What is TCM Security?
TCM Security is a cybersecurity training company founded by Heath Adams — known as ‘The Cyber Mentor.’ Built around one core value: practical skills that actually transfer to real penetration testing engagements. The Practical Ethical Hacking (PEH) course became the community’s go-to for OSCP preparation and entry-level offensive security training. At $30 for lifetime access versus $1,499+ for OSCP enrollment, it reshaped expectations for what affordable security training should deliver.
Is This Right for You?
This is for you if...
- You want practical, hands-on offensive training at a price that doesn’t require a corporate budget
- You’re preparing for OSCP and want structured prep before paying for the exam
- You’re transitioning into cybersecurity and need a clear, skill-focused starting path
- You want lifetime access to courses rather than expiring subscriptions
- You’re studying for PenTest+, CEH, or building toward red team operations
This is NOT for you if...
- You want a massive content library with hundreds of courses — TCM is focused, not broad
- You’re looking primarily for blue team content — TCM is predominantly offensive-focused
- You need formal academic-style assessments for employer requirements
Course Catalog
| Course | Duration | Level | Best For |
|---|---|---|---|
|
Practical Ethical Hacking (PEH) |
~25 hours |
Beginner–Intermediate |
OSCP prep, career entry into pentest |
|
Linux Privilege Escalation |
~8 hours |
Intermediate |
OSCP prep, post-exploitation skills |
|
Windows Privilege Escalation |
~8 hours |
Intermediate |
OSCP prep, Active Directory basics |
|
Practical OSINT |
~9 hours |
Beginner–Intermediate |
Reconnaissance, bug bounty, investigations |
|
SOC Core Skills |
~8 hours |
Beginner |
Entry-level SOC analyst preparation |
|
Practical Malware Analysis |
~9 hours |
Intermediate |
Reverse engineering, malware triage, sandbox analysis |
|
Practical Bug Bounty |
~8 hours |
Intermediate |
Web application hacking, bug bounty programs |
|
External Pentest Playbook |
~5 hours |
Intermediate |
External network penetration testing methodology |
|
Movement, Pivoting and Persistence |
~5 hours |
Advanced |
Post-exploitation, lateral movement, red team ops |
Pricing
| Option | Price | Includes |
|---|---|---|
|
Individual courses |
$30–40 each |
Lifetime access, all future updates included |
|
TCM Academy Subscription |
$30/month |
Access to ALL current and future courses |
|
Course bundles |
Varies |
Discounted multi-course packages |
Certification Prep — What TCM Helps With
| Certification | Recommended TCM Courses |
|---|---|
|
OSCP |
PEH + Linux PE + Windows PE + Movement & Pivoting |
|
PenTest+ |
PEH + External Pentest Playbook |
|
CEH / CEH Practical |
PEH + Practical Bug Bounty |
|
eJPT (entry-level) |
PEH first half covers all eJPT content |
|
SOC Analyst / CySA+ |
SOC Core Skills + Practical Malware Analysis |
Recommended Resources
- TCM Academy — course enrollment and platform access
- TCM Sec — company blog, OSCP prep articles, community resources
- Heath Adams (YouTube) — free content including full privilege escalation courses
── SecVerse Marketplace — Resources ──
Which Platform is Right for You?
TCM Security is the right choice when you want structured, practical offensive training at an accessible price. Here is how it compares:
| If you want... | Best Choice |
|---|---|
|
You want unguided hands-on machines after the course |
Hack The Box — apply what TCM taught you |
|
You want official OSCP course content |
OffSec PEN-200 — the exam source, but 50x the price |
|
You want blue team and SOC training |
Blue Team Labs Online or LetsDefend |
|
You want affordable lifetime-access offensive training |
TCM Security — this is the right choice |
How to Get Started
- Start with Practical Ethical Hacking, not individual topic courses. PEH is the foundation. It assumes basic networking and Linux — nothing more. If you lack that, spend two weeks on TryHackMe Pre-Security first, then come back.
- Build a lab alongside the course, not after. PEH walks you through building a virtual lab. Set it up in week one. Every technique you learn should be practiced in your lab the same day.
- After PEH, immediately go to Hack The Box. Work through Starting Point, then Easy retired machines. The gap between knowing a technique and applying it to an unknown machine is where real skill development happens.
📌 Note: The information on this page — including certification details, exam codes, pricing, and salary ranges — is regularly reviewed and updated to reflect the latest data from official sources. Always verify current details directly with the relevant certification body or platform before making any decisions.
Community & Support
── TCM Communities ──
Related Articles
The 6 Learning Paths Every Cybersecurity Beginner Should Know
Affiliate Disclaimer: Some links in this article are affiliate links. This means if you click a link and make a purchase, SecVerse may earn a small commission — at no extra cost to you. We only recommend tools we genuinely believe in and that we consider useful for your cybersecurity learning journey. Our editorial opinions are never influenced by affiliate relationships. Introduction: **In our first guide**, we covered how to start learning cybersecurity without feeling overwhelmed. If you haven’t read it yet, start there. Now, let’s talk about which path to take once you’re ready. When I decided to get into cybersecurity 20 years ago after I graduated from school of engineering as computer engineer, I had no idea which path to take. I bought a CEH course first. Then I bought a Security+ book. Then I tried to learn networking. I was all over the place. Don’t be me.
How to Start Learning Cybersecurity Without Feeling Overwhelmed
Affiliate Disclaimer: Some links in this article are affiliate links. This means if you click a link and make a purchase, SecVerse may earn a small commission — at no extra cost to you. We only recommend tools we genuinely believe in and that we consider useful for your cybersecurity learning journey. Our editorial opinions are never influenced by affiliate relationships. Introduction: The Overwhelm is Real (But Avoidable) Let’s be honest with ourselves to avoid the shock and be realistic. Cyber security is huge, branching, and massive field. When I decided to get and start in this field 20 years ago. I made every mistake imaginable: Bought expensive courses I never finished. Tried to learn everything at once – pentesting, malware analysis, cloud security, forensics. All in short time. Got trapped in “tutorial”- watching videos for hours but never actually doing anything because of not practicing them and being confused.
