TryHackMe Beginner Guide

What Is TryHackMe and Why Does It Matter?

TryHackMe is a browser-based cybersecurity training platform offering over 700 guided learning rooms that teach security concepts through hands-on practice on real virtual machines. According to TryHackMe’s official documentation, the platform is designed specifically for beginners and career changers, with structured learning paths that align with CompTIA Security+ (SY0-701) and CompTIA PenTest+ (PT0-002) certification objectives.

TryHackMe is the single best place to start learning cybersecurity through hands-on practice. If you are a career changer with no IT background, this TryHackMe beginner guide walks you through everything you need — from creating your account and completing your first room to building a portfolio of badges that hiring managers actually care about.

This page covers what TryHackMe is, how to get started, which rooms to complete first, whether you need premium, and how to turn your TryHackMe progress into interview-ready evidence.

I remember my first evening on TryHackMe. I had been reading cybersecurity textbooks for weeks and felt like I was memorising vocabulary in a language I could not speak. I signed up for a free account, opened the Pre-Security learning path, and started the first room. Within an hour I had typed my first Linux commands in a real terminal, scanned a network, and answered questions that proved I understood what happened. By the time I finished the Pre-Security path two weeks later, something had shifted. I was not just reading about security — I was doing it. That was the first time I felt genuine confidence that this career change was possible.

Legal notice: TryHackMe provides legally authorised practice environments. All rooms and machines on TryHackMe are designed for learning. Never use techniques learned on TryHackMe against systems you do not own or do not have explicit written permission to test. Unauthorised access to computer systems is a criminal offence under the Computer Fraud and Abuse Act (US), the Computer Misuse Act (UK), the Criminal Code Act 1995 (AU), and equivalent laws worldwide. Practice only on authorised systems.

What Do Real-World Hands-On Practice Scenarios Look Like?

Certification study alone is not enough for a cybersecurity career change. Employers want evidence that you can do the work, not just pass a multiple-choice exam.

Problem	Why it matters	How TryHackMe helps
Certifications test knowledge, not skill	Passing Security+ proves you understand concepts but not that you can use Nmap or investigate a log file	TryHackMe rooms require you to scan, exploit, and investigate real systems to answer questions
Employers want practical evidence	Hiring managers increasingly ask “walk me through something you have done” in interviews	Completed rooms, badges, and certificates give you concrete experiences to discuss
Portfolios beat resumes	A resume says you know security; a portfolio shows it	TryHackMe badges, completion certificates, and writeups demonstrate hands-on competence
Theory without practice does not stick	Reading about TCP/IP is different from capturing packets and analysing them	Every TryHackMe room involves doing, not just reading
Confidence comes from doing	Career changers often feel imposter syndrome because they have never touched a security tool	Completing rooms builds real confidence because you prove to yourself that you can do the work

The combination of certification study and hands-on practice is more powerful than either one alone. TryHackMe is the most beginner-friendly way to add the practical component.

How Does TryHackMe Work?

TryHackMe uses a room-based learning model where each room focuses on a single cybersecurity topic and requires learners to interact with real virtual machines to answer questions. The platform provides a browser-based Kali Linux environment (the AttackBox) so learners need no local setup to begin.

TryHackMe is a browser-based cybersecurity training platform with over 700 guided learning rooms. Each room teaches a specific topic through a combination of reading material, interactive questions, and hands-on tasks on real virtual machines.

Key Concepts

Rooms are the core unit of learning. Each room covers one topic — like Linux file permissions, Nmap scanning, or web application vulnerabilities. Rooms include explanatory text, questions you answer by interacting with a target machine, and badges on completion.

Learning paths are structured sequences of rooms designed to take you from one skill level to the next. Paths like Pre-Security, Introduction to Cyber Security, and Complete Beginner are specifically designed for people with no prior experience.

The AttackBox is a browser-based Kali Linux machine that TryHackMe provides. You do not need to install anything on your computer to start — you click a button and get a full Linux desktop in your browser with all the tools pre-installed.

