- Career vs. Job
- Developing Job Roles
- SOC Job Roles
- NICE Cybersecurity Workforce Framework
- Role Tiers
- SOC Services and Associated Job Roles
- Soft Skills
- Security Clearance Requirements
- Onboarding Employees
- Managing People
- Job Retention
- Evaluating Training Providers
- Company Culture
An IT certification validates that the certified professional has competency in a specific aspect of technology. Each certification program has its own method to validate a candidate’s skills, which range from combinations of test takers answering multiple-choice questions to performing hands-on exercises. After a candidate’s skills are validated through a program’s assessment process, the program issues a certificate signifying the person met the program’s requirements and the specific date on which the certificate was issued. Many programs require a recertification assessment within a certain period of time after initial certification. Recertification requirements vary from program to program and can involve either performing the same skills required for the initial certification, using a condensed version of the testing system, or just paying a fee, typically used to fund a membership program. Do not assume that a certification validates a person’s current skill level; take into consideration when the individual was certified, what was involved to get certified, and how often recertification occurs. The best approach to validate any skill is to have the person perform that skill in your own real-world scenario.
One common challenge I hear from SOC managers is determining which certification is the best option for their employees. My advice is to consider aligning the purpose for a certification program with the SOC position looking to get certified. Certain certifications and training are designed for specific job roles. For example, the CompTIA CySA+ is designed for a cybersecurity analyst, while the EC-Council Certified Penetration Tester is obviously targeting the penetration testing market. I included suggested certifications for each job role related to SOC work earlier in this chapter.