIAC Security Essentials Certification -
$979 exam, SANS courserecommended) - SSCP ((ISC)2 SystemsSecurity Certified Practitioner -
$249 exam) - Security+ (CompTIASecurity+ -
$404 exam) - M_o_R Fdn (Axelos M_o_R Framework Foundation -
$495 exam) - Fair Fdn (Fair Institute Analysis Fundamentals-
$1499 exam, Course required) - PSM I (Scrum.org Professional ScrumMaster I -
$150 exam) - APMG 20000F (APMG ISO/IEC20000 Foundation -
$308 exam) - ISMI CSM (ISMICertified Security Manager -
$TBD) - BCS FISMP(BCS Foundation Certifiate in Information Security Management Principles -
$249 exam) - CC (ISC2 Certified inCybersecurity -
Free exam) - S-ISF (SECO Information SecurityFoundation -
$460 exam) - GISF (GIAC Information SecurityFundamentals -
$979 exam, SANS course recommended) - ITIL Fdn (ITIL Foundation -
$383 exam) - Project+ (CompTIA Projec+ -
$369 exam) - CIISec ICSF (CIISec Information andCybersecurity Fundamentals -
$450 exam) - FEXIN (EXIN Information Security Foundation -
$232exam) - EXIN 27001F (EXIN ISO/IEC27001 Foundation -
$232 exam) - PECB 27005F (PECB ISO/IEC 27005 Foundation -
$500-749 exam, Course required) - C CS F (IBITGQ Certified CyberSecurity Foundation -
$725 course exam, Branded course required) - CIS F (IBITGQ Certified ISO27001 Information Security Management Specialist Foundation -
$853 courseexam, Brandeed course required) - CSP (GAQM Certified SAFePractitioner -
$170 exam) - IIBA CCA (IIBA Certification in CybersecurityAnalysis -
$475 exam) - CITGP (IBITGQCertified in Implementing IT Governance - Foundation & Principles -
~$2,499course exam, Branded course required) - C)ISCAP (Mile2 Information SystemsCertification and Accredidation Professional -
$550 exam) - CSAP(Infosec Institute Certified Security Awareness Practitioner -
$2,599 exam,Course required) - PECB 27032F (PECB ISO/IEC 27032 Foundation -
$500-749 exam, Course required) - MCL (Mosse Institute Cybersecurity Leadership-
$450 exam) - ITS-C (Certiport ITSpecialist - Cybersecurity -
$127 exam)
✨ Security Assessment and Testing
(The security assessment and testing domain deals with all the techniques and tools used to find system vulnerabilities, weaknesses and potential areas of concern not addressed by security procedures and policies. Attack simulations, vulnerability assessment, compliance checks, and ethical disclosure also fall under this domain.)
Intermediate
- GSNA (GIAC Systems and Network Auditor -
$979 exam, SANS course recommended) - GCCC (GIAC Critical Controls Certification -
$979 exam, SANS course recommended) - PCI QSA (PCI Qualified Security Assessor -
$3000 req'd course) - CISA (ISACA Certified Information Systems Auditor -
$760 exam) - GMON (GIAC Continuous Monitoring -
$979 exam, SANS course recommended) - CIS LA (IBITGQ Certified ISO 27001 Information Security Management Specialist Lead Auditor -
$2,008 course exam, Branded course required) - GCIA (GIAC Certified Intrusion Analyst -
$979 exam, SANS course recommended) - CTPRA (Shared Assessment Certified Third-Party Risk Assessor -
$1295 course) - PECB 27001LA (PECB ISO/IEC 27001 Lead Auditor -
$930 exam, Course required) - IS20 (Mile2 IS20 Controls -
$550 exam) - C)ISSA (Mile2 Certified Information Systems Security Auditor -
$550 exam) - APMG 27001A (APMG ISO/IEC 27001 Auditor -
$400 exam, Application essay) - APMG 20000A (APMG ISO/IEC 20000 Auditor -
$308 Exam, Possible Course Req) - C)ISMS-LA (Mile2 Certified Information security Management Systems Lead Auditor -
$550 exam) - CIS IA (IBITGQ Certified ISO 27001 Information Security Management Specialist Internal Auditor -
$1543 course exam, Branded course required) - TUV MSA (TUV Rheinland Mobile Security Analyst (GERMAN) -
$415 exam, Course required) - CTPRP (Shared Assessment Certified Third-Party Risk Professional -
$1295 course) - IIA CIA (The Institute of Internal Auditors Certified Internal Auditor -
$1315 3 exams)
Beginner
- DCBCLA (DRI Certified Business Continuity Lead Auditor -
$400 exam, Application req) - TUV Auditor (TUV Rheinland IT Security Auditor (GERMAN) -
$415 exam, Course required) - DCBCA (DRI Certified Business Continuity Auditor -
$400 exam, Application req) - GRCA (OCEG Governance, Risk, and Compliance Auditor -
$399 12 month license) - CISST (GAQM Certified Information systems Security Tester -
$170 exam) - EXIN CIT (EXIN Cyber & IT Security -
$225 exam) - TUV CySec (TUV Rheinland Cybersecurity Specialist (GERMAN) -
$415 exam, Course required) - TUV CyAware (TUV Rheinland Cybersecurity Awareness (GERMAN) -
$415 exam, Course required)
✨ Software Security
(The software development security domain deals with implementing software-based security protocols within environments for which the IT professional is responsible. Risk analysis, vulnerability identification and auditing of source codes are all covered in this subset. Additional topics include software-designed security, maturity models, development methodologies, open-source and third-party development security.)
