Introduction to TryHackMe SAL1 Certification
The SAL1 is an entry-level certification introduced by TryHackMe, aimed at individuals aspiring to become Security Operations Center (SOC) analysts. It combines theoretical knowledge with practical simulations to assess a candidate’s readiness for real-world cybersecurity challenges.
Overview
Certification Overview:
- Objective: The SAL1 certification is designed to validate the baseline skills and competencies required to excel in a SOC setting, focusing on real-world scenarios and challenges.
- Development: Created with input from employers and experts, the certification ensures alignment with industry needs and expectations.
Why TryHackMe Created the S1 Certification
🔹 Many beginners struggle to land SOC analyst jobs due to:
- Vague job descriptions
- Unreasonable expectations
- Certifications that don’t prove real skills
🔹 TryHackMe partnered with Accenture and Salesforce to create a real-world SOC simulation exam that tests hands-on skills.
What’s Inside the Certification? | How to Prepare for SAL1
Recommended Learning Path (for beginners):
- Pre-Security & Cybersecurity 101 – Basics of security concepts
- SOC Level 1 – SOC fundamentals
- Hands-on labs:
- Investigating with Splunk
- B9
- Secret Recipe
- SOC Simulator – Prepares you for the real exam
TryHackMe SAL1 Exam Structure
The SAL1 exam comprises three main components:
- Multiple-Choice Questions (MCQ):
- Format: 80 questions
- Duration: 1 hour
- Total Points: 200
- SOC Simulator Scenarios:
- Number of Scenarios: 2
- Duration per Scenario: 2 hours
- Total Points per Scenario: 400
Candidates have a 24-hour window to complete all sections and must achieve a minimum score of 750 out of 1000 to pass. The exam fee includes three months of TryHackMe premium access
TryHackMe SAL1 Cost & Pricing
💵 $279 for TryHackMe Premium Members
💵 $349 for Non-Premium Users
💡 Includes access to all learning materials.
TryHackMe SAL1 Certification Review
The TryHackMe SAL1 Certification presents a promising blend of theoretical knowledge and practical application for those entering the field of cybersecurity, particularly in SOC roles. However, its current limitations in industry recognition and certain exam content aspects suggest that candidates might consider complementing it with more established certifications to enhance employability.
Strengths
Comprehensive Content: The certification covers a broad spectrum of topics relevant to SOC operations, including threat detection, incident response, and the use of security information and event management (SIEM) tools like Splunk.
Practical Emphasis: The inclusion of SOC simulator scenarios offers hands-on experience, allowing candidates to engage with simulated alerts and tools akin to those used in actual SOC environments.
Areas for Improvement
- Industry Recognition: As a newly introduced certification, SAL1 lacks widespread recognition among employers. Some professionals suggest that more established certifications like CompTIA Security+ or CySA+ might be more beneficial for those seeking roles in cybersecurity.
- Exam Content Quality: Feedback indicates that certain exam components, particularly the multiple-choice questions, contain grammatical errors and ambiguities, which can hinder comprehension and performance.
- Simulation Dynamics: The SOC simulations, while valuable, have been noted to suffer from issues such as slow alert generation and repetitive scenarios, leading to potential time inefficiencies during the exam.
TryHackMe SAL1 Certification vs CompTIA Security+ & Other Certifications
1️⃣ S1 is NOT a replacement for Security+ or other well-known certs.
- Some claim it replaces CompTIA, but that’s misleading.
- TryHackMe’s cert is new and still unproven in the job market.
2️⃣ It will take years before employers recognize it.
- Most hiring managers are unaware of this cert.
- Well-established certs like Security+ and OSCP took years to gain credibility.
3️⃣ Marketing vs. Reality: Is it really “industry-recognized”?
- TryHackMe is well-known, but this cert itself is not yet widely accepted.
- Industry acceptance will depend on time and user feedback.
| Certification | Hands-on SOC Experience? | Cost | Trusted by Industry? | Entry-Level? |
|---|---|---|---|---|
| TryHackMe SAL1 | ✅ Yes | Most Affordable | ✅ Yes | ✅ Yes |
| CompTIA CySA+ | ❌ Mostly multiple-choice | More expensive | ✅ Yes (DoD recognized) | ⚠️ Some experience recommended |
| Blue Team Level 1 | ⚠️ Some hands-on | Expensive | ✅ Yes | ⚠️ Intermediate |
| Hack The Box CDSA | ⚠️ IR-focused, no SOC sim | Expensive | ✅ Yes | ❌ Not beginner-friendly |
Is TryHackMe SAL1 Right for You?
If you’re a beginner looking for hands-on experience, S1 could be useful – but don’t expect it to replace Security+ or OSCP.
🔹 If your goal is to impress employers, you may be better off with a more recognized cert like CompTIA Security+ or CySA+.
🔹 Wait and watch: If the cert gains traction over time, it may become more valuable.
Is the TryHackMe SAL1 Certification Worth It?
Pros:
Hands-on experience (better than theory-based certifications)
Affordable compared to other cybersecurity certs ($500+)
Helps beginners gain real SOC experience
Cons
Not “easy” – requires problem-solving and tool usage
Requires practice and effort
🔹 Verdict: Highly valuable for beginners looking to break into SOC roles.
Review
Community Feedback:
The cybersecurity community has shared varied perspectives on the SAL1 certification:
- Positive Insights: Many appreciate the certification’s practical approach. One reviewer highlighted the value of the hands-on experience, stating that it “leans heavily into that hands-on approach, making it invaluable for those seeking real-world experience.”
- Considerations: Some community members have discussed the certification’s current industry recognition. A Reddit user pointed out that there are “0 job listings asking for it,” suggesting that its value may increase as more employers recognize it.
I got a free voucher by having BTL1. Can you explain what tools is mandatory to know to pass the exam? it s to know what topics i need to review.
Best regards
Focus on Splunk, Wireshark, Wazuh, ELK and tshark.