TryHackMe SOC Level 1

I recently completed the TryHackMe SOC Level 1 training path, which I worked on for over 5 months, with a few breaks in between. During that time, I managed to increase my flame score to around 160 by completing several days in a row of training sessions. This path is designed for those aiming to become Junior Security Analysts, and it provided a comprehensive introduction to key areas of security operations.

The course covers a wide range of topics, including:

Traffic Analysis & Network Security: Deep dives into network monitoring using tools like Snort, Wireshark, and Zeek. Learning how to detect traffic anomalies and understand network behavior is essential for a Tier 1 SOC Analyst.
Endpoint Security Monitoring: Tools like Sysmon and Wazuh were used to monitor and analyze endpoints. This is crucial because many security breaches begin at the endpoint level.
Security Information and Event Management (SIEM): The course includes modules on using SIEM tools like ELK, Splunk, and ItsyBitsy. These tools help in aggregating logs and providing real-time alerts for suspicious activities, which are key components of a SOC analyst's role.
Digital Forensics & Incident Response: This section explores forensic tools such as Autopsy and Volatility for Windows and Linux forensics, which are necessary for post-incident analysis.
Phishing Prevention & Analysis: Since phishing is one of the most common attack methods, the training covers phishing detection and prevention, with practical examples to help you understand the techniques used by attackers.

The hands-on labs and challenges throughout the course provided real-world scenarios, and the Capstone Challenges at the end brought everything together, simulating a real SOC environment where you are expected to triage and respond to incidents effectively.

While the training starts with the basics and builds up to more complex topics, it remains engaging and challenging throughout. The interactive approach to learning, paired with a steady increase in difficulty, ensures that you gain the skills necessary for success in the SOC environment.

In conclusion, the SOC Level 1 path on TryHackMe is an excellent way to build practical, entry-level skills in security operations. It’s perfect for beginners but also provides enough depth for those looking to strengthen their cybersecurity foundation. After 5 months of training, I feel much more confident in my skills and prepared to tackle real-world challenges as a Junior Security Analyst.

PreviousSANS SEC587 – Advanced Open-Source Intelligence (OSINT) Gathering and Analysis

Last updated 20 days ago

The course covers a wide range of topics, including:

Traffic Analysis & Network Security: Deep dives into network monitoring using tools like Snort, Wireshark, and Zeek. Learning how to detect traffic anomalies and understand network behavior is essential for a Tier 1 SOC Analyst.
Endpoint Security Monitoring: Tools like Sysmon and Wazuh were used to monitor and analyze endpoints. This is crucial because many security breaches begin at the endpoint level.
Security Information and Event Management (SIEM): The course includes modules on using SIEM tools like ELK, Splunk, and ItsyBitsy. These tools help in aggregating logs and providing real-time alerts for suspicious activities, which are key components of a SOC analyst's role.
Digital Forensics & Incident Response: This section explores forensic tools such as Autopsy and Volatility for Windows and Linux forensics, which are necessary for post-incident analysis.
Phishing Prevention & Analysis: Since phishing is one of the most common attack methods, the training covers phishing detection and prevention, with practical examples to help you understand the techniques used by attackers.