TryHackMe is an online learning platform where users can get a hands-on, interactive introduction to the world of cybersecurity, on both the offensive and defensive sides.
The platform offers a variety of interactive exercises that simulate real-world attack and defense scenarios, and its target audience consists of beginners with no prior knowledge, advanced users who work in IT, and IT security experts.
On TryHackMe, the central component of each learning unit is a room—a thematically defined learning module that contains interactive content such as texts, questions, tasks, and often VMs, which you can access via an OpenVPN connection from your own hacking lab or via your browser. Each room is assigned one of five difficulty levels that reflect the amount of prior knowledge required and the complexity of the tasks, and these difficulty levels (in ascending order of difficulty) are as follows.
These rooms are primarily forums for knowledge transfer and are more like guided tutorials or interactive textbooks. Such rooms, for example, explain the basics of network technology or the structure of a website. However, when a new security vulnerability becomes known, a room with the info difficulty level may also explain the technical background and run through a practical example. But unlike in hacking challenges, the room will demonstrate a predetermined way in which a hacker can exploit a security vulnerability. All other difficulty levels turn rooms into challenges that require you to be active and creative. Here is an example of an info room.
These rooms are suitable for beginners, and they explain basic concepts, including exercises. Users can complete or solve the challenges with little advance knowledge. You can find an example of an easy room here.
Dedicated beginners and advance users can solve the tasks in these rooms, but they usually need to have solid knowledge of each room’s topic. You can find an example of a medium-difficulty room here.
These rooms are aimed at advanced users and experts, who need in-depth knowledge to solve the challenges. You can find an example of a hard room here.
Rooms at the insane difficulty level are, as the name suggests, insanely difficult and require users to have expert knowledge in the fields that the challenges deal with. You can find an example of an insane room here.
Rooms with higher difficulty levels usually give fewer clues and require users to have a comprehensive understanding of several subject areas. They also form the building blocks of learning paths, which are structured collections of rooms organized into modules that build on each other. They guide the user step-by-step through specific subject areas.
Many rooms are available free of charge, but you need to have a paid membership to use most learning paths. You can sign up for one here.
There are a number of learning paths that are available on TryHackMe.
The Pre Security path bridges the gap between general technical understanding and specific security topics. Here, participants learn how to use the terminal, acquire basic knowledge of the Python programming language, and learn the basics of cryptography and network technology.
Cyber Security 101 is aimed at beginners with a certain level of technical understanding, and it provides an overview of key IT security topics, such as threat models, simple attack methods, and system protection. Interactive tasks allow participants to apply their theoretical knowledge directly (e.g., when scanning networks or analyzing vulnerabilities).
The Jr Penetration Tester learning path is practice oriented and provides a step-by-step introduction to penetration testing. Among other things, it covers techniques for gathering information, exploiting vulnerabilities, privilege escalation under Linux and Windows, and the first steps in web hacking. The target audience is users who want to prepare specifically for work as penetration testers or for certifications such as the eJPT.
The SOC Level 1 path focuses on defensive security tasks. Participants learn how to identify, analyze, and respond to security-related events. Topics covered include log file analysis, working with SIEM systems, and typical attack patterns.
The Security Engineer learning path is aimed at individuals who want to prepare for a career in IT security architecture, system security, and security task automation. It combines practical tasks with the goal of imparting in-depth knowledge of the structure, protection, and monitoring of modern IT infrastructures. The path is primarily aimed at aspiring or active security engineers, system administrators with a focus on security, and DevSecOps professionals.
Several learning paths together form a roadmap.
TryHackMe structures its learning offerings specifically around three typical job profiles in cybersecurity: security analyst, penetration tester, and security engineer. Each of these profiles represents a separate field of activity with specific tasks, requirements, and skills.
This job profile is responsible for monitoring and analyzing a company’s IT security situation, and its main tasks include detecting, reporting, and responding to security-related incidents such as malware infections, unauthorized access, and data leaks. This usually takes place in a SOC using security information and event management (SIEM) systems. The corresponding learning paths on TryHackMe are SOC Level 1, SOC Level 2, and Defending Azure.
This job profile simulates cyberattacks to uncover vulnerabilities in systems, networks, and web applications before they are exploited by real attackers. This involves not only pure intrusion but also clean documentation and recommendations for action to improve security. The corresponding learning paths on TryHackMe are Jr Penetration Tester, Web Fundamentals, Web Application Pentesting, and Red Teaming.
This job profile is responsible for the technical security of IT infrastructures. While security analysts monitor and penetration testers uncover vulnerabilities, security engineers build stable and secure systems. They implement firewalls, access policies, encryption, and automated security tools, and they ensure that systems are as secure as possible right from the design stage. The corresponding learning paths on TryHackMe are Security Engineer, DevSecOps, and Attacking and Defending AWS.
You can access a video that provides an overview of TryHackMe via this link.
TryHackMe is one of the most accessible and well-structured platforms available for building real cybersecurity skills, whether you are just starting out or looking to sharpen expertise in a specific domain. Its room-based approach, tiered difficulty levels, and career-focused learning paths mean you can start exactly where you are and progress at your own pace toward a defined goal.
Editor’s note: This post has been adapted from a section of the book Ethical Hacking: The Practical Guide for Pentesting and Red Teaming by Florian Dalwigk. Florian is an expert in cybercrime, cyberespionage, and IT security. After studying computer science, he worked for a security agency and has been a volunteer lecturer since 2024, teaching modules on "Ethical Hacking," "IT Forensics," "Cyberespionage," "Cybercrime and Crypto Forensics," and "Post-Quantum Cryptography," among others. As an author of specialist books, he conveys his knowledge in a clear and practical way. He is interested in the interface between technological innovation and security, particularly in the context of state-controlled cyber operations and cryptographic resilience in the post-quantum era.
This post was originally published 6/2026.