I spent a lot of time stuck on some questions that I just didn't understand due to English not being my native language. As a result, I would like to share the correct answers to THM rooms that I have already completed to help other learners on their learning journey, when they feel stucked.

Misunderstanding a question can be a frustrating and discouraging experience for learners. However, providing a correct answer in such situations can be a useful strategy to help learners overcome their initial confusion and gain a clearer understanding of the topic. 

Security Engineer

Security Engineers are critical to every organization’s security. Being a Security Engineer means designing secure systems, networks, and software, understanding threats and risks that can affect the organization, and being able to assist in responding to incidents. This path aims to give you an introduction to security engineering from various perspectives. No matter which speciality you choose as your cyber security career, understanding all elements is going to help you proactively identify and mitigate security risks, and play a crucial role in strengthening your company’s security posture. This path includes:

1. Introductory topics, such as discussing career journeys available to Security Engineers and security fundamentals required to be successful in this role

2. Network, system, and software security engineering introductions, with a focus on security architecture, hardening, and understanding threats and vulnerabilities affecting these assets

3. Discussion on threats and risks, involving topics such as risk management and threat modelling, equipping you with the necessary analysis skills

4. Incident response skills important for Security Engineers, including understanding your role as a first responder and cyber crisis management.

• Introduction to Security Engineering

  • Security Engineer Intro 

  • Security Principles 

  • Introduction to Cryptography 

  • Identity and Access Management 

• Threats and Risks

  • Governance & Regulation 

  • Threat Modelling 

  • Risk Management 

  • Vulnerability Management 

• Network and System Security

  • Secure Network Architecture 

  • Linux System Hardening 

  • Microsoft Windows Hardening 

  • Active Directory Hardening 

  • Network Device Hardening 

  • Network Security Protocols 

  • Virtualization and Containers 

  • Intro to Cloud Security 

  • Auditing and Monitoring 

• Software Security

  • OWASP Top 10 

  • OWASP API Security Top 10 - 1 

  • OWASP API Security Top 10 - 2 

  • SSDLC 

  • SAST 

  • DAST 

  • Weaponizing Vulnerabilities 

  • Introduction to DevSecOps 

  • Mother's Secret 

  • Traverse 

• Managing Incidents