TCM Security - PSAA (Practical SOC Analyst Associate)

My Experience

Let me start by saying that I am delighted to announce that I have successfully PASSED TCM Security’s PSAA exam.

There is not much I can say about the exam itself in the interest of maintaining the integrity of the exam, so I will only comment on my experience in very general terms.

First off, the SOC 101 course which is available on the monthly TCM subscription or when you purchase the exam is such an amazing course. The course itself has around 29 hours of content and teaches the theory and methodology required to be a successful SOC Analyst. The time and effort that Andrew Prince put in to both the course and the exam is phenomenal.

As you will know, I have completed various CompTIA exams including Security+ and CySA+. While I can’t fault or criticise the information taught on these courses, I always felt that they lacked teaching hands on skills. Having a lot of knowledge and no idea what to do with it is a bit frustrating.

I can in all honesty say, I feel I have more applicable knowledge and the confidence in my own ability to thrive in the defensive realm.

The exam itself presents a number of tickets to analyse, while gathering information and artifacts. The scenario’s feel real and test your ability to use tools and reasoning while working through the tickets in a methodological way.

My preparations were badly affected on the run up to the exam and while I felt there were areas I was strong in, there were some areas where I didn’t get the same level of preparation but, I decided to push ahead with the exam anyway. I was very much at the point where I had put in so much effort and work that I had to test myself to see what level I was at.

Things couldn’t have gone much better as I blasted through the first 2 tickets in under 2 hours, had my notes and I was confident in my work. Then things seemed to get more challenging as I ran into tickets in the area’s that I felt underprepared. I could feel myself becoming a little overwhelmed but managed to take a step back and think about things logically and found the answers that I was looking for.

For me, the biggest challenge of the exam was in producing the report as it was something that I hadn’t really done before. I have done write ups for labs and various alerts from LetsDefend but this was different.

It was beneficial though, as it allowed me to see where there were gaps in my information gathering and I had plenty of time to circle back and regather the information.

With so much importance placed on the report writing and documentation, it could be a beneficial component to include in the SOC101 course to help prepare students for the exam itself.

The report itself took a long time but it did help me realise that it would be beneficial to continue writing reports on the LetsDefend alerts for practice as well as for more learning opportunities with mitigations for certain attacks or how to improve detection capabilities.

For anyone taking on the PSAA exam (which I highly recommend), my biggest advice is to trust the process learned in the SOC 101 course and DON’T allow imposter syndrome to derail you. It’s very easy to have self doubt when you feel some parts are almost too easy. You start to think, “I must have missed something” or to feel like you don’t know what you’re doing when things get a bit sticky.

Take a step back, think about your methodology and have belief in yourself!

P.s I have no affiliation with LetsDefend or TCM Security, firstly I think LetsDefend is excellent for gaining hands on practice with real attacks and handling investigations. I have no doubt the exposure on LetsDefend helped me to pass the PSAA exam along with the excellent SOC101 course. Secondly, I love the courses provided by TCM overall. They have a very hands on approach to teaching and are extremely affordable. They also provide access to a Discord group which I have personally found to be very helpful and friendly.