My thoughts on free SOC training (and how I’m gearing up for Singtel’s MSSP SOC)

Introduction: What Is a SOC and Why Does It Matter

A Security Operations Centre (SOC) is the nerve center of an organization’s cybersecurity defense. Picture a 24/7 command room where analysts watch dashboards of network traffic, hunt for intrusions, and respond to incidents in real time. A SOC’s mission is simple: to detect, analyze, respond, and recover from threats before they cause damage.

At its core, a SOC functions like this:

1. Monitoring: Logs and alerts flow into a central Security Information and Event Management (SIEM) platform from firewalls, servers, endpoints, and cloud services.

2. Triage & Investigation: Analysts (Tier 1 & 2) review alerts, enrich them with threat intelligence, and separate false positives from real attacks.

3. Response & Escalation: Confirmed incidents are assigned to Incident Response (IR) or Threat Hunting teams, which contain and remediate them.

4. Continuous Improvement: Engineers tune detection rules, create playbooks, and feed lessons back into the system.

   
   

Types of SOCs

• Internal SOC: Built and operated by a single organisation to protect its own assets.

• Managed SOC / MSSP SOC: A Managed Security Service Provider (like Singtel) protects multiple client organizations. These SOCs offer 24/7 monitoring under strict service-level agreements.

• Hybrid SOC: Combines in-house staff with an external MSSP for extended coverage.

• Virtual/Cloud SOC: Fully cloud-based with distributed teams and no physical command centre.

  
  

SOC Work Structure and Roles

• Tier 1 Analyst: First line of defense, monitor dashboards, triage alerts. Usually shift-based.

• Tier 2 Analyst / Incident Responder: Deep investigations, malware analysis, and coordination with clients.

• Threat Hunter / CTI Analyst: Proactively searches for hidden adversaries.

• SOC Engineers & SIEM Specialists: Build detections, automate response workflows.

• SOC Manager: Oversees operations, reporting, and client communication.

Shift Patterns:In an MSSP SOC, Tier 1 and often Tier 2 roles typically run 24/7 coverage, commonly 12-hour or 8-hour shifts. Engineers, managers, and intel analysts usually keep business hours with on-call duty.

My Next Step: Joining Singtel’s MSSP SOC

I’m about to join Singtel’s Managed Security Service Provider (MSSP) SOC. It’s one of Singapore’s largest SOCs, defending multiple client networks at scale.

I’d be lying if I said I wasn’t nervous. A 12-hour rotation and a long commute will test my stamina. But I’m excited to work with advanced tools like Splunk, QRadar, and Microsoft Sentinel while learning from seasoned analysts. This is where theory meets reality.

Pre-SOC Analyst Training

Here are standout free training resources I recommend for anyone considering a SOC career:

The Cyber Mentor (TCM) SOC 101, End-to-end SOC analyst skills (12 hours of hands-on YouTube labs)

Microsoft Student SOC Toolkit, Microsoft SIEM & XDR tools (3-hour interactive incident simulations)

Cisco Academy — Junior Security Analyst Path, Tier-1 SOC fundamentals (120-hour guided curriculum + CCST prep)

How These Trainings Fit into a SOC Career

These resources teach you how to:

• Monitor SIEM dashboards and triage alerts

• Investigate incidents with log correlation and threat intel

• Escalate findings with clear documentation

• Build a personal lab to practice detection and response

  
  

I combined TCM’s SOC 101 for depth, Cisco’s Junior Analyst path for structure, and Let's Defend for hands-on triage practice, skills directly transferable to Singtel’s MSSP environment.

Final Thoughts

Starting a SOC career can be intimidating. Free, high-quality training puts the goal within reach for students, professionals, and anyone curious about cybersecurity. As I step into Singtel’s round-the-clock SOC, I’ll carry these lessons with me, ready to monitor, investigate, and protect.