Intermediate
- GWEB (GIAC Certified Web Application Defender -
$979 exam, SANS course recommended) - S-CSPL (SECO Secure Programming Certified Leader -
$460 exam) - CSSLP ((ISC)2 Certified Secure Software Lifecycle Professional -
$599 exam) - CASE (EC Council Certified Application Security Engineer (.NET or Java) -
$550 exam) - DevNet Pro (Cisco DevNet Professional -
$1200 two exams, DevNet Associate req'd) - GMLE (GIAC Machine Learning Engineer -
$979 exam)
Beginner
- CASST (GAQM Certified Advanced Software Security Tester -
$210 exam) - CCSC (CertNexus Cyber Secure Coder -
$300 exam) - DevNet A (Cisco DevNet Associate -
$300 Exam) - SOG CAP (SecOps Group Certified AppSec Practitioner -
$249 exam) - CSST (GAQM Certified Software Security Tester -
$170 exam) - C)SWAE (Mile2 Secure Web Application Engineer -
$550 exam) - MASE (Mosse Institute Certified Application Security Engineer -
$450 exam) - S-SPF (SECO Secure Programming Foundation -
$460 exam)
✨ Security Operations
(The security operations domain covers topics ranging from investigations and digital forensic to detection and intrusion prevention tools, sandboxing and firewalls. Topics include user and entity behavior analytics, threat intelligence (threat hunting and threat feeds) log management, artifacts (mobile, computer and network), machine learning and AI-based tools, penetration testing, and exploitation development.)
Expert
Forensics
- GREM (GIAC Reverse Engineering Malware -
$979exam, SANS course recommended) - CFCE (IACIS Certified Forensic ComputerExaminer -
$750 4 peer reviewed exams) - CSFA (CSIAC CyberSecurityForensic Analyst -
$750 exam & lab) - GIME (GIACiOS and MacOS Examiner -
$979 exam, SANS course recommended)
Incident Handling & Threat Intelligence
- CCD (Certified CyberDefender -
$800course, 2 exam attempt included) - CAWFE (IACIS Certified AdvancedWindows Forensic Examiner -
$750 written exam & lab) - GCFA (GIAC Certified ForensicAnalyst -
$979 exam, SANS course recommended) - GCTI (GIAC Cyber ThreatIntelligence -
$979 exam, SANS course recommended) - CFSR (OpenText Certified ForensicSecurity Responder -
$250 written exam & lab) - GNFA(GIAC Network Forensic Analyst -
$979 exam, SANS course recommended) - MTIA (Mosse Institute CertifiedThreat Intelligence Analyst Certification -
$450 certification programme,100% practical. No expiry.) - GCFR (GIAC Cloud Forensics Responder -
$979exam, SANS course recommended) - BTL2 (Security Blue Team Level 2 -
$2,190course, 1 exam attempt included)
Penetration Testing
- CREST CSAM (CRESTCertified Simulated Attack Manager -
$2,499 2 exams) - MRT (Mosse Institute Certified Red TeamerCertification -
$450 certification programme, 100% practical. No expiry.) - CREST CCTINF (CREST CertifiedInfrastructure Tester -
$2,520 exam & lab) - HTB CWEE (Hack the Box Certified WebExploitation Expert -
$1260 Subscription available)
Exploitation
- OSEE (Offensive SecurityExploitation Expert -
$5,000 lab, Plus travel) - OSCE3 (Offensive Security Certified Expert 3 -
$4649 3 labs) - OSWE (Offensive SecurityWeb Expert -
~$1649 lab) - OSEP (OffensiveSecurity Experienced Penetration Tester -
$1,499 lab) - OSED (OffensiveSecurity Exploit Developer -
$1,499 lab) - GXPN (GIAC Exploit Researcherand Advanced Penetration Tester -
$979 exam, SANS course recommended) - GAWN (GIAC Assessing WirelessNetworks -
$979 exam, SANS course recommended)
Intermediate
Forensics
- GCFE (GIAC Cerified ForensicsExaminer -
$979 exam, SANS course recommended) - GASF (GIAC Advanced Smartphone Forensics -
$979 exam, SANS course recommended) - Cisco COP (Cisco CertifiedCyberOps Professional -
$700 two exams) - CCFE(Infosec Institute Certified Computer Forensics Examiner -
$4,599 exam,Course required) - MCPE (Mosse Institute CertifiedCyber Protection Expert -
$800 exam) - CMFE(Infosec Institute Certified Mobile Forensics Examiner -
$1,699 exam,Course required) - GX-FA (GIAC Experienced Forensics Analyst -
$1299 exam, SANS course recommended) - CDRP(Infosec Institute Certified Data Recovery Professional -
$4,599 exam,Course required) - eCDFP(eLearnSecurity Certified Digital Forensics Professional -
