Sharing my step-by-step process, technical notes, and lessons learned while training to become a Junior Security Analyst on TryHackMe.

Cybersecurity is a vast ocean that requires constant learning. The best way to navigate this ocean without getting lost is to set a course and reinforce what you learn by explaining it to others (The Feynman Technique). This article series will serve as my logbook on the road to becoming a Junior Security Analyst.

My goal is clear: To enter the industry as a SOC (Security Operations Center) Tier 1 analyst.

In this series, I will share the notes I take, the labs I solve, and the technical challenges I encounter during my “Junior Security Analyst” training journey on TryHackMe, filtered through my own perspective.

Why SOC Tier 1?

Known as the frontline of cyber defense, the SOC is the center that monitors, analyzes, and defends an organization’s digital security. The Tier 1 analyst is the “eyes” of this center.

When an attack occurs, the Tier 1 analyst is the person who sees the first alarm and distinguishes whether it is a real threat or a false alarm (False Positive). This role forms the cornerstone of a cybersecurity career because it teaches:

  • Log Analysis: Understanding the language of systems.
  • Incident Response: Remaining calm during a crisis.
  • Tool Mastery: Using industry-standard tools like SIEM, EDR, and IDS.

What Will You Find in This Series?

I know that on Medium, “copy-paste” content is less valuable than truly digested information. Therefore, my notes here will not be literal translations of the training text. Instead, you will see how I approach events as an aspiring analyst.

In future articles, we will dive deep into the following topics:

  1. Traffic Analysis: How do we detect anomalies hidden inside network packets?
  2. Log Review: How do we track an attacker’s footprints in web server logs?
  3. Vulnerability Analysis: How are system flaws found before they are exploited?
  4. Case Studies: Threat Hunting based on real-world scenarios.

My Roadmap and Methodology

My main resource on this journey will be the guided training paths on TryHackMe. However, I will not stay only in theory; I will translate what I learn into practical scenarios.

For example; instead of just theoretically defining an SQL Injection attack, we will discuss how we should take action when we see a UNION SELECT statement in the logs. My aim is not to memorize, but to develop an analyst mindset.

Conclusion

If you aim to build a career in cybersecurity or are curious about the development process of a Junior Security Analyst, this series can be a guide for you.

In my next article, we will introduce the fundamentals of the defense line and the critical concepts an analyst needs to know.

Stay tuned and stay safe!