Our next edition of “Sitdown with a SOC Star” catches up with Adva Harosh, SOC manager at First Quality, a Long Island, N.Y.-based manufacturer of consumer hygiene products. Adva discusses her love for spreadsheets, why no podcast or book can match the value of a strong peer group, hijinx at the expense of her mom, and the story of a routine-looking threat that she just had to pursue further. Enjoy the Q&A!

1) Hi Adva! Tell us about where you work, what you do there and the role security operations play there.

I work as a SOC manager at First Quality. It is one of the most exciting, interesting and challenging experiences I’ve ever had. Security operations play an important role in keeping the company networks secured and utilize some of the most innovative and top-of-the-line security applications out there. We work on detection, mitigation and prevention of threats across the organization, on various aspects. 

2) Describe your career path and what propelled you to want to work in security operations?

I started working in security operations, like all good things, by chance! Following a friend’s recommendation, I applied to work as a Tier 1 analyst for a one-of-a-kind project. During my interviews, I had very little knowledge in the field, but with a positive attitude and perseverance I was accepted – and I haven’t stopped learning ever since. I found security to be my hidden passion, so I advanced to managing the training program for new analysts and later became a Tier 2 analyst at a technology company until I found a home in First Quality. 

3) Which threat that comes into the SOC worries you the most/keeps you up at night?

You must mean “threats” plural. With the recent developments and changes happening in the world, everything now looks more suspicious and concerning than before. We prioritize our tasks constantly to try and keep up with the rapid shifts in atmosphere.

4) What’s one piece of advice you’d give for someone considering a career in the SOC?

Learn the basics before you start “hacking” your way in. In my opinion, familiarity with network concepts, IT infrastructure, applications and operating systems is imperative to working in security operations. In my experience, to understand attacks on the network, you need to know how the network operates on a regular basis, and based on that, start looking for the anomalies. 

5) You have a great interest in electrical engineering. Other than likely being the go-to for literally keeping the lights on in the SOC, does having a knowledge of electrical control systems help you in security operations? If yes, how so?

As part of my studies of electrical and computers engineering, I worked a lot with “low-level” programming languages such as C and assembly. Having that understanding has helped me understand scripts written in almost any language and develop a logical and methodological thinking. But more importantly, I think the most important skill I got from my studies is to face challenges and to not give up.

I think the most important skill I got from my studies is to face challenges and to not give up.

6) What’s the No. 1 thing SOCs can do to improve their maturity?

I’m a big fan of organization, so to me the No. 1 thing is methodologies and documentation. If you have it written down, you reduce the chance of making a mistake. This organizes your thoughts, and it’s a lot easier to explain complex concepts when they’re laid out in a document, presentation or, my all-time favorite, a spreadsheet. 

7) What is the most interesting thing you’ve learned (or learned about yourself) since the coronavirus pandemic began? It doesn’t have to be related to security.

That I don’t need as much sleep as I thought I did ;). Just kidding! I think I learned that in security operations you should never feel too confident. Things change so rapidly that there is always something new to look out for. And to stop waiting for opportunities to come to make something happen, because you never know when the next quarantine will start. 

8) What’s your proudest professional accomplishment? 

I think it’s every SOC member’s wish to catch a threat and save the proverbial day. A while back, I investigated an incident that at first glance didn’t look like much. Some might say intuition, others might say experience, but nevertheless it caught my attention and I decided to dig into it. I came across one of the most dangerous threats I’ve ever seen. With great teams working together we handled the threat on time, before it had any serious impact. Sending the complete investigation report was very satisfying, to say the least.

Some might say intuition, others might say experience, but nevertheless it caught my attention and I decided to dig into it.

9) Which SOC metric do you think is most underappreciated/underrated? And which is the most overrated?

I never understood the desire to see how many alerts are starting in a period of time. You can have a lot that are just noisy, or a few that are right on point. I think the question should be: How many of the company’s resources are you monitoring and, out of the existing alerts, what percentage are true positives? 

10) What books, blogs or podcasts have you read that have helped you advance your security operations skills and career? 

As a matter of fact, the one thing that helped me advance my skills and my career was people. I was fortunate enough to be surrounded by incredibly experienced professionals, each at their own field. I took every chance I got to ask questions, learn and make connections, and I still continue doing it whenever and wherever I can. 

11) Given that you work in cybersecurity, what’s the funniest or most memorable help request you’ve gotten from a friend or family member?

My mom asked me to look at this “weird location notification” she keeps seeing on her phone. I opened the maps application and decided to have a little fun of my own 😀. I started naming places she’s been in certain dates, and my mom was sure some hacker was tracing her every move, when in fact she just checked the box to save locations and get suggestions. I had a good laugh. My mom, not so much. But it was still worth it.

12) What value does security automation and orchestration (SOAR technology) bring to security operations?

Huge! Having a SOAR in the SOC has helped our team to clarify investigation stages, trends and escalation resources. Utilizing automation capabilities had a dramatic impact by enriching case data, updating case severity and performing immediate containment and eradication actions – all within minutes after the case was triggered. 

Having a SOAR in the SOC has helped our team to clarify investigation stages, trends and escalation resources.

13) What is your philosophy on how a SecOps team should be built out?

I think it all comes down to the people on your team. When you have a supportive group of invested individuals, I think it’s best to set some part of the role to be the same for all, but to make sure each team member can find their own path and interests. Especially in security operations, where there is always something new to consider, I find it imperative to have different opinions, views and goals to allow the team as a whole to grow and improve.

You can connect with Adva on LinkedIn here.

Are you or somoene you know a SOC star with lots of insights to share and who is deserving of recognition? We’re always looking for new candidates. Email Siemplify Content Director Dan Kaplan.