Introduction to TryHackMe SAL1 Certification
TryHackMe has recently introduced the Security Analyst Level 1 (SAL1) certification, aiming to equip individuals with foundational skills essential for Security Operations Center (SOC) roles. Developed in collaboration with industry leaders like Accenture and Salesforce, this certification emphasizes practical, hands-on experience within a virtual SOC environment.
Overview
Certification Overview:
- Objective: The SAL1 certification is designed to validate the baseline skills and competencies required to excel in a SOC setting, focusing on real-world scenarios and challenges.
- Development: Created with input from employers and experts, the certification ensures alignment with industry needs and expectations.
Why TryHackMe Created the S1 Certification
🔹 Many beginners struggle to land SOC analyst jobs due to:
- Vague job descriptions
- Unreasonable expectations
- Certifications that don’t prove real skills
🔹 TryHackMe partnered with Accenture and Salesforce to create a real-world SOC simulation exam that tests hands-on skills.
What’s Inside the Certification? | How to Prepare for SAL1
Recommended Learning Path (for beginners):
- Pre-Security & Cybersecurity 101 – Basics of security concepts
- SOC Level 1 – SOC fundamentals
- Hands-on labs:
- Investigating with Splunk
- B9
- Secret Recipe
- SOC Simulator – Prepares you for the real exam
Exam Structure
3 Sections:
1️⃣ Multiple Choice (1 hour, 80 questions) – Covers cybersecurity concepts from the learning path.
2️⃣ Hands-on Investigation (2 hours) – Simulates real SOC tasks (triaging alerts, investigating incidents, and reporting findings).
3️⃣ Case Report (2 hours) – Document and analyze security incidents.
🔹 Passing Score: 750/1000
🔹 Time Limit: 24 hours to complete all sections
🔹 1 Free Retake
Pricing
💵 $279 for TryHackMe Premium Members
💵 $349 for Non-Premium Users
💡 Includes access to all learning materials.
TryHackMe SAL1 Certification vs CompTIA Security+ & Other Certifications
1️⃣ S1 is NOT a replacement for Security+ or other well-known certs.
- Some claim it replaces CompTIA, but that’s misleading.
- TryHackMe’s cert is new and still unproven in the job market.
2️⃣ It will take years before employers recognize it.
- Most hiring managers are unaware of this cert.
- Well-established certs like Security+ and OSCP took years to gain credibility.
3️⃣ Marketing vs. Reality: Is it really “industry-recognized”?
- TryHackMe is well-known, but this cert itself is not yet widely accepted.
- Industry acceptance will depend on time and user feedback.
| Certification | Hands-on SOC Experience? | Cost | Trusted by Industry? | Entry-Level? |
|---|---|---|---|---|
| TryHackMe SAL1 | ✅ Yes | Most Affordable | ✅ Yes | ✅ Yes |
| CompTIA CySA+ | ❌ Mostly multiple-choice | More expensive | ✅ Yes (DoD recognized) | ⚠️ Some experience recommended |
| Blue Team Level 1 | ⚠️ Some hands-on | Expensive | ✅ Yes | ⚠️ Intermediate |
| Hack The Box CDSA | ⚠️ IR-focused, no SOC sim | Expensive | ✅ Yes | ❌ Not beginner-friendly |
Is SAL1 Right for You?
If you’re a beginner looking for hands-on experience, S1 could be useful – but don’t expect it to replace Security+ or OSCP.
🔹 If your goal is to impress employers, you may be better off with a more recognized cert like CompTIA Security+ or CySA+.
🔹 Wait and watch: If the cert gains traction over time, it may become more valuable.
Is the TryHackMe SAL1 Certification Worth It?
Pros:
Hands-on experience (better than theory-based certifications)
Affordable compared to other cybersecurity certs ($500+)
Helps beginners gain real SOC experience
Cons
Not “easy” – requires problem-solving and tool usage
Requires practice and effort
🔹 Verdict: Highly valuable for beginners looking to break into SOC roles.
Review
Community Feedback:
The cybersecurity community has shared varied perspectives on the SAL1 certification:
- Positive Insights: Many appreciate the certification’s practical approach. One reviewer highlighted the value of the hands-on experience, stating that it “leans heavily into that hands-on approach, making it invaluable for those seeking real-world experience.”
- Considerations: Some community members have discussed the certification’s current industry recognition. A Reddit user pointed out that there are “0 job listings asking for it,” suggesting that its value may increase as more employers recognize it.
I got a free voucher by having BTL1. Can you explain what tools is mandatory to know to pass the exam? it s to know what topics i need to review.
Best regards
Focus on Splunk, Wireshark, Wazuh, ELK and tshark.