
If you are trying to break into cybersecurity or level up toward a SOC analyst role, three platforms come up constantly: TryHackMe, Hack The Box, and LetsDefend. They all promise hands-on training, they all have community followings, and they are all priced similarly. But they are not the same product, and choosing the wrong one wastes time you cannot afford when you are actively job hunting.
I have used all three. I have done LetsDefend walkthroughs that replicate real SOC workflows including phishing triage, SIEM investigation, and endpoint analysis. I have worked through TryHackMe rooms covering everything from basic Linux to Active Directory attacks. I have run Hack The Box machines that required days of enumeration, exploitation, and privilege escalation. This comparison is based on actual use, not screenshots from their landing pages.
Here is what each platform is actually good for, and which one you should prioritize based on where you are in your career.
Quick Comparison
Here is the head-to-head breakdown before we go deeper:
| Feature | TryHackMe | Hack The Box | LetsDefend |
|---|---|---|---|
| Free Tier | Yes (limited labs) | Yes (free + Premium) | No (subscription only) |
| Price (Paid) | TryHackMe Premium ~$14/mo | HTB VIP ~$14/mo | LetsDefend ~$25-39/mo |
| Blue Team Focus | Moderate | Light | Heavy |
| Red Team Focus | Moderate | Very Heavy | Light |
| SOC Workflow Sim | Basic | None | Full |
| Real Alert Triage | No | No | Yes |
| Guided Learning Path | Yes (excellent) | Partial | Yes (SOC path) |
| CTF / Hacking Challenges | Some | Heavy | None |
| Certifications Offered | Yes (TryHackMe paths) | Yes (HTB certs) | Yes (LetsDefend certs) |
| Best For | Beginners to intermediate | Intermediate to advanced red team | Blue team / SOC analysts |
LetsDefend: Built for Blue Team, SOC, and Alert Triage
LetsDefend is the only platform of the three that actually simulates working in a SOC. The core of the platform is its alert queue: you receive an alert, open the case, investigate logs, check indicators of compromise, pivot through SIEM data, analyze URLs and hashes in VirusTotal and threat intel tools, make a verdict, and close the ticket. It feels like a stripped-down version of what Tier 1 analysts do every day.
The SOC Analyst learning path on LetsDefend is one of the most direct routes to being interview-ready for a T1 position. You work through:
- Email header and phishing analysis
- Malware sandbox analysis with AnyRun and similar tools
- Log management and SIEM querying
- Endpoint investigation and process tree analysis
- Network traffic and C2 beacon identification
The platform is not flashy. The UI is functional rather than polished. But the content is exactly what a hiring manager at a SOC would want to see you demonstrate in an interview.
Who LetsDefend is best for
- Anyone targeting a SOC Analyst T1 or T2 role
- Career changers who need to demonstrate blue team workflow familiarity
- People who want to publish LetsDefend writeups to their portfolio
- Anyone who learns better through structured incident simulation than open-ended hacking
Drawbacks
- Pricing is higher than competitors (around $25 to $39 per month depending on plan)
- The free tier is limited and will not give you a full picture of the platform
- Less community content and third-party guides compared to THM or HTB
TryHackMe: The Best Starting Point for Beginners
TryHackMe is the most beginner-friendly of the three by a wide margin. It runs entirely in-browser with a web-based AttackBox, meaning you do not need to configure a local VM or know anything about Kali Linux to start learning. The rooms are guided, with clear instructions, hints, and flags to capture.
The learning paths on TryHackMe are well-structured and cover a broader range of fundamentals than either competing platform. If you have never used a terminal before, TryHackMe is where you start. If you know your way around Linux but want structured exposure to Active Directory, networking basics, web application security, or defensive concepts, TryHackMe delivers that in manageable chunks.
The SOC Level 1 path on TryHackMe is a solid introduction to blue team concepts. It covers Splunk, Elastic, Snort, and network traffic analysis at a foundational level. It is not as deep as LetsDefend for pure SOC simulation, but it builds the right foundation and gives you vocabulary before you go deeper.