$400 exam) - GPYC (GIAC PythonCoder -
$979 exam, SANS course recommended) - MDFIR (Mosse Institute Certified DFIRSpecialist -
$450 certification programme, 100% practical. No expiry.) - SC-400 (Microsoft Certified InformationProtection Administrator Associate -
$165 exam) - CCE (ISFCE Certified Computer Examiner-
$485 written exam) - CM)DFI (Mile2 Certified MasterDigital Forensic Investigator -
Complete C)SP, C)DFE, C)NFE and C)CSA($2200)) - EnCE(OpenText EnCase Certified Examiner -
$200 two exams) - ACE(AccessData Certified Examiner -
$100 + software)
Incident Handling & Threat Intelligence
- GEIR (GIAC Enterprise Incident Response -
$979 exam, SANS course recommended) - eCTHP(eLearnSecurity Certified Threat Hunting Professional -
$400 lab) - GCED (GIAC Certified Enterprise Defender -
$979 exam, SANS course recommended) - GCDA (GIAC Certified Detection Analyst -
$979exam, SANS course recommended) - GCIH (GIAC Certified ForensicsAnalystr -
$979 exam, SANS course recommended) - MTH (Mosse Institute Certified Threat HunterCertification -
$450 certification programme, 100% practical. No expiry.) - CREST CRIA (CREST RegisteredIntrusion Analyst -
$612 exam & lab) - CREST CRTIA (CRESTRegistered Threat Intelligence Analyst -
$615 2 exams) - CREST CCHIA (CRESTCertified Host intrustion Analyst -
$2,481 exam & essay, Hands on exam inUK) - eCIR(eLearnSecurity Certified Incident Responder -
$400 lab) - C)IHE (Mile2 Certified Incident HandlingEngineer -
$550 exam)
Penetration Testing
- PACES (Pentester Academy CertifiedEnterprise Security Specialist -
$339-749 Lab access, Exam included) - S-CEHL (SECO Certified Ethical Hacker Leader -
Application) - CREST CRT (CREST RegisteredPenetration Tester -
$612 exam) - CRTO II (ZeroPoint Security Red Team Operator II -
$121 lab) - S-EHE (SECO Ethical Hacker Expert -
TBD(still), Being redesigned) - CREST CCTIM (CRESTCertified Threat Intelligence Manager -
$2,480 3 exams) - OSCP (Offensive SecurityCertified Professional -
$1,499 labs) - GX-PT(GIAC Experienced Penetration Tester -
$1299 exam, SANS course recommended) - GPEN (GIAC CertifiedPenetration Tester -
$979 exam, SANS course recommended) - OSWP (Offensive SecurityWireless Professional -
$450 labs) - CRTO (Zero PointSecurity Certified Red Team Operator -
$121 lab) - LPT(EC Council Licensed Penetration Tester -
$899 exam) - PNPT (TCM Security Practical NetworkPenetration Tester -
$299 exam) - GCPN (GIAC Cloud PenetrationTester -
$2,499 exam, SANS course recommended) - GRTP(GIAC Red Team Professional -
$979 exam, SANS course recommended) - SOG CAPenX (The SecurityOps Group CertifiedAppSec Pentesting eXpert -
$800 exam) - CSTL (CyberScheme Team Leader -
$1945 exam) - eCPPT(eLearnSecurity Certified Professional Penetration Tester -
$400 lab) - eWPT(eLearnSecurity Web Application Penetration Tester -
$400 lab) - CM)IPS (Mile2 Certified MasterIntrusion Prevention Specialist -
Complete C)VA, C)PEH, C)PTE and C)PTC($2200)) - HTB CBBH (Hack the Box Certified Bug Bounty Hunter-
$145 modules + $210 exam, $490 Subscription available)
Exploitation
- eWPTX (eLearnSecurityWeb Application Penetration Tester eXtreme -
$400 exam, $2000 training) - CREST CCSAS (CRESTCertified Simulated Attack Specialist -
$2,520 2 exams & lab) - MCD (Mosse Institute CertifiedCode Deobfuscation Specialist Certification -
$450 certification programme,100% practical. No expiry.) - GMOB (GIAC Mobile Device Security Analyst -
$399 exam, SANS course recommended) - PJMR (Practical Junior MalwareResearcher -
$399 lab) - CREA(Infosec Institute Certified Reverse Engineering Analyst -
$4,599 exam,Course required)
Beginner
Forensics
- OSIP (IntelTechniques OpenSource Intelligence Professional -
$300 practical exam) - Cisco COA (Cisco Certified CyberOpsAssociate Cyber Operations -
~$325 exam) - C)CSA (Mile2 Certified CybersecurityAnalyst -
$550 exam) - CHFI (EC Council Computer HackingForensics Investigator -
$650 exam) - SC-200 (Microsoft Certified: Security OperationsAnalyst Associate -
~$165 exam) - MRCI (Mosse Institute RemoteCybersecurity Internship Programme -
