let me start this video with a story let's imagine a worse situation for a company a professional hacker got access to a banking Network he got access to all the data he then downloaded all the files to his own command and control center server and finally he sells all the data on the dark web now let's talk about a good situation for the same company the same hacker delivers the malware inside the banking network using a phishing technique and now he is at the last stage of his hacking malware tries to establish the connection but get failed again and again and again mission is failed for the hacker this was possible because there was someone who detected the malware and destroyed the malicious connection at the right time that guy was shocking us sock analyst works in the security operations center they are forced to respond any kind of cyber threats watch this video till the end because I'm going to talk about 10 must-have skills for shock analyst and if you are new to this Channel Please Subscribe as this will help us grow each skill that I'm going to talk about will have two components first the concept and second tools or the actions number one cyber security fundamentals this is the most important skill not just for stock analysis but in fact for any cyber security rules let's talk about the concept you should know about CIA trial which consists of confidentiality Integrity availability concepts of information security OSI model TCP and its packet header you should also know about some important protocols such as HTTP or https learn about HTTP methods and Response Code next DNS learn about how DNS works and its different records next FTP learn about active FTP and passive FTP there are some more protocols you should know about learn about cryptography learn about encryption hashing or public key infrastructure learn about types of cyber attacks such as malware's denial of service attacks web-based attacks phishing attacks and many more let's talk about some tools you can use used to practice or to learn about cyber security fundamentals the most simplest thing you can do is open your command prompt and try using some commands such as ipconfig ping you can use the trace route you can use the next ad and some more commands you should also check out MX toolbox this will help you to understand how DNS works and some more features number two operating systems you should be comfortable with two most popular operating system not Mac OS I'm talking about Windows and Linux let's talk about the concepts learn about the directories network settings file editor file systems let's talk about some tools you can start with virtualbox and create virtual machines and then you can actually change some of the parameters such as network setting from bridge mode to host only mode next you can use the Kali Linux you can play with file permission wherein you can try changing the file permission by using CH mode try changing the network settings from dscp to static or maybe to any other IP address try getting Hands-On with some file editors such as Nano G edit or VI editor number three is network security it is very important to understand how parameter security and first line of defense really works let's talk about the concepts firewalls learn about firewalls such as stateful firewalls web application firewalls and next-gen firewalls learn about IDs that's intrusion detection system IDs monitors the network traffic for suspicious activity and alert the admin IPS that's intrusion prevention system like IDs it also monitors the traffic but it also takes the preventive action against the suspicious activity let's talk about the tools first commercial firewalls these are checkpoints Cisco Isa Polo Alto 49 out of this you can directly get the trial license of the checkpoint firewall from their official website next open source firewall you can download PF sense software and deploy in your what virtual environment you should try security onion it has built-in IDs and IPS tools such as surikata and Zeke you should also try smart it's a network IDs number four is vulnerability management vulnerability management is the process of identifying evaluating treating and Reporting security vulnerabilities let's talk about the concepts you need to perform vulnerability scanning this involves scanning infrastructure that has routers such as servers firewalls web application and many more next you need to know about vulnerability assessment vulnerability scanner will provide you risk ratings such as cbs's score you need to perform a risk assessment based on as the small ability a false positive could someone directly exploit this vulnerability from the internet how difficult is it to exploit this vulnerability and some more questions prioritize and address the vulnerabilities based on the risk assessment you need to decide treatment such as remedy creation where you can ask the system admin to perform their full patch management next mitigation it can be kind of a workaround solution next you have acceptance where you take no action to fix the vulnerability don't worry it is decided based on multiple factors finally continuous vulnerability management where you proactively perform the vulnerability management let's talk about the tools first is nmap it's very popular it's open source and it's used for Network scanning then you have openbas or gvm there are some commercial tools as well such as cleanable coales or rapid seller all right number is the process of managing cyber attacks to minimize the damage minimize the recovery time minimize the total cost and finally control the damage to the brand reputation insulin response enables the organization to prepare for known and unknown attacks immediately identify the security incidence and establishes the best practices to block intrusions before they cause damage let's talk about the concepts as a stock analysis you should know about the incident response process number one early detection and this Sim platform alerts the incident Response Team step number two analysis analyst review the alerts they identify the indicator of compromise and then triage the thread number three prioritization stock analysts need to understand the impact of the incident then they prioritize the incident based on what matters the most and then finally they manage resources step number four is notification stock analyst notify the appropriate people in the organization just a note here in case of confirm preach organization need to intimate or inform to external parties as well such as customers business partners Regulators law enforcement agencies or public to be very honest the decision to inform the external parties is left to Senior Management number five is contentment and forensics stock analysis check the infected machines and isolate them from the network they usually collect the forensic data such as firewall locks proxy locks Wireshark capture Etc step number six is the recovery and this step sock analysis basically eradicate the malware from the infected system next they work on restoration part where they rebuild restore from backup and back those systems to restore normal operations this is also handled by System admin the final step is incident review I know the process was long but this is very important next concept is incident response framework there are multiple incident response Frameworks but two are very popular Nest incident response framework and Sans incident response framework the third concept you should know about is incident response Automation in this you should have a knowledge about incident response playbooks these are important scripts that the team member or Security Solutions can follow when an