The branch that rewards a first-line background, and the exit most candidates take eighteen months later without anyone warning them it was coming.
Verdict
Security is the route most desk staff think of first and the one most misread. Of the six or seven jobs hiding inside the word, exactly one rewards a first-line background more than the others, and even that comes with a shift pattern and a burnout curve priced in. Read both before you spend £300 on the cert.
Who this is for
Who this isn't for
The word that does too much work
The SOC analyst watching the SIEM. The detection engineer writing the rules the analyst triages. The GRC analyst writing the policy. The architect designing the control. The pentester paid to break it. The incident responder cleaning up afterwards. Six jobs. Six different kinds of person. Same word on the CV.
The one that rewards a desk background more than any other is the SOC. It is also the one with the highest churn. Both of those facts matter.
Named observation
The Investigation Reflex.
The instinct to keep asking what changed when the obvious answer doesn't fit. The desk is one of the few seats in technology where you find out whether you have it. I've watched capable analysts leave after eighteen months because they didn't, and capable ones thrive in a SOC for a decade because they did.
Certs, honestly
Security Plus is table stakes for a junior SOC interview in the UK and most of EMEA. It clears the CV pile. It won't get you the job on its own. Past that, the hiring manager is looking for one thing: have you ever investigated something where the answer wasn't on page one of Google.
BTL1 and the TryHackMe SOC Analyst track punch above their cost for a first SOC role because they are practical. CISSP at this stage is the wrong cert. It is a management-track cert sat by people with five years in. Putting it on a junior CV often hurts more than it helps because the interviewer assumes the candidate doesn't understand the market.
The first SOC interview that goes badly almost always goes badly on the same question. Walk me through how you'd triage this alert. The certs do not save you there.
The cost nobody mentions
A lot of first SOC roles in the UK are 24/7. The shift premium is real. The cost is also real. Around month 18, capable analysts start looking sideways into GRC or detection engineering. Not because they hit a ceiling. Because the rota hit them first.
That move tends to be a pay cut for the first six months and a pay rise by year three. Predictable enough that it should be priced into the decision before you take the seat. Most candidates don't price it in. That's the part that costs.
Named observation
The SOC Burnout Pivot.
The eighteen-month exit where capable analysts move into GRC or detection engineering not because they hit a ceiling but because the rota hit them first. Predictable enough to plan for. Almost never planned for.
The honest part
The SOC route can carry a strong career for fifteen years. It can also flame out at month 22 and leave you negotiating sideways into a job you could have taken directly. Which one happens depends on whether you knew about the rota and the burnout curve before you signed.
The Route Planner takes your specific starting point into account. The certificate stack, the shift tolerance, the alternative branches. Worth the five minutes before you spend the £300.
Next step
Pick the role you think you're aiming at and see what the route actually looks like from where you are. Honest, hop by hop, with the parts that tend to break.
See your route into SecurityRead next
The Service Desk Escape Plan
All four routes out compared, with the tradeoffs spelled out.
ContinueService Desk to Cloud
Why cloud certs without foundations read as paper-thin.
ContinueService Desk to Networking
The route that travels furthest into every other domain.
ContinueWhy the Service Desk Is Underrated
The foundation you already have, and what it's actually worth.
Continue