will75g/soc-day20-soc-interview-preparation

★ 3Audience · generalComplexity · 1/5ActiveSetup · easy

Mindmap

mindmap
  root((soc-interview-prep))
    Inputs
      Candidate study time
      Reader notes
    Outputs
      Technical question bank
      Quick fire definitions
      Incident response scenarios
      Three week study plan
    Use Cases
      Prep for a SOC Tier 1 interview
      Drill MITRE ATT&CK responses
      Run mock interviews
    Tech Stack
      Markdown

mindmap root((soc-interview-prep)) Inputs Candidate study time Reader notes Outputs Technical question bank Quick fire definitions Incident response scenarios Three week study plan Use Cases Prep for a SOC Tier 1 interview Drill MITRE ATT&CK responses Run mock interviews Tech Stack Markdown

Things people build with this

USE CASE 1

Prep for a Tier 1 or Tier 2 SOC analyst interview

USE CASE 2

Drill incident response answers for SSH brute force, phishing, and ransomware alerts

USE CASE 3

Memorize 15 quick-fire security definitions every SOC analyst should know

USE CASE 4

Follow a three week SOC interview study plan with mock sessions

Tech stack

Markdown

Getting it running

Difficulty · easy Time to first run · 5min

In plain English

This repo is a study guide for people preparing for SOC analyst job interviews, where SOC stands for Security Operations Center and the role involves monitoring an organisation for cyber attacks. It is aimed at Tier 1 and Tier 2 candidates, meaning entry to mid level positions. The author put it together as Day 20 of a longer 28 day series of portfolio projects. The guide has two main pieces. The first is a bank of 16 technical questions with full answers, grouped into six categories: networking basics like the OSI model and TCP versus UDP, security fundamentals like the CIA triad, SOC operations such as SIEM versus EDR tools, hands on tools like Splunk and Wireshark, threat intelligence including the MITRE ATT&CK framework, and malware topics like viruses, worms, trojans, and man in the middle attacks. There is also a Quick Fire round of 15 short definitions the author says every analyst must know cold. The second piece is a set of five incident response scenarios with model answers. Each scenario walks through a different kind of alert: an SSH brute force login, a phishing email with an attachment, a ransomware outbreak encrypting many files, a suspicious PowerShell command spawned from a Word document, and an impossible travel sign in that suggests stolen credentials. Each one is tagged with the relevant MITRE ATT&CK technique IDs, which is the industry standard catalogue of attacker behaviours. The README also lays out a three week study plan: week one for the technical questions, week two for working through the scenarios, week three for mock interviews with a friend, and a final review the day before. The author argues that the deciding factor in interviews is not how much you know but how clearly you can explain it under pressure, and that practicing answers out loud is what converts knowledge into performance. The repository itself is small, just a README and two markdown files holding the questions and scenarios. It has only a few stars at the time of writing, suggesting it is a personal study resource rather than a community project, though the content is detailed enough to be useful to anyone preparing for the same type of role.

Copy-paste prompts

Prompt 1

Quiz me on the 16 SOC technical questions one at a time and rate my answers

Prompt 2

Walk me through the model answer for the impossible travel sign-in scenario and its MITRE ATT&CK tags

Prompt 3

Help me build a three week study plan based on this repo for a SOC Tier 1 interview

Prompt 4

Explain SIEM versus EDR the way this guide presents it for an interview answer

Prompt 5

Generate a new incident response scenario in the same format as the five in this repo

Open on GitHub → Explain another repo

Generated 2026-05-22 · Model: sonnet-4-6 · Verify against the repo before relying on details.