organization buys sword platform these playbooks comes along with it you should also know about tools integration such as slack Microsoft teams or servicenow next you should you should know about threat intelligence you should know about some popular Frameworks such as Simon kill chain or miter attack framework you should know about TTP or iuc you should also know about where to get threat intelligence Fields if you don't know about thread intelligence let me give you a brief thread intelligence is basically an evidence-based data or information about a cyber attacks now thread intelligence can be tactical it can be operational or it can be strategic if you want a separate video on thread intelligence do write me in the comment section let's talk about the tools and action you should take number one Splunk Enterprise security it's a commercial Sim tool but it also provide trial license IBM qradar it's a Sim tool and you can also have Community Edition of it next elastic it's a powerful Sim solution misp it's a powerful open source intelligence gathering platform next Wazoo it's an open source security monitoring solution you should definitely check this out next Shuffle it's an open source sword platform for security automation next ansible it's an open source infrastructure as a code solution it is also used for security automation number six is phishing analysis now phishing is cyber threat that uses social engineering now the purpose is to trick individuals into providing sensitive data such as your personal very personal data Banking and credit card details or maybe your darling one two three password just kidding and yes it's a job job of stock analyst to investigate any phishing attacks let's talk about the concepts you should know about different types of phishing attacks such as email phishing spare fishing it's similar to the email phishing attack but it's more targeted next whaling it's a phishing attack aiming to senior Executives next fishing and wishing now smashing involved criminals sending text messages and wishing involve a telephonic conversation like this next is angular fishing it's a social media based phishing attack and which is very popular now let's talk about other Concepts you should know about email header analysis URL and IP reputation check and how to do who is domain lookup let's talk about some tools the first is virus total.com it's a very popular tool used for scanning files URL IP and domain lookup next tool is mailheader.org used for scanning email headers next tool is IBM X-Force for threat intelligence Fields next tool is check fish and it's used for IP and URL lookup it also provides plugin for Outlook skill number seven is malware analysis the art of dissecting a malware and understanding how the malware Works what's the objective of the malware and finally how to eliminate the malware it's called malware analysis sock analysts should have a basic knowledge of malware analysis as in some of the mature organization there are some dedicated team for malware analysis let's talk about some Concepts to become a stock analyst you should know about types of malware you should know about static malware analysis you should also know about Dynamic malware analysis you should also know about different types of packets used to mask the malware you should also know about different sandbox environment let's talk about some popular malware analysis tools first is PE Studio it pull out any suspicious artifacts next is process monitor it records a live file system activity such as process creation and registry change next is proc dot it allows you to visualize the data from process monitor 2. next is process hacker this is a simple tool and it also help you to detect a newly created malware process next is Ida Pro it's a commercial solution but it is also a powerful debugger next is Wireshark it's a very very very popular it captures and analyze the network traffic next is any run it's a cloud-based sandbox solution number eight is digital forensics and the mature organization digital forensics and incident response is managed by a single team called DFI team as a part of digital forensic activity you will be involved in retrieving protected or encrypted data analyzing Network breaches and documenting case findings let's talk about some important Concepts you should know collecting and analyzing Network evidences such as firewall logs proxy logs netflow TCP damp packet captures Wireshark packet captures next is acquiring and analyzing host based evidences acquiring volatile and non-volatile memory or maybe system storage malware analysis Yes you heard me right malware analysis is a part of digital forensics let's talk about some important tools you should get hands on with the first one is autopsy this is very powerful digital forensic platform next is ftk manager it is used for local Acquisitions next is Wireshark yes it is very popular even in the digital for instance next is in case it's a very very popular tool but it's not free and case is also popular among the government agencies next is volatility a memory analysis tool to extract the data from Ram next tool is registering viewer a tool used to analyze the Windows registry next tool is Hash cap a tool used to calculate the file hashes alright skill number nine is security Frameworks and compliances as a security analyst you need to know about security Frameworks and compliances it is useful while creating Sim rules while coordinating with Security Management also while coordinating with the external Auditors let's talk about some important Concepts you should know about you should know about PCI DSS compliance it is applicable for the companies or the organization who either process or store credit card information or in a nutshell any financial services company HIPAA compliance applicable for U.S healthier organizations you should know about gdpr it is applicable for the organization service customers in European countries socks compliance it is applicable for U.S publicly traded companies ISO 27001 it is an international standard for information security Nest CSF it is a very very popular framework it has set of guidelines to mitigate cyber threats let's talk about tools and actions I have done many security audits to help you better I'm sharing you link of these documents you can find the links in the description below number 10 is workplace skills this is the most powerful skill that can make you unique in the crowd let's talk about the concepts you need to know about number one communication as a security analyst you may need to communicate technical Concepts to individuals without a technical background such as with Executives or with legal teams number two is teamwork you may need to collaborate with the other teams such as legal ID public relations or maybe you need to share your findings with the other organization or maybe the greater cyber security Community number three is critical thinking working in cyber security sometimes means making high stake decisions about your organization security so critical thinking is very very important let's talk about rules and actions to be very honest I can't find any specific tools for this but I have a solution I'll share you some important links and free courses to improve your workplace skills you can find the link in the description below let's summarize so these these are the 10 must-have skills for sock Analyst job do let me know how did you like the video if you have any query write me in the comment section I'll try my best to answer each one of you if you are interested to become malware analyst you can watch this video if you want to know about security analysis you can watch this video foreign