My First TryHackMe Room: What I Actually Learned

I Was Terrified to Click Start

I had been reading about cybersecurity for weeks. Watching videos. Making flashcards. Taking notes. All perfectly safe, perfectly comfortable, perfectly passive activities that let me feel productive without actually doing anything scary.

Then a Reddit comment slapped me in the face: “You cannot learn cybersecurity without touching a keyboard. Stop watching. Start doing.”

So I signed up for TryHackMe. Free account. Stared at the dashboard for about ten minutes. And then hovered over the “Start” button on the introductory room like it was going to electrocute me.

The fear was irrational but real. What if I break something? What if I accidentally hack something I am not supposed to? What if I am so bad at this that it confirms I chose the wrong career?

I clicked it anyway. Here is what actually happened.

The Room: Tutorial

I started with the literal first room — “Tutorial.” It teaches you how TryHackMe works: how to deploy a machine, how to answer questions, how to use the in-browser AttackBox.

It took me 15 minutes. It should have taken 5.

Why? Because I read every single instruction three times before doing anything. I was so worried about making a mistake that I turned a simple walkthrough into an anxiety exercise. Looking back, that was actually useful data about myself. I know now that my default mode when learning something new is to overthink rather than experiment.

Lesson 1: The platform is designed for beginners. You literally cannot break anything. The machines reset. There are no consequences. Once that sank in, everything changed.

The First Real Challenge: OpenVPN

After Tutorial, I moved to the “Starting Out In Cyber Sec” room. The first real task was connecting via OpenVPN — downloading a configuration file and running it to create a secure tunnel to TryHackMe’s network.

This is where things got interesting.

# The command that made me feel like a hacker
sudo openvpn my-config.ovpn

I typed that into my terminal, hit enter, and watched a wall of text scroll past. Green text. Connection logs. Handshake confirmations. It looked exactly like what hackers do in movies, and for about thirty seconds I felt unreasonably cool.

Then it sat there. Blinking cursor. Was it working? Was it broken? I had no idea.

Lesson 2: A lot of cybersecurity tools do not give you a clear “success” message. They just… run. Learning to read output and recognise what “normal” looks like is itself a skill. I eventually figured out that “Initialization Sequence Completed” meant it was working. That took me an embarrassingly long time.

My First Nmap Scan

The room eventually asked me to scan a target machine using Nmap. This was the moment I had been both dreading and looking forward to.

nmap -sV [target-ip]

I typed it, pressed enter, and waited. The scan took maybe 20 seconds. The output showed open ports, services, version numbers. Information about a machine I had never seen before was now on my screen.

My reaction was complicated. On one hand — “This is incredible. I can see what is running on a remote machine.” On the other hand — “This is exactly the kind of thing I have been told is illegal.”

Lesson 3: Context matters enormously. This exact command, run against a machine you have permission to scan (like a TryHackMe room), is perfectly legal and educational. Run against a machine you do not have permission to scan, it could be a criminal offence. The tool is not good or evil. The authorisation is what matters.

This distinction is drilled into every cybersecurity course and certification for good reason. I understood it intellectually before, but running the actual command made it visceral.

The Things I Got Wrong

I want to be honest about the mistakes because I think the “learning in public” part only works if I include the failures.

I forgot to deploy the machine. Tried to scan an IP that did not exist yet because I skipped the “Deploy” button. Spent five minutes troubleshooting a network issue that was just me not reading instructions.

I typed the IP wrong. Copy-paste exists for a reason. I manually typed the target IP and transposed two digits. Another five minutes of confused troubleshooting.

I did not understand the output. Nmap told me port 22 was open running SSH. I knew what SSH was from my reading. But I did not understand why that mattered in a security context until I read the room’s explanation — an open SSH port with weak credentials is a common entry point for attackers.

I panicked when the AttackBox froze. The in-browser machine lagged, and I thought I had crashed it. Turns out it was just browser lag. I refreshed and everything was fine. My heart rate, however, took longer to recover.

What Actually Surprised Me

I expected the technical parts to be hard. They were, but not in the way I predicted. The commands themselves are not complex — nmap, ssh, ls, cat. Most cybersecurity tools have straightforward syntax.

What is hard is the thinking. Specifically:

Knowing what to look for. Nmap gives you a list of open ports. Great. But understanding that port 80 means a web server, and a web server might have vulnerabilities, and those vulnerabilities could lead to access — that chain of reasoning is where the real skill lives. The tools are just how you execute it.

Reading documentation under pressure. The room gave me a task: find a specific file on the target machine. I knew I needed to use SSH to connect, but I did not remember the exact syntax. So I had to look it up while the clock in my head was ticking. Turns out, this is what cybersecurity actually is — constant reference-checking and problem-solving, not memorised commands.

The satisfaction is different from anything I have experienced. When I finally found the flag (TryHackMe’s version of the answer) on my first real challenge, the feeling was not just “I got the right answer.” It was “I figured something out that was hidden.” That dopamine hit is real, and I understand now why people get hooked on CTFs.

Time Spent vs. Progress

Here is my honest time breakdown for my first TryHackMe session:

In those two hours, I completed two rooms and learned more practical skills than in my previous two weeks of video watching. That ratio shocked me.

What I Would Tell Someone About to Do Their First Room

1. Just start. The first click is the hardest part. Everything after that is easier than you expect.
2. Use the AttackBox. Do not waste time setting up your own Kali VM for your very first room. The browser-based machine works fine. You can set up your own environment later.
3. Read the instructions completely. I know this sounds obvious. I still skipped ahead and paid for it every time.
4. It is okay to not understand the output. You will learn to read tool output over time. Nobody understands it all on day one.
5. Screenshot your terminal. Take screenshots of your successful commands. When you feel like you are not making progress in week three, scroll back through those screenshots. You will be surprised how far you have come.

For a full guide to getting started with TryHackMe, I have a TryHackMe guide that walks through the platform, best rooms for beginners, and how to structure your practice.

If you want a broader view of hands-on learning options, the first lab exercise guide covers what to do and what to expect.

What Comes Next

I am going to work through TryHackMe’s “Complete Beginner” path over the next few weeks. I will write about it as I go — the wins, the failures, and the things that click.

If you are on the fence about starting hands-on practice, stop being on the fence. Sign up for the free tier. Click Start on the Tutorial room. The worst thing that can happen is you learn something.

For more on building a practice lab, check out the home lab setup guide and the virtual machine setup guide.

Always practice cybersecurity skills only on systems you have explicit permission to test. TryHackMe provides legal, sandboxed environments for learning. Never run security tools against systems without authorisation.