Is SOC an IR, or IR is SOC?

Posted by Mike Art Rebultan, 11-08-2017

IT professionals who are aiming to shift career in the field of security {IT, Information, or Cyber}, does not know the difference of Security Operations Center (SOC) Analyst to an Incident Responder (IR). 

Some say they are the same as somehow they provide incident response support when analysis confirms the actionable incident. Below table would merely identify the main differences between the two security professions.

SOC analyst requires minimum experience and even fresh IT graduates are welcome to join. This is the entry level in IT security while IR must have at least 3 years working in the IT security field.


One distinctive difference of an IR is being “proactive”. Hunting hunters. Either they prevent the attack from any source or they are consistently looking for a possible breached to lessen the dwell time. Sometimes they both play as a purple team; in between the red and the blue team.






To all who are aspiring to become either SOC or IR, is understand the Advanced Persistent Threat (APT) by knowing the Cyber Kill Chain and tools, techniques, and procedures (TTP’s). Study networking, systems administration on both Windows and Linux, and know basic programming or scripting; these are the main recipes of an efficient IT security professional. Adding passion and a positive attitude would be perfect.




Proficiency Certification


For some company, they prefer candidate that possesses certification as a gauge of proficiency on the job that they are applying for. But remember that this is an investment with expiration as you need to renew the certification every 3 to 5 years at least as the version is changing.


Some preferred a candidate with both experience and master degree in the field of IT as the discipline is different. This investment is a lifetime achievement and never expires.




About the Author

14 years as an IT professional with Master’s degree in Information Technology, certified ethical hacker, certified security analyst, and certified cybercrime investigator.