Analysis updated 2026-05-18
Follow a structured path from IT fundamentals to SOC analyst skills
Find certification recommendations at beginner, intermediate, and advanced levels
Practice detecting incidents like impossible travel or brute-force attacks using free labs
Learn to automate repetitive SOC tasks with Python
| nabeel323/soc-roadmap | 5p00kyy/club-5060ti | aaravkashyap12/advise-project-approach | |
|---|---|---|---|
| Stars | 23 | 23 | 23 |
| Language | — | Shell | Python |
| Setup difficulty | easy | hard | easy |
| Complexity | 1/5 | 3/5 | 2/5 |
| Audience | general | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
It is a reference document, not runnable software, so there is nothing to install.
This repository is a structured learning roadmap for becoming a SOC Analyst, that stands for Security Operations Center Analyst, the person at a company whose job is to monitor systems for cyberattacks and respond when something goes wrong. The roadmap is organized into eight phases that build on each other. It starts with IT foundations like networking and operating systems, then moves into security concepts, then SIEM (Security Information and Event Management, software that collects and analyzes security logs from across an organization), then hands-on investigation techniques, cloud security, threat hunting, building your own detection rules, and finally automating repetitive SOC tasks with Python. Each phase lists what to learn, which tools to practice with, and what kinds of incidents to investigate, for example, detecting impossible travel (when an account logs in from two countries within minutes), brute-force password attacks, or stolen authentication tokens. The roadmap also recommends specific certification paths from beginner (like CompTIA Security+) through intermediate and advanced levels, and points to free practice labs like TryHackMe and LetsDefend. The repository itself is a reference document, a collection of organized notes and learning directions, rather than runnable software. It is aimed at beginners entering cybersecurity and working analysts looking to fill gaps. The creator notes future additions will include detection rule templates, cheat sheets, and interview questions.
An eight phase learning roadmap for becoming a Security Operations Center analyst, from IT basics to automation.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly general.
This repo across BitVibe Labs
Verify against the repo before relying on details.