Blue Team Training for Your SOC Analyst Team

Upskill your team with a brand new blue team SOC Analyst L1 pathway, covering everything from cyber defence frameworks to threat intelligence, digital forensics, and phishing analysis.

Emma Sivess
Emma Sivess
Nov 8, 2022 5 min read

The past year at TryHackMe has been wild - we’ve been expanding our team of experts to comprise a team of over 45 individuals with hundreds of years of combined cyber security experience. We’re branching into more technical training and enabling our users a cyber security training journey from the very beginning through to specialisation.

Our newest launch is a step up for your blue team training plans with our SOC Level 1 Pathway.

Training your SOC team

The TryHackMe SOC Level 1 training course follows on from our fundamental training pathways:

  • Pre-Security; suited to the complete beginner, this training covers fundamental knowledge you would expect entry-level hires to know.
  • Introduction to Cyber Security; this pathway enables your team to kickstart hacking and defending in action using TryHackMe virtual machines. This allows your users to get hands-on experience whilst brushing up on topics including web application security, operating system security, network security, operations, and digital forensics.

Depending on the hiring format of your business, you can leverage TryHackMe security operations training to form onboarding pathways to enable new hires the foundational knowledge needed to start their career with you, or to teach new and evolving threat and mitigation techniques to your technical team.

Our SOC Level 1 content delves into tools and real-world scenarios suited to Junior Security Analysts or SOC Analysts. The level of detail we explore in these blue team training exercises reflects the needs of Level 1 SOC Analysts - of medium difficulty.

This blue team cyber security training will empower your team to:

  • Monitor and investigate alerts around the clock
  • Configure and manage security tools
  • Develop and implement IDS signatures
  • Escalate security incidents to the tier 2 and Team Lead where necessary

SOC Level 1 Training: The content

TryHackMe training is made up of pathways, modules, and individual labs (also called rooms.) Individual rooms are the lessons your team will be launching for each topic - consisting of guided learning and a virtual machine, where users learn in action.

Modules are a collection of rooms following a specific theme, for example, Phishing: learning the components that make up a phishing email, learning the different types of phishing attacks, delving into the tools analysts use to investigate, and defending against phishing. All rooms here make up a module. Finally, pathways are a collection of modules that reflect everything you need to know for specific job roles or skill levels.

SOC Training

This pathway launches its users into a day in the life of a Junior Security Analyst as a Triage Specialist.

Our SOC Analyst training pathway consists of includes:

  • Cyber Defense Frameworks - discover frameworks and policies that help establish a good security posture, learning how organisations use these in defensive strategies.
  • Cyber Threat Intelligence - learn about identifying and using available security knowledge to mitigate and manage potential adversary actions.
  • Network Security & Traffic Analysis - learn the network monitoring practices vital to threat investigations and the core concepts and tools of network traffic investigation and packet analysis.
  • Endpoint Security Monitoring - monitoring activity on workstations is essential, as that’s where adversaries spend the most time trying to achieve their objectives.
  • Security Information & Event Management -  explore SIEM basics, including features in each SIEM solution, and how to construct search queries to find anomalous traces.
  • Digital Forensics & Incident Response - understand how to identify threat data using various tools and methods for conducting forensics against systems and data storage.
  • Phishing Analysis - learn how to analyze and defend against phishing emails. Investigate real-world phishing attempts using a variety of techniques.

What is the difference to our Cyber Defense pathway?

Our Cyber Defense pathway provides an overview of defensive domains, including threat emulation and malware analysis. Our SOC Level 1 pathway has been constructed to contain a wider pool of topics in a structured format angled towards SOC Analyst careers specifically. This is a deeper dive into blue team content.

Getting the Most Out of TryHackMe

TryHackMe offers over 560 training labs to your team in the most accessible format in the industry. There are a few tips and tricks to ensure you get the most out of blue team security training for your team.

Strategise from the top down

Before assigning training to your team, consider what it is you want them to get out of training. Businesses use TryHackMe over the world for onboarding, keeping employees attuned to industry trends, and to promote and continuously improve employee capabilities. Companies also recommend training for employees to expand on with free time - exploring topics that may not be directly in their job scope, but broadens their cyber security knowledge and analytical thinking, enabling them to adapt to different needs.

Whatever your needs are, consider the goals you want to achieve with cyber security training and reflect this in assigning your team tasks.


Your business package enables you to customise training to reflect your business branding and needs. Would you add and edit rooms to reflect niche responsibilities? Or perhaps incorporate variations to reflect newer hires and existing employees looking to upskill? Don’t be afraid to niche down and dive into training to ensure it aligns with your strategy.

Utilise competitive training

Also for business users, we recommend leveraging TryHackMe workspaces so employees can see the leaderboard and peer progress to spur on their training. This is also an excellent way for peers to discuss what they are learning in the workplace when seeing colleagues' successes. You can monitor all activity and niche reporting in the management dashboard.

TryHackMe also has a competitive hacking game, King of the Hill. Along with training, our unique hacking and defending game allows users to compete with each other by patching and attacking machines. It enforces collaboration in cyber and gets teams to put offensive and defensive cyber skills into practice - it’s pretty awesome!

Action Practical Independent Learning That Cyber Analysts Can Directly Transfer to Job Responsibilities

Hundreds of businesses use TryHackMe to empower their employees across the globe. The nature of browser-based, bite-sized, guided training means employees can adapt their own training plans to their company goals and job responsibilities. We take the hassle out of getting employee buy-in and offer a gamified, engaging hub where teams can excel and managers can focus on managing.

KPMG uses TryHackMe to upskill all new analyst hires and onboard them into the company; setting a standard of training that empowers employees to learn and evolve. In our ongoing partnership, employees have logged a 100% satisfaction rate, completed over 40,000 training labs in 2 months, and achieve hands-on experience to directly transition to job responsibilities.


Get more insights, news, and assorted awesomeness around cyber training.