Target machines are vulnerable systems that TryHackMe spins up for you to practise against. Each room launches its own target machine with specific vulnerabilities for you to find and exploit.

Certification objective: TryHackMe’s learning paths align with CompTIA Security+ SY0-701 domains including threats, vulnerabilities, network security, and security operations. Many rooms map directly to certification exam objectives.

Recommended TryHackMe Learning Path

From absolute beginner to CTF-ready — a structured progression

Pre-Security

Weeks 1-2

Intro to cyber

Networking basics

Linux fundamentals

How the web works

Introduction to Cyber Security

Weeks 3-4

Offensive security intro

Defensive security intro

Careers in cyber

Complete Beginner

Weeks 5-8

Linux fundamentals

Network exploitation

Web hacking basics

Cryptography

CompTIA Pentest+

Weeks 9-12

Scanning & enumeration

Exploitation

Reporting

Practice machines

Idle

This progression assumes roughly 5-10 hours per week of focused practice. Adjust the timeline to fit your schedule — consistency matters more than speed.

Step-by-Step: Getting Started on TryHackMe

Step 1: Create Your Account

Go to tryhackme.com and click Sign Up
Create a free account using your email or sign up with Google/GitHub
Choose a username — this becomes your public profile name, so pick something professional if you plan to share your profile with employers
Complete the brief onboarding questionnaire about your experience level

Step 2: Start Your First Room

Navigate to the Pre-Security learning path from the dashboard
Open the first room — it introduces the platform and how rooms work
Read the task descriptions carefully before attempting questions
Click Start AttackBox at the top of the page to launch a browser-based Kali Linux machine
Use the AttackBox to complete the tasks and answer the questions

Take your time. There is no penalty for reading a task description twice or for looking up a concept before answering. The goal is learning, not speed.

Step 3: Understand AttackBox vs OpenVPN

TryHackMe gives you two ways to connect to target machines:

AttackBox (recommended for beginners): Click a button and get a full Kali Linux desktop in your browser. No setup required. Free accounts get 1 hour per day; premium accounts get unlimited access.

OpenVPN (for more advanced use): Download a VPN configuration file and connect from your own machine. This gives you more control and lets you use your own tools but requires some setup.

Start with the AttackBox. Move to OpenVPN later when you are comfortable with the basics and want to use your own Kali Linux installation or home lab setup.

Step 4: How to Approach a Room

Read the entire task description before doing anything. Many beginners skip ahead and miss important context
Take notes as you work. Write down what commands you run, what output you see, and what you learn. These notes become portfolio material later
Try before you hint. Most rooms have a hint system. Attempt the question on your own first, then use hints if you are truly stuck after 10-15 minutes
Do not rush. A room completed slowly with understanding is worth more than a room completed quickly with copy-pasted answers
Revisit rooms. Coming back to an early room after completing later ones often reveals understanding you missed the first time

TryHackMe Free vs Premium

Free Tier

Limited rooms — Access to ~20% of content
AttackBox — 1 hour per day browser-based machine
Basic paths — Pre-Security and Intro paths available
No streaks/badges — Limited gamification features

Premium ($14/month)

All rooms — Full access to 700+ rooms
Unlimited AttackBox — No time limits on browser machine
All learning paths — Including cert-prep and career paths
Streaks & certificates — Completion certificates for portfolio

Verdict: Start free to confirm you enjoy the platform. Upgrade to premium when you exhaust the free rooms — usually after 2-3 weeks of active use.

Use case

Career changers: premium pays for itself if you use it 5+ hours per week. The completion certificates add portfolio evidence.

My recommendation: Start with the free tier. Complete the Pre-Security path and the first few rooms of Introduction to Cyber Security before spending money. If you find yourself hitting the 1-hour AttackBox limit regularly and wanting more, that is a good signal that premium is worth it for you.

Premium is approximately $14 USD per month (prices may vary by region). That is significantly cheaper than a single certification exam or any bootcamp. If you are serious about a career change and can commit at least 5 hours per week, premium pays for itself through the additional practice and portfolio evidence.

