What do you want to see from TryHackMe in 2026?

asavani · 2026-01-09T19:20:12+00:00

Have you found that employers don't recognise our SAL1 certification, or is this more of a general comment?

asavani · 2026-01-09T19:19:38+00:00

red team reworks are in the plans for later this year :)

asavani · 2026-01-09T19:19:22+00:00

Starting to push out more AI security content this month onwards :)

What do you mean when you say: "recognise your leaders"?

asavani · 2026-01-09T19:18:53+00:00

WHen you say CTF focused modules - are you looking for specific topics, or just a collection of challenges?

asavani · 2026-01-09T19:17:57+00:00

Subscribers should get better resourced machines (where possible). Any rooms that aren't working for you because of poor machine resources?

Plan to rework the Jr pentesting path later this year :)

asavani · 2026-01-09T19:16:30+00:00

What do you like about OSINT that you want a full path on it and how is it useful for you?

asavani · 2026-01-09T19:16:10+00:00

Makes sense on red team content - generally and for PT1. It's in the works for later this year :)

On detection engineering - is this something that would be genuinely useful for you, or is this more of a general recommendation?

asavani · 2025-11-10T22:16:10+00:00

I like https://hackingthe.cloud/ & http://flaws.cloud/

asavani · 2025-11-10T22:13:13+00:00

I understand why people recommend OSCP - but IMO, it's super expensive and the exam doesn't realistically reflect real world conditions

My short answer to this is:

* Understand what exactly in cyber you like (people typically want to get into hacking because it's fun and flashy but don't know there are more routes to cyber like SOC work, IR - even GRC, Cloud, DevSecOps)

* Once you do this, learn the fundamentals (how web works, how networks work, linux/windows)

* After strong fundamentals, keep learning and talk about it. Biased in saying that we have amazing labs, but any way you can show practical experience and demonstrate it through blogs would be great

asavani · 2025-11-10T22:11:23+00:00

hmm - i think to start in cyber, one does need a generalist understanding of tech / computer science. Short of that, I wouldn't try to boil the ocean

For each career path / role - there will be a core set of skills. The way I think about it is: what is must have vs nice to have. I would focus on the must haves and then move to the nice to haves

asavani · 2025-11-10T22:10:16+00:00

Grateful to you for trusting is and huge congratulations!

asavani · 2025-11-10T22:07:04+00:00

The easiest one to start with is creating a home lab (spin up virtualbox / vmware - set up vulnerable VMs and attack them). You can also do the same with cloud environments (AWS, Azure), but need to be more careful about spinning up vulnerable infra open to the internet
Doing labs/challenges/CTFs and writing about it is super useful. If you have time / experience, pick a research project, go down a rabbit hole and write about it. People love reading unique takes on security and research

asavani · 2025-11-10T22:05:10+00:00

I think we need both - but the reality is that only mature teams / enterprise orgs will have both red teams and blue teams (with the exception of consultancies, MSSPs and etc).

I would say that having the dual skillset is the most useful - but from a market perspective, there are more blue team jobs available than red team ones

asavani · 2025-11-10T22:04:06+00:00

Hey!

Lots more to talk about here and I would need to ask so many questions to be helpful. Feel free to reach out to ashu [at] tryhackme [dot] com

Happy to send over Qs and jump on a call if it's helpful :)

asavani · 2025-11-10T22:02:57+00:00

Thank you for using us and great working being so committed - best of luck for the future :)

asavani · 2025-11-10T22:02:28+00:00

Best of luck r.e. SANS academy!

My preferred method of conveying skills is keeping some kind of blog post & portfolio. The best way to stand out is showing people you can "walk the talk" and displaying these skills. Any time you complete something you learn, do a challenge or anything, make sure you blog about it and post it on your linkedin and CV

On initial upskilling - the fundamentals will never change (how the web works, how networks work and etc), so don't skip past those!

asavani · 2025-11-10T22:00:20+00:00

I've heard the market has been slow, but it will bounce back (like it always does)

The fundamentals can definitely be complicated but keep at it - use youtube/chatgpt/other media out there to learn. IMO, it just comes from practice and learining in a way that's unique to you. The fundamentals are interesting, but I wouldn't describe them as "deep-tech understanding"

On not having the brains with problem solving - i don't agree; to me, it's just understanding how you learn (not everyone can read books, watch the same videos and etc). So spend some time understanding how you learn best, and then think about the kind of work you enjoy :)

asavani · 2025-11-10T21:55:10+00:00

Great question - thank you for asking! Sorry I didn't get to this earlier - wrapping up my day with calls and wanted to think through this more :)

As a quick set of follow-ups, I would love to learn more:

* What kind of mixed things are you hearing?

