🎯 Goal

Convert ongoing cybersecurity study into a structured execution system aimed at SOC employment.

Instead of simply continuing technical study, the objective today was to expand and refine my roadmap so that learning, portfolio building, and job applications progress together.

The focus was building a plan that includes:

  • technical development
  • investigation practice
  • interview preparation
  • job application strategy

🛠️ What I Did

Today was primarily a planning and system-design session, focused on structuring the next phase of my cybersecurity learning path.

The original 90-day plan was expanded to include additional areas necessary for SOC readiness.

Key areas added to the roadmap include:

Identity and Authentication Investigation

Understanding authentication events from a defender perspective:

  • domain vs local authentication
  • Kerberos vs NTLM behavior
  • service account activity
  • login anomaly triage

These areas are important because identity events often represent the earliest indicators of compromise.

Email and Identity Alert Triage

Planned structured exercises around common SOC scenarios such as:

  • phishing investigation workflows
  • suspicious login alerts
  • repeated authentication failures
  • MFA fatigue attempts
  • identity alert scoping

The emphasis is on learning how analysts validate alerts and determine scope.

Correlation and Investigation Scoping

Security incidents rarely involve a single signal.

The roadmap now includes exercises designed to correlate:

  • authentication events
  • endpoint processes
  • DNS/network activity
  • user behavior patterns

This approach builds the ability to determine whether activity represents:

  • a single isolated event
  • a compromised host
  • or a broader incident.

Cloud Identity Security Awareness

Modern SOC environments rely heavily on cloud identity platforms.

The roadmap now includes foundational exposure to:

  • suspicious sign-in detection
  • identity anomaly alerts
  • cloud authentication telemetry
  • identity-based investigation workflows

Operational SOC Skills

Technical knowledge alone is not sufficient for SOC work.

The updated roadmap now includes exercises to build:

  • queue management discipline
  • triage prioritization
  • documentation clarity
  • case closure consistency

These skills are necessary for working effectively in a real SOC environment.

Interview and Hiring Preparation

Another major addition to the roadmap was structured preparation for the hiring process.

This includes:

  • mock interview practice
  • take-home challenge simulations
  • technical answer refinement
  • behavioral interview preparation

Preparing for interviews is treated as a skill that requires deliberate practice.

Job Application Workflow

To avoid delaying applications indefinitely, the roadmap includes a simple job-search workflow:

  • application batching
  • follow-up tracking
  • role scoring
  • response analysis

This helps ensure that learning continues while actively pursuing employment opportunities.

🔗 Key Cybersecurity Connections

Even though today was planning-focused, it directly supports technical growth.

A structured plan ensures that learning targets the areas most relevant to SOC roles, including:

  • identity-based investigations
  • authentication anomaly detection
  • log correlation
  • alert triage
  • incident scoping

Without this structure, it is easy to drift into studying interesting topics that do not significantly improve employability.

⚠️ Challenges

Scope expansion

The roadmap expanded significantly as it now includes:

  • technical study
  • investigation labs
  • portfolio development
  • interview preparation
  • job applications

Balancing these areas without creating unrealistic schedules required careful planning.

Maintaining realistic pacing

Some topics require slower, step-by-step learning.

The plan was adjusted to account for realistic study speed and the need for hands-on practice.

Avoiding over-planning

There is always a risk of refining plans indefinitely instead of executing them.

The roadmap is intended as a guide for action, not a perfect system.

🧠 What I Learned

  • A strong cybersecurity learning path should function as a performance system, not just a topic list.
  • Real SOC preparation requires both technical knowledge and operational discipline.
  • Interview performance and take-home exercises are skills that improve through practice.
  • Maintaining a balance between learning and job applications is important.

⏭️ Next Steps

  • Begin executing the next technical block of the roadmap.
  • Maintain at least one hands-on technical exercise per day.
  • Continue documenting learning in daily blog posts.
  • Track job application progress alongside technical development.

💭 Reflection

Today focused on building the structure needed to sustain long-term progress.

Rather than studying topics randomly, the goal now is to follow a roadmap that continuously develops:

  • investigation skills
  • technical understanding
  • portfolio evidence
  • interview readiness

This structure should make the transition from learning to employment more achievable.

🧩 Lessons Learned

What worked

  • organizing learning around real SOC responsibilities
  • integrating technical practice with interview preparation
  • designing a roadmap that includes both study and job search activity

What broke

  • initial attempts produced an overly complex plan

Why it broke

  • trying to optimize too many areas simultaneously

Fix / takeaway

Treat the roadmap as a working system, adjusting it gradually while continuing to execute daily technical practice.

📈 Skill Progression Context

Earlier work focused on building technical foundations such as:

  • Linux command-line usage
  • shell pipelines
  • log analysis
  • networking fundamentals
  • endpoint process investigation

This planning session connects those foundations to real SOC responsibilities and hiring outcomes, ensuring future study continues to move toward practical analyst capabilities.