What Does TryHackMe Look Like in Practice?

The typical TryHackMe workflow mirrors real-world security operations — scanning targets, enumerating services, identifying vulnerabilities, and documenting findings. This is the same methodology tested in CompTIA PenTest+ and used by professional penetration testers daily.

Once you move beyond the AttackBox to your own machine, you will need to connect via OpenVPN. Here is the workflow:

# Connect to TryHackMe via OpenVPN (required for some rooms)
sudo openvpn --config ~/Downloads/your-username.ovpn

# Verify connection — look for a 10.x.x.x address
ip addr show tun0

Keep the OpenVPN terminal open while you work. Open a second terminal for your actual commands.

Basic Room Workflow

Most rooms follow a pattern: scan the target, enumerate services, find vulnerabilities, and answer questions.

# Step 1: Scan the target machine
nmap -sV MACHINE_IP

# Step 2: Enumerate web directories (if port 80/443 is open)
gobuster dir -u http://MACHINE_IP -w /usr/share/wordlists/dirb/common.txt

# Step 3: Check specific services based on scan results
# Example: if port 22 (SSH) is open
ssh user@MACHINE_IP

# Example: if port 80 is open, browse to it
curl http://MACHINE_IP

Replace MACHINE_IP with the IP address shown in the room when you start the target machine. Every room displays this IP clearly at the top.

Taking Effective Notes

Document each room as you complete it. A simple format works:

Room: [Room Name]
Date: [Date completed]
Topic: [What the room covers]

Key commands I used:
- nmap -sV 10.10.x.x → found ports 22, 80, 443 open
- gobuster dir → found /admin directory

What I learned:
- How to identify service versions with nmap -sV
- The difference between a SYN scan and a full connect scan

What I struggled with:
- Understanding why -sC runs default scripts
- Needed the hint for question 4 — now I understand the answer

Next steps:
- Review the Nmap room again after completing the network section

These notes become the foundation of your portfolio and interview preparation.

Top 10 TryHackMe Rooms for Beginners

These rooms provide the strongest foundation for career changers. Complete them in roughly this order:

#	Room Name	Difficulty	Estimated Time	What You Learn
1	Tutorial	Easy	15 minutes	How TryHackMe works — deploying machines, answering questions, using the AttackBox
2	Introductory Networking	Easy	1-2 hours	OSI model, TCP/IP, basic networking tools (ping, traceroute, whois)
3	Linux Fundamentals Part 1	Easy	1 hour	Navigating the filesystem, basic commands (ls, cd, cat, find)
4	Linux Fundamentals Part 2	Easy	1 hour	File permissions, users, SSH, package management
5	Linux Fundamentals Part 3	Easy	1-2 hours	Text editors, cron jobs, process management, automation
6	Nmap	Easy	2-3 hours	Port scanning, service detection, scan types, output formats
7	Wireshark: The Basics	Easy	1-2 hours	Packet capture, display filters, protocol analysis
8	OWASP Top 10	Easy-Medium	3-4 hours	The ten most critical web application security risks with hands-on examples
9	Basic Pentesting	Medium	2-3 hours	Full penetration test workflow: enumeration, exploitation, privilege escalation
10	Pickle Rick	Easy	1-2 hours	Capture The Flag (CTF) challenge — web enumeration, Linux commands, creative problem-solving

Estimated total: 15-22 hours to complete all ten rooms. At 5 hours per week, that is roughly one month of consistent practice.

Rooms 1-7 build foundational skills. Rooms 8-9 apply those skills to realistic scenarios. Room 10 (Pickle Rick) is a fun CTF challenge that tests whether you can combine what you have learned without step-by-step guidance.

What Interview Questions Should You Expect About TryHackMe?

Hiring managers increasingly recognise TryHackMe as valid evidence of practical cybersecurity skill. According to multiple Australian and international cybersecurity job postings, familiarity with platforms like TryHackMe and HackTheBox is listed as a desirable qualification for SOC analyst and junior penetration testing roles.