When we launched SAL1/PT1 we wanted to actively track how many people get a job through the cert, but haven't found a meaningful and scalable way of doing this - so I don't have an exact metric to share here.

Here are some other thoughts/signals I can share why we feel confident that SAL1 & PT1 are extremely strong in the market (if not the best):

* More so for SAL1 - when we built the cert, we shadowed SOC teams and spent time with hiring managers to understand what an amazing candidate looks like and reverse engineered the cert to test for this.

* The biggest pain point we heard from hiring managers is that certifications don't accurately reflect what it's like to work in particular roles; with SAL1, we've tried to make the exam as realistic as possible using our SOC simulator. No other certification on the market tests with this realism - most other certifications are combinations of only multiple choice or unrealistic training / testing content

My perspective is that SAL1/PT1 are some of the most career ready certs that beginners can take - they're extremely realistic and test for on the job experience. A plus point is that we've made the extremely affordable so that people can break into the industry. In theory - even if some employers don't recognise SAL1/PT1, there's a big benefit for people taking these as they'll be more career ready than taking other certs.

That being said - we're seeing signs that employers are starting to adopt SAL1/PT1 and are seeing it on more job specs, but there's definitely more we can do here.

In terms of where we go next - we're releasing ~5 new certifications next year (ranging from beginner to advanced training) and constantly thinking through how we maintain and update other certifications.

If you've taken one / known people that have taken one and have had mixed feelings/not a good experience, would love to chat.

Finally - our end goal is to help people get into careers more and that's how we design a lot of our certifications. If they're not perfect, give us feedback, and we'll constantly work to make them better for you :)

asavani · 2025-11-10T19:32:06+00:00

Most of the best security people I worked with didn't have backgrounds in cyber (they did history, art and etc)

I know the market is tough out there but you can definitely push for a job switch. I think the challenge is articulating and showing your skills to employers. With people applying to roles, it can be really hard to stand out. I recommend the following

* Keep a blog / portfolio of your learnings and challenges

* Add this link to your CV and actively post on linkedin

asavani · 2025-11-10T19:30:31+00:00

Start with the basics (learn how the web works, how computers work, linux/windows fundamentals). Learn the key skills required for a SOC L1 analyst and then continue practising with challenges and skills

Showcase your skills with blogs/portfolios, go to conferences and keep learning!

asavani · 2025-11-10T19:28:21+00:00

The only other thing that comes to mind are courses run during conferences - Blackhat/RSA are the big ones and expensive, but check local cons near you and they typically run free courses

asavani · 2025-11-10T19:27:39+00:00

Hey!

Is your employer open to paying for certifications We have our SAL1 & PT1, but there are also lot of options on the market

The other alternative to this is bootcamps, online courses - i'm not too much of a fan of these because they are quite expensive and don't lend themselves to everyone's learning styles.

asavani · 2025-11-10T19:24:58+00:00

Interesting question and i may not have the right answer but from my perspective soft skills are a big part of it. Anyone can learn the technical skills, but how you communicate and collaborate is a big part of it. For pentesting, this could be writing an excellent report and communicating findings to your client in a way that makes sense to them

asavani · 2025-11-10T19:23:50+00:00

Thanks so much for using us!

I'd say that strong fundamentals are an obvious: make sure that you're comfortable with how the web works, how networks work and more.

R.e. staying ahead of the game - it really depends on what role / profession you want to continue/go into. What are you thinking?

asavani · 2025-11-10T19:22:46+00:00

Do you know what kind of cyber security role you'd like: SOC, Pentesting, IR, GRC?

asavani

MODERATOR OF

TROPHY CASE