Author
Astrid Lindqvist
Content Strategist, SOCSimulator
Astrid is the Content Strategist at SOCSimulator, where she shapes the detection scenarios, attack narratives, and learning paths analysts train against. She comes from a blue-team background, with years spent close to live SOC operations, triaging alerts and tuning detections, and now turns that reality into structured, hands-on training. She writes about the craft of detection and response, and the human side of working a SOC shift.
Articles by Astrid Lindqvist (15)

Phishing Email Examples: 15 Analyzed by a SOC Analyst
Phishing email examples analyzed with real analyst eyes: red flags, header tells, and the patterns every security-aware person should recognize.

Best EDR Tools in 2026: What Tier 1 Analysts Learn First
Best EDR tools for SOC analysts: CrowdStrike, Defender, SentinelOne, Cortex XDR and more — ranked by console learnability and job-market frequency.

Cyber Threat Hunting Tools: 13 SOC Analysts Use (2026)
Cyber threat hunting tools every SOC analyst needs: Sigma, YARA, KQL, Velociraptor, Wireshark, Zeek, MISP and more — grouped by layer with code examples.

SIEM Use Cases: 10 Every SOC Runs (With Detection Logic)
SIEM use cases explained with detection logic sketches, data sources, and tuning notes for the 10 detections every SOC team operates.

Best SIEM Tools in 2026: 10 Platforms Ranked
Best SIEM tools ranked for 2026: Splunk, Microsoft Sentinel, IBM QRadar, Elastic Security, and more — reviewed from a SOC analyst training perspective.

Open Source SIEM Tools: 7 for Your Home Lab (2026)
Open source SIEM tools let you build real detection skills at zero cost. Here are 7 worth running in a home lab, ranked by what they actually teach.

Best Cybersecurity Certifications for Beginners (2026)
Best cybersecurity certifications for beginners in 2026, ranked by ROI for SOC-bound career switchers. Honest costs, HR recognition, and skill signal per cert.

Windows Event IDs Cheat Sheet: The 31 That Matter
Windows event IDs cheat sheet for SOC analysts: 31 essential security event IDs covering auth, process execution, log tampering, and lateral movement.

Common Ports Cheat Sheet: 42 Ports SOC Analysts Memorize
Common ports cheat sheet for SOC analysts — master the 42 TCP/UDP ports that appear in firewall logs, SIEM alerts, and security interviews every single day.

How to Analyze a Phishing Email: SOC Walkthrough
A step-by-step SOC workflow to analyze a phishing email: safe handling, header forensics, URL and attachment triage, and a documented verdict.

Alert Triage: Real Threats vs False Positives
Alert triage is the core SOC skill — learn the framework analysts use to assess severity, confirm IOCs, and separate real threats from false positives.

SOC Analyst Interview Questions: 30 With Answers
SOC analyst interview questions decoded: what interviewers test, sample answers, and log examples to study before your first security ops interview.

SOC Analyst Salary Guide 2026: Tier 1 to Tier 3
SOC analyst salary ranges by tier, experience, and location — honest estimates with factors that actually move your comp as a career switcher.

How to Become a SOC Analyst (With or Without a Degree)
How to become a SOC analyst: a realistic roadmap from IT helpdesk to SOC, covering certs, hands-on practice, and what hiring managers actually screen for.

What Does a SOC Analyst Do? The Role, Explained by Tier
What does a SOC analyst do? A tier-by-tier breakdown of the role, a realistic daily shift, tools, skills, and common myths — for career switchers.