TryHackMe badges and completion certificates give you concrete experiences to discuss in interviews. Hiring managers do not want to hear that you “studied cybersecurity.” They want to hear what you did.

How TryHackMe Helps in Interviews

It gives you specific stories. Instead of saying “I know how to use Nmap,” you can say “I completed the Nmap room on TryHackMe where I scanned a target, identified open ports and service versions, and used that information to find a vulnerability in an outdated SSH server.”

It demonstrates initiative. Career changers who can show consistent TryHackMe activity — especially a streak of daily completions — demonstrate the self-motivation that employers value.

It provides portfolio evidence. Your TryHackMe profile is public. You can include a link on your resume or LinkedIn that shows your completed rooms, paths, and badges.

Interview Questions Where TryHackMe Experience Helps

Question	How TryHackMe prepares you
”Walk me through how you would investigate a suspicious IP address.”	You have done exactly this in Nmap and network investigation rooms. Describe your actual process.
”How would you identify what services are running on a server?”	Reference the Nmap room: “I would run an nmap -sV scan to detect open ports and service versions, then investigate any unusual or outdated services."
"Tell me about a time you solved a technical problem you had not seen before.”	Describe a CTF room like Pickle Rick where you had to combine skills without step-by-step guidance. Walk through your methodology.

The key is specificity. “I completed TryHackMe rooms” is vague. “I completed the OWASP Top 10 room and identified an SQL injection vulnerability by testing input fields with single quotes” is specific and demonstrates real understanding.

How Is TryHackMe Used in Real Security Operations?

The skills developed on TryHackMe map directly to professional SOC analyst and penetration testing workflows. The Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC) recommend that cybersecurity professionals develop hands-on skills alongside theoretical knowledge, and structured platforms like TryHackMe support this guidance.

TryHackMe is not just an academic exercise. The skills you build map directly to what SOC analysts, security engineers, and penetration testers do in their daily work.

SOC Analyst Daily Tasks and TryHackMe Equivalents

Real-world SOC task	TryHackMe equivalent	Rooms that teach this
Investigate security alerts	Analysing logs and network traffic	Wireshark, Splunk rooms
Identify suspicious network activity	Scanning and traffic analysis	Nmap, Introductory Networking
Check for known vulnerabilities	Service enumeration and CVE research	OWASP Top 10, Basic Pentesting
Document findings in incident reports	Room notes and writeups	Every room (build the habit)
Understand attack techniques	Offensive security fundamentals	Complete Beginner path rooms

Australian Context

TryHackMe is fully accessible from Australia with reasonable latency. The browser-based AttackBox avoids VPN latency entirely, making it particularly smooth on Australian internet connections. For rooms that require OpenVPN, metropolitan NBN connections handle the traffic without issues. Regional connections may experience slightly higher latency but this rarely affects the learning experience for the types of exercises involved.

The Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC) recommend that cybersecurity professionals develop hands-on skills alongside theoretical knowledge. The ACSC’s guidance on building cyber skills specifically encourages the use of practice platforms for developing practical competence. TryHackMe’s structured learning paths align well with this guidance.

Australian employers — particularly in government, defence, financial services, and managed security service providers — value candidates who can demonstrate practical experience. A TryHackMe profile showing consistent activity and completed paths is recognised as valid evidence of hands-on learning. Several Australian cybersecurity job postings explicitly mention familiarity with platforms like TryHackMe as desirable.

If you are based in Australia, consider joining the TryHackMe community Discord or the Australian cybersecurity subreddits to connect with other learners in your timezone. Study groups with people in similar time zones make consistent practice more sustainable.

Summary and Key Takeaways

TryHackMe is the most beginner-friendly way to build practical cybersecurity skills alongside your certification study.