$49 certification programme, 100%practical. No expiry.) - EDRP(EC Council Disaster Recovery Professional -
$450 exam) - HTB CDSA (Hack the Box Certified DefensiveSecurity Analyst -
$145 modules + $210 exam, $490 Subscription available) - CySA+ (CompTIACybersecurity Analyst+ -
$404 exam) - CSX-P (ISACA Cybersecurity Practitioner -
$549lab) - C)NFE (Mile2Certified Network Forensics Examiner -
$550 exam, Groups only) - GOSI(GIAC Open Source Intelligence -
$979 exam, SANS course recommended) - OPSA (ISECOM OSSTMM ProfessionalSecurity Analyst -
$100 annual sub, Unknown exam fee) - CSAE (Cyber Struggle AEGIS -
$1700 course exam, Branded course required) - ASIS PCI (ASIS Professional CertifiedInvestigator -
$485 exam) - MOIS (MOIS Certified OSINT Expert Certification-
$450 certification programme, 100% practical. No expiry.) - CFA (GAQMCertified Forensic Analyst -
$128 exam) - CSA (EC CouncilCertified SOC Analyst -
$550 exam) - GFACT (GIAC FoundationalCybersecurity Technologies -
$979 exam, SANS course recommended) - ECSS (ECCouncil Certified Security Specialist -
$249 exam) - C)DFE (Mile2 Certified Digital ForensicsExaminer -
$550 exam) - C)SP (Mile2 Certified Security Principles -
$550 exam) - CSCU (ECCouncil Certified Secure Computer User -
$125 exam) - MICS (Mosse Institute Introductions toCyber Security -
Free exam)
Incident Handling & Threat Intelligence
- S-TA (SECO Certified Threat Analyst -
$550 exam) - ECIH (EC Council Certified IncidentHandler -
$300 exam) - OSDA (OffensiveSecurity Defense Analyst -
$2,499 exam, Learning subscription required) - CFR (CertNexusCyberSec First Responder -
$250 exam) - CTIA (EC Council Certified Threatintelligence Analyst -
$450 exam) - MAD SOCA (Mitre Att&ck Defender SecurityOperations Center Assessment -
$299 annual subscription) - MAD CTI (Mitre Att&ck Defender Cyber Threatintelligence -
$299 annual subscription) - CCOA (ISACA Certified CybersecurityOperations Analyst -
$760 exam) - CREST CPIA (CRESTPractitioner Intrusion Analyst -
$425 exam) - MESE (Mosse InstituteEnterprise Security Engineer -
$450 exam) - CREST CPTIA (CRESTPractitioner Threat Intelligence Analyst -
$425 exam) - S-SA (SECO Associate SOC Analyst -
$480exam) - DV AOPH (Dark Vortex AdversaryOperations and Proactive Hunting -
$2500 exam, Course required) - CND (ECCouncil Certified Network Defender -
$550 exam) - CSX-F (IBITGQ CyberIncident Response Management Foundation -
$768 course exam, Branded courserequired) - DV MILF (Dark Vortex Malware Incident and LogFoensics -
$2000 exam) - CIRM Fdn (IBITGQ CyberIncident Response Management Foundation -
$768 course exam, Branded courserequired)
Penetration Testing
- C)PSH (Mile2 Certified Powershell Hacker -
$550 exam) - CMWAPT(Infosec Institute Certified Mobile and Web App Penetration Tester -
$4,599exam, Course required) - C)PTC (Mile2 Certified Penetration TestingConsultant -
$550 exam) - CRTOP(Infosec Institute Certified Red Team Operations Professional -
$4,599exam, Course required) - CSR (Cyber Struggle Ranger -
Location Based Cost, Course Req) - CEH (ECCouncil Certified Ethical Hacker -
$1,199 exam) - SOG CAPen (The SecOpsGroup Certified AppSec Pentester -
$500 exam) - C)PTE (Mile2Certified Penetration Testing Engineer -
$550 exam) - SOG CNPen (The SecOpsGroup Certified Network Pentester -
$500 exam) - DV RTOS (Dark Vortex Red Team & OperationalSecurity -
$2500 exam, Course required) - SOG CMPen And (The SecOps Group CertifiedMobile Pentester - Android -
$400 exam) - SOG CMPen iOS (The SecOps Group Certified MobilePentester - iOS -
$400 exam) - DV MoS (Dark Vortex Malware on Steroids -
$2000 exam, Courserequired) - Pentest+ (CompTIA Pentes+ -
$404 exam) - C)VA (Mile2 CertifiedVulnerability Assessor -
$550 exam) - KLCP (Kali Linux Certified Professional -
$299exam)
Exploitation
- eMAPT(eLearnSecurity Mobile Application Penetration Tester -
$400) - BSCP (Portswigger Burp SuiteCertified Practioner -
$99 exam) - OPST (ISECOM OSSTMM ProfessionalSecurity Tester -
Unknown) - OSWA (OffensiveSecurity Web Assessor -
$2,499 Exam, Learning subscription required) - CSTM (CyberScheme Team Member -
$610 exam) - eJPT (eLearnSecurity JuniorPenetration Tester -
