My Cybersecurity Learning Roadmap with TryHackMe (and Beyond)
When I first stepped into cybersecurity, one of my biggest challenges was figuring out where to start. With so many tools, concepts, and paths available, it’s easy to feel lost. That’s when I discovered TryHackMe’s Free Roadmap — a structured guide designed to take complete beginners all the way to intermediate-level hackers, without paying a cent.
I’ve decided to follow this roadmap closely, not just because it’s free, but because it’s designed to build skills progressively. At the same time, I also plan to supplement it with other resources (like HackTheBox and vulnerable VMs) whenever I encounter topics that feel challenging or missing.
🛠 Why TryHackMe’s Free Path?
Completely free: Over 500 labs are available without a subscription.
Hands-on: Everything is interactive, no passive reading.
Structured: Broken down into levels, from beginner-friendly Linux commands to advanced privilege escalation.
Gamified learning: Walkthroughs teach you, challenges test you.
This makes it an ideal foundation for anyone trying to break into cybersecurity, whether your end goal is pentesting, blue team, or digital forensics.
🚀 The Roadmap I’m Following
Here’s a breakdown of the levels I’m currently progressing through:
Level 1 – Getting Started Covers the very basics: Linux fundamentals, careers in cyber, intro to pentesting, and even OSINT challenges.
Level 2 – Tooling Learn essential tools every hacker needs: Nmap, Hydra, Metasploit, OWASP ZAP, plus beginner-friendly CTFs.
Level 3 – Crypto & Hashes Hash cracking, basic cryptography, and CTFs like Agent Sudo.
Level 4 – Web Exploitation SQL Injection, HTTP/DNS details, OWASP Juice Shop — a goldmine for web hackers.
Level 5 – Reverse Engineering Beginner-friendly reversing rooms: Windows ELF binaries, PE headers, and firmware analysis.
Level 6 – Networking Networking fundamentals, recon, traffic analysis, and intrusion detection with Snort.
Level 7 – Privilege Escalation Linux and Windows privilege escalation labs, Sudo vulnerabilities, and practice CTFs.
Level 8 – CTF Practice A mix of easy and medium CTFs to apply all the skills learned.
Level 9 – Windows Deeper dive into Windows, Active Directory, and forensics (mostly behind the paywall, but still worth noting).
🔍 My Learning Approach
I’m not just going room by room in order. My approach is more flexible:
Follow the roadmap: Stick to the free structured levels as a backbone.
Double down on weak spots: If a concept feels difficult (e.g., privilege escalation), I pause and practice more on that area.
Side practice: Use other platforms like HackTheBox (HTB) and downloadable vulnerable VMs (like VulnHub or Offensive Security’s Proving Grounds) for additional hands-on challenges.
This way, I’m building a strong foundation while also getting exposure to different styles of labs and real-world setups.
🔧 Tools & Skills I’m Excited About
So far, here are a few areas I’m most excited to dive into:
Linux Privilege Escalation – Core skill for both CTFs and real-world pentests.
Web Exploitation – SQLi, XSS, and authentication bypasses are everywhere.
Active Directory Attacks – Almost every corporate network relies on AD.
Reverse Engineering – A skillset that opens doors to malware analysis and exploit development.
🥊 Why Add HTB & Vuln VMs?
While TryHackMe is fantastic for guided learning, it’s still very structured. To simulate real-world pentests more closely, I’ll also:
HackTheBox (HTB): More unguided, realistic challenges where you learn by failing and researching.
Vulnerable VMs: Platforms like VulnHub and Proving Grounds allow me to practice on real, intentionally vulnerable machines, often used in interviews or practical exams (like OSCP).
By combining these, I’ll balance learning (THM) with grit and creativity (HTB/VMs).
🌟 Closing Thoughts
The cybersecurity journey is vast, but having a clear roadmap makes all the difference. TryHackMe’s free path gives me direction, while HackTheBox and vulnerable VMs give me space to experiment and grow beyond the structured environment.
This is the roadmap I’m following — free, structured, and flexible. I’ll keep sharing my progress, lessons learned, and maybe even walkthroughs (without spoilers 😉).
If you’re starting your own journey, I’d recommend: start structured, then branch out. Learn the basics, struggle with challenges, and then test yourself in the wild.
💡 Next Step for Me: Finish Levels 2–3 on TryHackMe, then start balancing in HTB machines. I’ll also pick one VulnHub VM per week as an “extra challenge.”
Stay tuned — I’ll post updates as I go!