Start with the Pre-Security path. It assumes zero prior experience and teaches networking, Linux, and web fundamentals through guided practice.
Use the free tier first. Upgrade to premium when you consistently hit the 1-hour AttackBox limit and want access to more rooms.
Complete the top 10 beginner rooms listed above. They cover the foundational skills that every cybersecurity role requires.
Take notes on every room. Your notes become portfolio material and interview preparation. Document what you did, what you learned, and what you struggled with.
Consistency beats intensity. Five hours per week for three months builds more lasting skill than a single 40-hour weekend marathon.
Share your profile. Your TryHackMe profile is public evidence of your practical skills. Include it on your resume and LinkedIn.
Combine with a home lab. TryHackMe teaches you concepts; a home lab lets you experiment freely without room constraints.

Home Lab Setup for building your own practice environment alongside TryHackMe
Career Roadmap for the bigger picture of what to learn and in what order

TryHackMe room names, pricing, and available content verified in March 2026. Room availability and pricing may change — check tryhackme.com for current information.

Frequently Asked Questions

Is TryHackMe good for complete beginners?

Yes. TryHackMe is specifically designed for beginners. The Pre-Security learning path assumes zero prior experience and teaches networking, Linux, and web fundamentals through guided, hands-on rooms. It is the most beginner-friendly cybersecurity practice platform available.

Is TryHackMe free?

TryHackMe has a free tier that gives you access to approximately 20% of rooms, 1 hour of AttackBox time per day, and the Pre-Security and Introduction paths. Premium costs approximately $14 USD per month and unlocks all 700+ rooms, unlimited AttackBox access, and completion certificates.

Do I need to install anything to use TryHackMe?

No. TryHackMe's AttackBox provides a browser-based Kali Linux machine. You can complete most rooms using only your web browser. For more advanced use, you can optionally install OpenVPN to connect from your own machine.

How long does it take to complete TryHackMe beginner paths?

The Pre-Security path takes approximately 10-15 hours. The Introduction to Cyber Security path takes another 10-15 hours. At 5 hours per week of consistent practice, you can complete both foundational paths in roughly one month.

Is TryHackMe worth paying for?

Premium is worth it if you use the platform 5 or more hours per week. At $14 per month, it is significantly cheaper than bootcamps or certification training. The unlimited AttackBox access and completion certificates for your portfolio make it good value for serious career changers.

Can I put TryHackMe on my resume?

Yes. Include your TryHackMe profile link and mention specific completed paths and badges. Hiring managers increasingly recognise TryHackMe as evidence of practical cybersecurity skills. Be specific about what you completed and what you learned rather than just listing the platform name.

What is the difference between TryHackMe and HackTheBox?

TryHackMe provides guided, step-by-step rooms designed for beginners. HackTheBox offers challenge-based machines with minimal guidance, targeting intermediate to advanced users. Start with TryHackMe and move to HackTheBox when you can complete TryHackMe medium-difficulty rooms without hints.

Do I need my own virtual machine to use TryHackMe?

No. The browser-based AttackBox provides everything you need. However, setting up your own Kali Linux VM gives you more flexibility, avoids the free-tier time limit, and builds valuable skills. See the home lab setup guide for instructions.

How does TryHackMe help with certifications?

TryHackMe has learning paths that map to certification objectives including CompTIA Security+, CompTIA Pentest+, and others. The hands-on practice reinforces concepts you study in certification materials, and many exam questions test practical knowledge that TryHackMe rooms develop.

What should I do after finishing TryHackMe beginner paths?

Move to the Complete Beginner path, then the Jr Penetration Tester or SOC Level 1 paths depending on your career interest. Start attempting medium-difficulty rooms. Set up a home lab for unrestricted practice. Consider moving to HackTheBox for challenge-based learning. Begin documenting writeups for your portfolio.

More resources

TryHackMe

Official TryHackMe platform — create your free account and start the Pre-Security learning path.

Visit TryHackMe Discord

Community Discord server for help, study groups, and connecting with other learners.

Visit OWASP Top 10

Official OWASP Top 10 web application security risks — the foundation for TryHackMe's web security rooms.

Visit