$249 lab) - S-EHP (SECO Ethical Hacking Practitioner -
$550 exam) - CHAT (ISECOM Certified Hacker AnalystTrainer -
$100 annual sub, Unknown exam price) - CREST CPSA (CRESTPractitioner Security Analyst -
$425 exam) - OPSE (ISECOM OSSTMM ProfessionalSecurity Expert -
$100 annual sub, Unknown exam cost) - MPT (Mosse Institute CertifiedPenetration Tester Certification -
$450 certification programme, 100%practical. No expiry.) - CPENT (EC Council CertifiedPenetration Testing Professional -
$999 exam) - CREST CCTAPP (CRESTCertified Web Application Tester -
$2,520 exam & lab) - HTB CPTS (Hack the Box CertifiedPenetration Testing Specialist -
$200 modules + $210 exam, $490Subscription available) - MRE (Mosse Institute Certified ReverseEngineer Certification -
$450 certification programme, 100% practical. Noexpiry.) - ECES (EC Council CertifiedEncryption Specialist -
$249 exam) - MCPT (Mosse Institute Cloud PenetrationTester -
$450 exam) - C)PEH (Mile2 CertifiedProfessional Ethical Hacker -
$550 exam) - GCPEH (GAQMCertified Professional Ethical Hacker -
$170 exam) - EEHF (EXIN Ethical Hacking Foundation -
$232 exam) - S-EHF (SECOEthical Hacking Foundation -
$460 exam) - CHA (ISECOM Certified Hacker Analyst-
$100 annual sub, Unknown exam cost) - DV OTD(Dark Vortex Offensive Tool Development -
$2000 exam, Course required) - MVRE (Mosse Institute Vulnerability Researcher and Exploitation Specialist -
$450 Exam)
Advertisement
Leading SIEM Platforms in 2026: Commercial vs. Open Source
There’s no shortage of SIEM vendors claiming to be the best. The good news is that as an analyst, you don’t need to master all of them — the core concepts of log ingestion, correlation rules, and search queries transfer cleanly from one platform to another. Once you understand how to think in one SIEM, picking up the next one is mostly a matter of learning new syntax.
That said, it helps to know the landscape. Here’s an honest look at where the major platforms stand in 2026.
Commercial SIEM Platforms
Enterprise SIEMs are built for scale and come with vendor support, pre-built integrations, and dedicated professional services teams. The tradeoff is cost — licensing can get expensive quickly as your data volume grows.
| SIEM Tool | Vendor / Owner | Key Features & 2026 Market Context |
|---|---|---|
| Splunk Enterprise Security | Cisco (USA) | The long-standing market leader, known for its incredibly flexible Search Processing Language (SPL) and vast app ecosystem. Now fully integrated under Cisco, it remains the gold standard for large enterprises, though licensing costs remain high as data volume scales. |
| Microsoft Sentinel | Microsoft (USA) | A cloud-native SIEM running natively in Azure. It utilizes Kusto Query Language (KQL) and offers seamless integration with Microsoft 365, Azure Active Directory, and the Defender suite. It is highly popular due to its pay-as-you-go pricing model. |
| Cortex XSIAM / QRadar | Palo Alto Networks (USA) | In a massive shift, IBM sold its QRadar SaaS assets to Palo Alto Networks, which is actively migrating clients to its AI-driven Cortex XSIAM platform. Traditional QRadar on-premise deployments still exist but are legacy. |
| ArcSight ESM | OpenText (Canada) | A veteran SIEM platform still widely used in legacy government and large enterprise environments. While it features robust correlation engine capabilities, it is often considered complex to manage compared to modern alternatives. |
| RSA NetWitness | RSA Security (USA) | Combining log analysis with deep packet inspection and network security monitoring. It provides excellent forensic detail but requires substantial infrastructure and resources to maintain. |
Want to understand how SIEM fits alongside automation tools? See SIEM vs. SOAR - Which One Do You Need?.
Open-Source and Community SIEM Tools
If you’re building a home lab or working in a resource-constrained environment, open-source SIEMs are where most people start — and for good reason. They require more configuration effort, but that manual setup is exactly what teaches you how these systems actually work.
