Join our CEO – Eliza-May Austin, a seasoned leader with extensive experience in the field – as she dives into some of the most challenging topics in cyber security. Unlike many books written by authors who simply enjoy writing, Eliza brings her real-world expertise and senior leadership perspective to the table, providing honest and insightful reviews of the texts she has tackled.
In Eliza’s Cyber Security Book Club, you’ll gain valuable perspectives from a true practitioner and leader. So grab a cuppa, get ready to explore cyber security like never before, and embark on a journey through the most critical issues in the field.
"Effective Threat Investigation For SOC Analysts" by Mostafa Yahia
“Effective Threat Investigation for SOC Analysts” offers a practical guide for cyber security professionals, particularly those working in Security Operations Centers (SOCs). The book focuses on enhancing threat investigation techniques and leveraging a variety of tools to detect and respond to cyber threats effectively.
Understandably, it’s very focused on its SOC analyst readership. It does a good job of delivering on wider concepts such as origins (particularly email), and spends a decent chunk of time discussing lateral movement. Both focus points are great for a SOC analyst. However, the focus is on Windows, so this isn’t the book for you if you’re a SOC analyst defending a Linux-heavy environment or an organisation heavily reliant on cloud infrastructures or IaaS. If your focus is Windows, this is a great book to use as a reference material.
For senior and well-seasoned security analysts, “Effective Threat Investigation for SOC Analysts” won’t move the earth for you. While the book is valuable for entry-level to mid-level SOC analysts, it may not offer enough depth for seasoned professionals. Many of the techniques and concepts covered are relatively basic, and experienced analysts may find the material too introductory and lacking in advanced investigative techniques or cutting-edge methodologies.
When comparing my thoughts on this book with members of my team, there was some feedback about the restrictive nature of the toolsets spoken about in the book. I’d argue though that it does relay the concepts well, and the reader should aim to look past tools and apply the logic around them to any toolset they happen to be using.
Rating "Effective Threat Investigation For SOC Analysts"
So on a scale of 1 to 5, what do I rate this book?
A well-rounded 3/5 for its purpose of being reference material for SOC analysts.
This book will appeal and add value to a number of readers. I’d say if you’re running a SOC in a Windows-heavy organisation and want something to act as a guide to what junior and mid-tier SOC analysts should be familiar with, this book could be a great addition to your library. Similarly, as a SOC analyst, this book breaks down common and often complex concepts really well; the author did a great job in focusing the book on what common things matter in common environments.
Technical rating: 3/5
Experience rating: 2/5
Seniority required: 1/5
Get your own copy!
Find out if you agree with Eliza’s assessment; pick up a copy from Amazon. Please note, we don’t make any commission through this link!
COMING UP NEXT WEEK…
“Black Hat Python, Python Programming for Hackers and Pentesters” by Justin Seitz.