Who TryHackMe is best for
- Complete beginners with no prior security hands-on experience
- People who want structured learning paths with clear progression
- Anyone who needs to get comfortable with Linux and basic networking first
- Budget-conscious learners: the free tier is genuinely useful
Drawbacks
- The guided nature of rooms means less problem-solving pressure, which can limit skill development at the intermediate level
- SOC simulation is surface-level compared to LetsDefend
- Intermediate and advanced learners will outgrow it quickly
Hack The Box: The Proving Ground for Offensive Security
Hack The Box is a different animal. Where TryHackMe holds your hand and LetsDefend walks you through SOC workflows, HTB drops you on a machine and expects you to figure it out. There are hints and walkthroughs available, but the culture of the platform rewards people who struggle through problems independently before looking up a writeup.
HTB is primarily an offensive platform. The machines and challenges are focused on penetration testing techniques: enumeration, exploitation, privilege escalation, lateral movement, Active Directory attacks, web application vulnerabilities, and binary exploitation at the advanced end. The Academy section of HTB does offer structured learning paths and is closer to TryHackMe in format, which makes it a reasonable middle ground for people who want to learn concepts before tackling live machines.
For blue team and SOC work, HTB is not the right tool. It teaches you how attackers think, which is genuinely valuable context for a defender, but it does not teach you how to triage alerts, work a SIEM, or write an incident report.
Who Hack The Box is best for
- Intermediate to advanced security practitioners targeting penetration testing or red team roles
- People pursuing the OSCP or similar offensive certifications
- Defenders who want to understand attacker methodology from the inside out
- Anyone who wants to build a CTF and machine writeup portfolio for offensive security roles
Drawbacks
- High difficulty floor for beginners: you will get stuck and frustrated without prior fundamentals
- Very limited blue team content outside of the Sherlocks category (forensics and incident response challenges)
- Requires local VM setup for the best experience, which adds friction upfront
Which Platform Should You Use? The Honest Answer
It depends entirely on the role you are targeting. Here is how to think about it:
Targeting a SOC Analyst role: Start with TryHackMe to build your fundamentals, then move to LetsDefend for alert triage simulation. Spend 80% of your lab time on LetsDefend before interviews.
Targeting penetration testing or red team: TryHackMe first if you are a beginner, then move to Hack The Box. Plan to spend significant time on HTB machines and publish writeups on retired boxes.
Already employed in security and want to level up: Skip TryHackMe and go directly to LetsDefend (blue team) or HTB (red team) depending on your path. TryHackMe at the intermediate level will feel slow.
Most people should not pick just one. Use TryHackMe to learn, then use the specialist platform for your target role to build portfolio evidence.
A Note on Using These Platforms for Your Portfolio
Completing labs is not enough on its own. What actually moves the needle in interviews is being able to talk about what you did and why. That means writing it up.
LetsDefend walkthrough writeups are particularly valuable because they demonstrate real workflow: you show that you can receive an alert, investigate systematically, use the right tools, and reach a documented conclusion. Publish them on your blog with specific IOCs, tool screenshots, and your reasoning at each decision point. That is the kind of portfolio content that gets you past the resume screen.
For Hack The Box, you can publish writeups on retired machines. HTB explicitly prohibits writeups on active machines, but retired machines are fair game. A well-written HTB machine writeup shows methodical thinking, tool usage, and problem-solving under pressure, all things interviewers want to see from offensive security candidates.
Get Started
All three platforms offer free tiers or trials. The best move is to sign up for the free tier on each, work through a sample lab, and see which learning style clicks for you.
Ready to start? Check out Hack The Box (affiliate link) and TryHackMe to get hands-on. If you are serious about SOC work, LetsDefend is worth the investment for the alert simulation experience alone.
Get the security checklist most
businesses skip.
A free 25-point audit covering the exact gaps attackers hit first — engineer-built, no jargon. Plus one practical security breakdown every Tuesday. No fluff, no fear-mongering.
Get the Free Checklist →Free on signup · Unsubscribe anytime · ~1 email per week
