Embark on your Cybersecurity Journey: A Quick Guide to TryHackMe’s Security Engineer Learning Path

The Learning path Security Engineer from TryHackMe has 5 amazing modules and are as follows:

1. Introduction to Security Engineering
2. Threat and Risks
3. Network and System Security
4. Software Security
5. Managing Incidents
6. Introduction:

Introduction involves fundamentals of Security Principles, Identity and Access Management, Cryptographic algorithms, etc. It gives a solid fundamental understanding on theoretical concepts.

2. Threat and Risks

This section covers plethora of frameworks, including the MITRE ATT&CK, STRIDE, etc. It covers the basics of risk management and threat modeling, along with an introduction to governance and regulation. Additionally, the vulnerability management section offers insights into topics such as detecting and prioritizing vulnerabilities.

Here Vulnerability Management is one of the most interesting topics for me personally.

3. Network and System Security

This section of the module is particularly beneficial for those interested in deepening their understanding of infrastructure security. It serves as a wonderful opportunity to explore more about Linux, Windows, and networking.

You will learn concepts like Active Directory Hardening, Windows Hardening, Linux Hardening, etc and the cheat sheet is as follows:

Windows Hardening Cheat Sheet

Active Directory Hardening

Concepts on Tiering Models

Cloud Introduction

Log Management

4. Software Security

This section requires a foundational knowledge and experience in web development, API security, and basic code review. The resources provided above should be helpful for beginners who may encounter challenges or need clarification on general concepts.

This section is one of the most complete sections where it has sub-section called Mother’s secret and it is quite intense and you will learn about exploiting the flaws in Application Security to reveal its secrets.

Exploit chaining or multi-stage exploitation model

SDLC life cycle example model

5. Managing Incidents

This section talks about Incident Management and the Incident Response and how to handle during the situation with concepts such as Cyber Crisis Management, Accountability, etc.

Incident Response: Is basically — “What happened?”

Incident Management: Is basically — “How do we respond to what happened?”

Incident Management Process

An example incident playbook

Level of Incident

Conclusion:

Overall, it is a very good learning path to understand the solid fundamentals on various sections mentioned above and it can be a solid start to your Security Engineer career path.

Link to this Security Engineer Course: TryHackMe | Paths