I hold a BS and MS degrees in law, and practice it for ~6 years, 2 out of which I also do asset tracing and investigations using OSINT techniques. However, besides OSINT part, I have never felt that law is my thing in terms of personal satisfaction.
Since my early years I’ve been interested in computers, networks, cyber security and corresponding cyber crime issues, and later in life – incident response and cyber crisis management, as well as everything related to cyber security in general, including reading blogs of CS experts, and cyber culture in a broader sense. Even though I’ve tried to bring more cybersecurity into my legal career (as part of my master studies I wrote a thesis, researching issues of legal attribution of state-sponsored cyber-attacks, which I really enjoyed), it actually feels that I only walk around the topic I like, without getting my hands on the technical side of CS.
During COVID I started to seriously consider making a move from law to ‘real’ cyber security, where my legal/consulting skills could also be of good use at a later career stage. So I think about joining a 6 month full-time ‘SOC analyst’ bootcamp (4 month education + 2 months internship at SOC). Here is the syllabus they gave me, which I believe must be standard for CS bootcamps.
1. SQL injection
The hacker mindset Kali Linux
Brute Force attacks (inc. dictionary attacks)
2. SEIM (security Information & Event Management) & IR (Incident Response)
SOC simulation exercises
Working with DBs (SQL & NoSQL) DevOps
Windows API, Win32, and windows subsystem model
Debuggers and Sysinternal tools
Intro to Linux & Distributions
After the bootcamp I plan to get a job as a SOC Analyst, moving to IR and Threat Intelligence. In simple words, I wish to help clients to defend against cyber attacks, build resilient systems and manage cyber incidents.
My questions are:
1. Is it possible to learn topics advertised topics mentioned in the syllabus sufficiently enough during 6 month period to be able to jump into the CS field (like SOC analyst) without a technical degree?
2. The program costs about USD 5k (plus the money I won’t be earning, which is much higher). Do you think getting certain certs instead would be better investment – If yes, why, what certs (besides Security+) and in which order you’d recommend taking?
3. If I won’t be able to make a swith to a pure technical job, in what CS positions/companies my legal/consulting and technical skills could be valuable?
4. Any general piece of advice would be really appreciated