Five years ago, Eddie Tumalle was working part-time as a phone technician / Sales. Today, he's a SOC analyst with three cyber security certifications earned in just three months. His secret weapon? Consistent, hands-on practice and a TryHackMe license he made the absolute most of.
This is Eddie's story: how he pivoted from retail to IT to cyber security, and how TryHackMe helped him close the skills gap that theory alone couldn't.
The Spark: A Mentor and a Plan
Eddie's journey started with a conversation. While working as a phone technician, he met a colleague who managed a Security Operations Center at Boeing. That mentor gave him advice that shaped everything: build a strong IT foundation first, and pick up HR-friendly certifications along the way.
Eddie listened. He earned his A+ and IT support certifications, then made his first big move leaving retail behind for the IT department at T-Mobile.
Finding the Gaps
IT gave Eddie real, transferable skills. Root cause analysis and documentation would later serve him well in the SOC. But when he set his sights on cyber security, he knew the learning curve would be steeper so he did something smart. He reached out to a former SOC team member and asked a simple question: what does the day-to-day actually look like, and where will I struggle?
The answer was honest. Eddie had gaps in:
- Reading raw logs and making sense of them under pressure
- Understanding network traffic at a deep level
- Navigating Splunk, the SIEM his company relied on
- The security side of Azure Active Directory
He didn't need more theory. He needed reps.
Enter TryHackMe
When T-Mobile sponsored TryHackMe licenses for its team, Eddie jumped in hard. He used the platform so heavily that he topped the company leaderboard for three months straight.
What made it click for him was the format. TryHackMe's structured learning paths gave him guidance instead of guesswork, and the hands-on labs meant he wasn't just reading about concepts he was doing them. The Security Analyst path in particular stood out, with the opening Security 101 section praised for building foundations the right way: Linux fundamentals, setting up a virtual machine, and the core concepts everything else stacks on.
Along the way, Eddie built exactly the skills he'd been missing:
- Raw log analysis: no longer intimidating, now second nature
- In-depth Splunk experience: directly relevant to his target SOC role
- The MITRE ATT&CK framework: and how real investigations map to it
- The investigator's mindset: the SOC Simulator tied all the theory together in realistic scenarios
Every one of those skills, in Eddie's words, transferred directly to the actual SOC environment.
Passing SAL1: Two Days After Getting the License
When Eddie heard about licenses to sit TryHackMe's Security Analyst Level 1 (SAL1) exam, he spoke to his managers, secured one, and took the exam two days later.
He passed.
His verdict? The SAL1 exam is a genuine representation of what starting in a SOC actually feels like. It forced him to navigate Splunk properly and proved he had the practical foundation the job demands.
It also changed his certification strategy entirely. Eddie found that TryHackMe's material covered more and went deeper than the traditional entry-level security certification he'd originally planned to take. So he skipped it, made SAL1 his foundational credential instead, and used it as a springboard to a more advanced analyst certification. He passed both exams in the same week.
Three certifications. Three months. Nearly all of it fueled by intense, hands-on study.
Turning Learning Into Proof
Eddie's advice to anyone chasing a SOC role is blunt: employers want proof, not promises. A project portfolio is no longer optional in a competitive market.
So he built one drawing directly from what he learned on TryHackMe:
- Built his own firewall with pfSense, then took it further by adding IDS/IPS detection with Suricata, a tool referenced in TryHackMe's learning material
- Installed and configured Splunk on a Linux server, documenting the whole process directly relevant, since his company runs on Splunk
- Documented everything on GitHub steps, screenshots, diagrams creating a portfolio he could point to in interviews
The documentation habit paid a hidden dividend: writing everything up forced him to review the material multiple times, which organized his thinking and gave him real confidence walking into interviews.
The Payoff
Eddie made it. He's now on the SOC team the goal he set five years ago as a phone technician.
He's clear about what got him there: without TryHackMe's structure, his journey would have been slower and far less streamlined. The learning paths gave him direction, the SOC Simulator gave him confidence, and the hands-on labs made sure nothing he learned slipped away.
And he's not done. Once he's settled into the SOC, Eddie plans to return to TryHackMe for the red team learning path and its certification because he believes reaching that higher technical level makes every other area of cybersecurity easier to master.
Eddie's Advice for Aspiring SOC Analysts
- Build your IT foundation first. The skills transfer more than you think.
- Talk to people in the role. Find your gaps before an interviewer does.
- Get hands-on. Theory alone won't survive contact with a real investigation. Platforms like TryHackMe exist so you can practice in real-world scenarios.
- Turn learning into projects. Firewalls, detection systems, SIEM setups, build them, document them, show them off.
- Ask about a company-sponsored license. Eddie's employer sponsored his TryHackMe access, complete with a leaderboard and monthly rewards. Yours might too.
Three Words
When we asked Eddie to describe TryHackMe, he didn't hesitate:
Practical. User-friendly. Relevant.
We couldn't have said it better ourselves.
Carah Els