| SIEM Tool | Overview & Features | Pros & Cons |
|---|---|---|
| Elastic Security (ELK) | The popular Elasticsearch, Logstash, and Kibana stack configured with security rules. Offers lightning-fast search and beautiful dashboards. | Pros: Highly customizable, massive community support, and great for parsing unstructured logs. Cons: Resource-intensive; advanced features like machine learning require paid licensing. |
| Wazuh | A comprehensive security monitoring platform that merges SIEM with Endpoint Detection and Response (EDR). It uses lightweight host agents to monitor file integrity, system calls, and active responses. | Pros: Free, includes built-in compliance rules (PCI-DSS, NIST), and has an easy-to-use Kibana-based interface. Cons: Configuring custom alerts and advanced rules can have a steep learning curve. |
| Graylog | A streamlined log management engine that works well for basic SIEM use cases. Focuses on fast search and simple alerting workflows. | Pros: Much lighter than ELK and easier to configure out of the box. Cons: Lacks advanced correlation capabilities without custom scripting or commercial add-ons. |
| Security Onion | A specialized Linux distribution built specifically for network security monitoring, intrusion detection, and log management. Packages tools like Zeek, Suricata, and Wazuh. | Pros: An all-in-one blue team toolkit. Perfect for learning network forensics. Cons: Demands high memory and CPU; can be overwhelming for absolute beginners. |
| AT&T Cybersecurity OSSIM | The open-source engine behind AT&T’s commercial USM platform. Integrates asset discovery and Snort-based intrusion detection. | Pros: Broad feature set integrated into a single console. Cons: The open-source version is legacy, receives fewer updates, and is mostly used in lab environments. |
For hands-on career prep, start with either Wazuh or the Elastic Stack. Both have active communities, solid documentation, and the skills you build with them map directly to what you’ll use on the job in a professional SOC.
Hands-On Practice: Setting Up Your SOC Home Lab
Reading about SIEM tools is a fine starting point. Actually using one to catch a simulated attack is what makes you hireable. Employers in this field consistently say the same thing — they’d rather hire someone with a home lab and real curiosity than someone with a certification and no practical experience.
Here’s how to build a working mini-SOC on your own machine:
- Set Up the Infrastructure: You don’t need expensive hardware. A laptop with 16 GB of RAM can comfortably run two or three VMs using VirtualBox or VMware Workstation Player. If your machine is underpowered, the free tiers on AWS or Microsoft Azure work well too.
- Deploy Your VMs: Spin up a Windows 10/11 VM (your simulated target workstation) and a Linux VM running Ubuntu Server or Debian.
- Need help with the Linux setup? Check out Debian Lab Setup for Cyber-Security Enthusiast.
- Install Your SIEM: Deploy Wazuh or Elastic Security on a dedicated VM. If you want commercial experience, Splunk offers a free Developer License that gives you access to the full platform for personal use.
- Start Ingesting Logs:
- On your Windows VM, install Sysmon using a community config like SwiftOnSecurity’s — this will capture rich telemetry including process creations, network connections, and file modifications.
- Install the appropriate log forwarder (Wazuh Agent, Splunk Universal Forwarder, or Winlogbeat) on each VM and point it at your SIEM.
- Simulate Attacks — Actually Do This: An empty SIEM is useless for learning. Start generating data by simulating real attack techniques:
- Use Atomic Red Team to safely execute MITRE ATT&CK techniques and watch what appears in your logs.
- Run manual simulations: an Nmap scan, a PowerShell credential-testing script, or a basic brute-force attempt against your Windows VM.
- Build Detections:
- After each simulation, dig into your logs and find the exact events that were generated. Which Event IDs fired? What did the process tree look like?
- Write a detection rule for what you found — something like: Alert when a single IP triggers more than 10 failed authentication attempts within 60 seconds. This is the actual work SOC engineers do every day.
Building a Portfolio That Gets You Interviews
A lab that only you know about isn’t worth much. Document your work and make it visible:
- GitHub: Push your detection rules, KQL/SPL queries, and automation scripts. Even a well-organized repo with five solid detections tells a story about how you think.
- Incident Write-Ups: After each lab exercise, write a short structured report — what you detected, how you investigated, and what the remediation steps would be. Treat it like a real incident report.
- Blog Posts: Writing about your lab work serves double duty — it demonstrates technical writing skills (which SOC roles require constantly) and shows the kind of initiative that stands out during interviews.
- For an easy addition to your home lab, see Building a Pi-hole for Enhanced Network Security.
Landing the Job: Resume and LinkedIn Optimization
Skills and lab work get you to this point. Now you need to package them in a way that gets past the ATS filters and actually earns you an interview.
Writing a Resume That Works
- Lab Work Counts: No professional security experience? That’s fine — list your home lab under a “Technical Projects” section. Be specific about what you built and why. “Deployed Wazuh on a three-VM home lab, configured Sysmon telemetry ingestion, and wrote custom detection rules for credential dumping and lateral movement” is far more compelling than a generic skills list.
- Use the Right Keywords: ATS systems are looking for specific terms. Make sure SIEM, SOC, Log Analysis, Incident Response, KQL, SPL, and MITRE ATT&CK appear naturally throughout your resume — not crammed into a keyword section at the bottom.
- Put Numbers In: Quantify your work wherever you can. “Investigated 12 simulated incident scenarios across a 3-VM lab environment” or “Wrote 8 custom Wazuh detection rules covering techniques in the Credential Access and Discovery MITRE ATT&CK tactics” — these are concrete and memorable.
Using LinkedIn Strategically
- Your Headline is a Keyword Field: Drop “Student” or “Job Seeker” and use something like “Aspiring SOC Analyst | CompTIA Security+ | Home Lab Practitioner | KQL & Sysmon”.
