Sean Pham: Learning the Art of Cybersecurity Investigation in the SOC

Meet Sean Pham

Sean Pham is a first-generation college student at LSU majoring in Computer Science with a Software Engineering concentration, graduating in May 2026. During his time in the Security Operations Center (SOC), Sean has spent 13 months developing his investigative and cybersecurity skills.

Throughout his SOC experience, Sean has addressed 500+ security events, identified 3 true positives, and maintained an average audit score of 3.8/4. He is currently pursuing CompTIA Security+ and the Splunk Core Certified Power User certification to further strengthen his technical expertise.

For Sean, working in the SOC is more than just analyzing alerts—it’s about continuous learning, improving investigative techniques, and building the skills needed to defend real-world environments.

Discovering a Passion for Cybersecurity

Sean’s path to cybersecurity was not a traditional one. When he first enrolled at LSU, he started as a Kinesiology major. During his early core classes, he began to question whether that path was the right long-term fit.

Through conversations with roommates and friends, Sean was introduced to cybersecurity and coding. After taking introductory courses and gaining hands-on experience in the SOC, he realized he genuinely enjoyed the technical and investigative nature of the field.

The transition allowed him to combine analytical thinking with problem-solving—skills that quickly became a natural fit for him.

Memorable SOC Experience

One of Sean’s most memorable experiences in the SOC involved a recent escalation within the NYC SOAR environment. While investigating a potential scanning alert, he worked through new dashboards he had not used before, including the Scanning and Enumeration dashboard and the IPQualityScore Enrichment dashboard.

The investigation required careful analysis before escalating the ticket to the customer. What made the experience stand out was not just solving the alert, but successfully navigating unfamiliar tools and receiving positive feedback from senior analysts.

For Sean, this moment represented clear progress in his SOC journey—demonstrating that his investigative skills and confidence were continuing to grow.

What He Enjoys Most

Sean enjoys the variety that comes with working in the SOC. Each customer environment generates different alerts, which means analysts are constantly encountering new scenarios and investigative challenges.

This diversity of tickets keeps the work engaging and provides ongoing opportunities to expand knowledge across multiple tools and detection methods. He values the ability to continuously learn while strengthening his analytical mindset.

Skills Learned in the SOC

During his time in the SOC, Sean has developed both technical and collaboration skills that are essential for cybersecurity operations:

  • Working with security platforms such as Splunk, CrowdStrike, and Abnormal
  • Collaborating and communicating clearly with teammates during investigations
  • Analyzing and correlating data across multiple security tools
  • Conducting quick and effective investigations on potential security incidents

These experiences have helped him build a strong foundation in security monitoring and incident investigation.

Looking Ahead

After graduating in May 2026, Sean hopes to begin his career as a SOC Analyst or Cybersecurity Analyst. His ideal role would be remote and on a day shift, though he remains open to relocation for the right opportunity.

He plans to be available for full-time work starting in June 2026, with flexibility to work morning or evening shifts if needed.

With practical SOC experience and upcoming certifications, Sean is preparing to take the next step into a full-time cybersecurity role.

Advice to Future Students

Sean encourages students interested in cybersecurity to focus on consistency and continuous learning. He believes improvement comes from actively working through investigations, learning from past tickets, and applying those lessons to future cases.

“Be consistent and always be willing to learn,” Sean says. “Improving at anything comes from putting in the effort, learning from previous tickets, applying those same skills to your own investigations, and continuously looking for opportunities to grow.”

Every cybersecurity professional begins somewhere. For Sean, it started with curiosity, hands-on learning, and the opportunity to investigate real security events in the SOC.

If you’re ready to gain real-world experience, sharpen your investigative skills, and prepare for a career in cybersecurity, TekStream’s Workforce Development Program can help you take that first step.

Explore how you can start your cybersecurity journey today.