I built a SOC Analyst home lab roadmap to become job-ready — what would you add or remove?
I’m trying to break into cybersecurity/SOC analyst roles, and instead of only studying certs, I started building a full hands-on SOC/security analyst home lab roadmap.
I wanted to create something that helps me actually practice the work instead of just watching videos or memorizing definitions.
Here’s the roadmap/site I’ve been building:
https://mmajeed7864.github.io/soclab/
So far, the lab includes things like:
\\- Elastic SIEM
\\- Kibana dashboards
\\- Fleet Server / Elastic Agent
\\- Sysmon
\\- Suricata IDS
\\- Wazuh XDR
\\- Windows 10 victim endpoint
\\- File Integrity Monitoring
\\- Security Configuration Assessment
\\- Vulnerability Detection
\\- Account creation / admin group change alerts
\\- SOC-style investigations and ticket writing
\\- MITRE ATT&CK mapping
\\- Splunk basics
\\- Cloud/Sentinel/Defender sections later in the roadmap
The goal is to use this roadmap to prepare for:
\\- SOC Analyst L1
\\- Junior Security Analyst
\\- Cybersecurity Analyst
\\- Eventually SOC L2 foundations
I’m not claiming this replaces real experience, but I’m trying to build the closest thing I can at home: generate logs, detect activity, investigate alerts, document findings, and explain what happened.
For people already working in SOC/security:
- Is this roadmap realistic for preparing for SOC L1 or junior analyst roles?
- What would you remove because it’s unnecessary?
- What would you add that hiring managers actually care about?
- Am I overbuilding this, or is this the right direction?
I’m looking for honest criticism, not just encouragement. If something is missing or unrealistic, I’d rather know now while I’m still building it.