- Post About Your Lab: When you finish a project, write a short post about it. Share a screenshot of your SIEM catching a simulated attack with a brief explanation of what happened. This kind of content performs well and puts you in front of hiring managers organically.
- Engage, Don’t Just Connect: Find SOC managers, senior analysts, and recruiters in your target market. Comment thoughtfully on their posts, ask genuine questions. Getting on someone’s radar through genuine engagement is far more effective than a cold connection request with no context.
Managed Security Providers (MSSPs) and Freelance Pathways
Not every SOC role is an in-house corporate position, and some of the best entry-level opportunities are in places people don’t always think to look.
- Managed Security Service Providers (MSSPs): MSSPs monitor security for multiple client organizations simultaneously. If you want to accelerate your learning as fast as possible, this is where to start. The sheer volume and variety of incidents you’ll see in an MSSP environment in six months can take years to encounter in a quieter in-house SOC.
- SOC-as-a-Service (SOCaaS): Many mid-sized organizations outsource their monitoring entirely to SOCaaS providers, and these providers are almost always hiring Tier 1 analysts. The work is similar to traditional SOC roles but often involves broader tool sets and faster-moving environments.
- Freelance Consulting: Full-time freelance SOC work is genuinely rare — data privacy constraints make it difficult. But smaller businesses frequently need someone to configure a cloud SIEM, build a compliance report, or audit their current log coverage. Platforms like Upwork see demand for this work, especially from companies just getting their security programs off the ground.
Thinking about exploring the offensive side of security too? Read Launching a Penetration Testing Career in Malaysia & Singapore.
Here are the top platforms to search for entry-level security jobs, remote contracts, and local listings:
✨ Top 20 Job Boards in Singapore
| # | Website | Focus / Notes |
|---|---|---|
| 1 | MyCareersFuture | Official government portal; trusted source for local IT jobs |
| 2 | JobStreet SG | Popular across SEA; strong in tech, finance, and corporate hiring |
| 3 | LinkedIn Jobs | Top choice for IT professionals and remote-friendly opportunities |
| 4 | eFinancialCareers SG | Great for fintech, cyber risk, and IT roles in banking sector |
| 5 | Tech in Asia Jobs | Focused on startups, regional tech jobs, and remote options |
| 6 | NodeFlair | Singapore-based tech career platform with salary transparency |
| 7 | STJobs | Backed by The Straits Times, mostly local listings |
| 8 | JobTech | AI-driven platform that curates real-time job market data |
| 9 | Glints SG | Fast-growing platform for tech & creative roles, great for startups |
| 10 | JobsCentral SG | Covers both IT and non-IT sectors; good for fresh grads |
| 11 | StartupJobs Asia | Startup-centric, often includes equity-based and flexible roles |
| 12 | HackerTrail | Tech-specific hiring platform, includes coding challenges |
| 13 | Wantedly SG | Company culture-focused job search for startups and tech firms |
| 14 | Monster SG | International platform, useful for IT and expat positions |
| 15 | GrabJobs | Features chatbot-based application process, includes tech support roles |
| 16 | Xcruit | New-age job platform with integrated video resumes |
| 17 | InternSG | Best for internships, junior roles in IT, marketing, and engineering |
| 18 | TalentTribe | Visual job descriptions, focuses on tech and youth jobs |
| 19 | JobsDB SG | Still active, though many jobs are mirrored with JobStreet |
| 20 | DrJobs SG | Popular in the expat and overseas Singaporean community |
✨ Top 20 Job Boards in Malaysia
| # | Website | Focus / Notes |
|---|---|---|
| 1 | JobStreet | Most popular job portal in Malaysia, strong IT category |
| 2 | Great for IT & cybersecurity, allows direct networking with employers | |
| 3 | JobsCentral | IT, engineering, and graduate jobs |
| 4 | Hiredly (WOBB) | Young, startup-friendly; includes internships & entry-level IT roles |
| 5 | myFutureJobs | Government portal, good for local IT and GLC jobs |
| 6 | Tech in Asia Jobs | Startup-focused, regional, many remote tech jobs |
| 7 | Glints | IT jobs in startups & SMEs, also has freelance and contract listings |
| 8 | FastJobs | Simple UI; has tech support, IT admin, and basic dev jobs |
| 9 | Jobstore | Broad platform, decent number of tech job listings |
| 10 | Indeed Malaysia | Global portal, wide range of local and expat-friendly IT roles |
| 11 | Job Majestic | Specializes in high-paying or niche roles, strong tech presence |
| 12 | FutureLab | Mentorship platform with growing job board for students and juniors |
| 13 | Monster Malaysia | Older platform but still lists IT jobs across Asia |
| 14 | Bossjob | AI-based matching, supports messaging employers directly |
| 15 | JobCart | Malaysian job portal gaining traction in tech & digital job markets |
| 16 | Jobify | Emerging site, startup jobs, internships, tech openings |
| 17 | Ricebowl | Bilingual portal (English/Chinese), includes tech jobs |
| 18 | TribeHired | For tech and startup talent, includes high-level developer roles |
| 19 | Maukerja | Blue-collar + tech support/IT admin roles |
| 20 | InternSheeps | Internships in IT, cybersecurity, and digital marketing |
✨ Top 10 Remote IT Job Sites
| # | Website | Focus / Highlights |
|---|---|---|
| 1 | We Work Remotely | One of the oldest & largest platforms for remote software & DevOps jobs |
| 2 | Remote OK | Remote tech jobs with global employers; filter by timezone |
| 3 | Turing | U.S. companies hiring vetted remote developers from Asia |
| 4 | Remotive | Curated list of remote dev, cloud, and cyber jobs globally |
| 5 | Jobspresso | Remote-only jobs in tech, sysadmin, cybersecurity, product, and support |
| 6 | Working Nomads | Daily updated list of remote tech roles from global sources |
| 7 | Outsourcely | Remote jobs from startups looking to hire directly - no commission cuts |
| 8 | Pangian | Remote jobs with timezone matching; strong in tech, cyber, data |
| 9 | Hubstaff Talent | Free remote job marketplace for freelancers and long-term IT contracts |
| 10 | CodementorX | High-paying freelance/remote developer jobs, especially for experienced devs |
Advertisement
2026 Salary Expectations & Job Market Insights
Knowing what the market pays is important — both for setting realistic expectations and for negotiating confidently when an offer comes in. Here’s where salaries currently stand across the region.
