TryHackMe and the Cyber Defense learning path
Ever since I joined the LinkedIn cybersecurity community, I’ve seen numerous references to TryHackMe. Initially, I thought it was strictly an offensive security learning platform (i.e. for “hackers”). While it does have substantial penetration testing learner resources, it does have an awesome defensive security learning path, for those interested in security operations, threat and vulnerability management, incident response and forensics, and malware analysis.
Many of the “rooms” deploy a browser-based virtual machine Kali Linux, or RDP (Remote Desktop Protocol) into a Windows machine, in order to work through questions regarding a particular tool or overall objective. Some of the rooms have been quick and easy (approximately 20-30 minutes to complete), either because it just clicks, or I’ve already had experience with whatever the room is focused on. Rooms that are difficult, I utilize whatever resources the room provides, and/or search engine queries. Whenever I find the answer to a question I am truly stuck on, I always back-track and focus on how the answer was discovered — the process. This way, I am able to take what I’ve learned and make use of it in another instance.
The OSINT (Open Source Intelligence) rooms, though not all necessarily part of their Cyber Defense learning path, have been really fun to work through. Knowing how to utilize OSINT is an important skill for security research, whether it’s for gathering threat intelligence, or for penetration testing reconnaissance. The objective is not just to collect random information, but to use OSINT to help form a scope: How does this tie in to the bigger picture? What does this mean? Why is this intel relevant?
THM also provides very useful resources in each room, which I always bookmark for future use. The platform does a great job at providing users with the resources and tools that make for effective investigations. It’s very gratifying to take on and complete each case!
I look forward to when I’m able to apply these skills in real-time for an organization. I want to help others succeed in achieving their vision for securing their company, by adding value to their team. I’m optimistic about employment opportunities. In the mean time, I stay persistent in my learning and involvement in the cybersecurity community.
Thanks for reading!