- Malaysia: The talent gap in cybersecurity remains significant, and demand for qualified analysts has pushed salaries steadily upward. Most enterprise SOCs also pay shift allowances on top of base salary, which can meaningfully improve total compensation at the Tier 1 level.
- Junior / Entry-Level: RM 3,500 – RM 5,500 per month
- Mid-Level: RM 6,000 – RM 10,000 per month
- Senior / Lead: RM 11,000+ per month
- Singapore: Singapore’s position as Southeast Asia’s financial and tech hub drives some of the highest security salaries in the region. Cost of living is higher to match, but so is the ceiling.
- Junior / Entry-Level: SGD 4,000 – SGD 5,500 per month
- Mid-Level: SGD 6,500 – SGD 9,500 per month
- Senior / Lead: SGD 10,500 – SGD 15,000+ per month Certifications like Security+ or CySA+ combined with demonstrated lab experience carry a lot of weight with Singapore-based hiring managers.
- Remote Roles: With a few years of experience and solid communication skills, remote roles for US, UK, and European companies are genuinely accessible from Southeast Asia. Earning in USD or GBP while living in Kuala Lumpur or Penang is a powerful combination.
Beyond the money, the Tier 1 SOC role is one of the best career springboards in the field. From there, the natural progressions into Incident Response, Threat Hunting, DFIR, and Cloud Security all pay significantly more — and they’re much easier to reach from inside a SOC than from anywhere else.
A Six-Month Roadmap to Your First SOC Role
Most people don’t need more advice — they need a concrete plan. Here’s a realistic six-month roadmap that takes you from interested beginner to job-ready analyst.
| Month | Focus Area | Key Milestones & Goals |
|---|---|---|
| Month 1 | Foundations | Master networking fundamentals (IP addressing, DNS, DHCP, ports, and protocols). Get comfortable using the Linux command line and navigating Windows administrative logs. |
| Month 2 | Security Basics | Study key attack vectors (ransomware, phishing, brute force) and learning frameworks like the MITRE ATT&CK matrix. Begin preparing for the CompTIA Security+ exam. |
| Month 3 | SIEM Mastery | Choose your SIEM platform (Wazuh, Elastic, or Splunk). Set up your virtualization host and learn how to run basic queries and view dashboards. |
| Month 4 | Active Defense | Expand your lab. Use tools like Atomic Red Team to simulate attacks, locate the corresponding logs, and build custom correlation rules to detect them. |
| Month 5 | Incident Response | Learn the stages of incident response and investigate basic malware behaviors. Build scripts in Python or PowerShell to parse logs. Attempt the CySA+ or a similar exam. |
| Month 6 | Portfolio & Prep | Polish your resume, link your GitHub repository, and update your LinkedIn profile. Start actively applying for entry-level analyst roles and MSSP positions. |
Conclusion: Your SOC Career Awaits
Cybersecurity is not a field where you arrive fully formed. Everyone starts somewhere — most often by setting up a lab that breaks constantly, taking a certification they’re not sure about, or writing a detection rule that doesn’t work the first time. That’s exactly how it’s supposed to go.
What separates the people who break in from those who don’t is usually not raw talent — it’s consistent, deliberate practice over a sustained period. Build the lab. Simulate the attacks. Write the detections. Document what you learn. Do that for six months and you’ll be more prepared than the majority of people applying for entry-level analyst roles.
The demand for defenders in 2026 is real, and it’s not going away. If anything, the talent gap is growing. Now is a genuinely good time to enter this field.
Explore the rest of the blog for more cybersecurity career guidance. Reach out if you’re looking for mentorship or if you’d like to discuss how we can help strengthen your organization’s security posture.
