TryHackMe

Photo by KeepCoding on Unsplash

Photo by KeepCoding on Unsplash

Cyber security is a vast and intriguing field within IT. While studying in the Network and Information Security program at Noroff Vocational College, I dabbled in ethical hacking and spent much time on the learning platform TryHackMe. This familiarized me with some of the tools and tactics used by cybercriminals and defenders.

In this article, I will explain how I used TryHackMe during my studies to learn and gain hands-on skills that empowered me at my job and helped me decide not to become a cyber security specialist.

Learning platform

My preferred learning platform as a novice.

Before my journey in Cyber Security, I had little to no experience with computer security.

There are several learning platforms for Ethical hacking and cyber security. The two most prominent and famous are TryHackMe and HackTheBox. I heard good things about TryHackMe and HackTheBox from influencers on YouTube and in podcasts on Spotify, so I decided to try them both. I quickly fell in love with TryHackMe's learning structure and gamification.

TryHackMe is a learning platform where each room is like a set of lessons. As a student, I learn and have the opportunity to apply what I have learned. This is a friendly and pleasant way of learning that, in many ways, feels like what you would expect from a modern learning environment.

HackTheBox, on the other hand, is much more about learning by doing your research. There is much less emphasis on teaching, and the learning is done mainly by trying to figure things out independently. This is a fantastic learning method since the knowledge gained from your research tends to stick longer than the material others give you. However, it will require a lot more effort, and it's much easier to learn this way with proper background knowledge and experience in the challenges presented.

Both approaches have pros and cons. I went with TryHackMe mainly because I felt that HackTheBox was too hard. I thought I lacked the knowledge to succeed on the platform and have fun while doing the challenges. TryHackMe, on the other hand, gave me a fun setting where I first learned about the topics and then got hands-on experience with them.

To make things even better, many of the learning paths and rooms on TryHackMe aligned well with the topics covered by the study program at Noroff. By spending time on TryHackMe, I often felt I had gained a new round of repetition and a solid dose of hands-on practical skills that helped me retain much of the theory from the study program.

Timeline

My four year learning experience

When I started using TryHackMe in 2020, it lacked fundamental rooms covering the basics of cyber security and ethical hacking. It had a few nice introduction rooms to Linux and Windows. Still, the gap between running simple terminal commands and performing enumeration and exploitation was too broad for me to jump.

After completing the Windows Server technology, Linux, and Networking classes at Noroff, I felt better equipped to continue learning on TryHackme. From Christmas 2021 to summer 2022, I accumulated over 25,000 points, a 180-day streak, and a few badges. I had a blast and learned a lot.

After the summer break in 2022 and during the first half of 2023, I was on and off the platform, accumulating around 35,000 points. During this time, I mostly looked for rooms that covered security aspects of programming and DevOps concepts.

From late autumn 2023 to Easter 2024, I did a second marathon on TryHackMe. This time, I focused on ethical hacking and cyber forensics. I accumulated over 56,000 points, ranked among the top 900 users worldwide, and ranked number 4 in Norway.

My current rank and score can be seen in the widget below.

Rank:

World: 1149

Score:

56 627

Badges:

42

Completed rooms:

339

Specialization

...is hard when everything is fun!

The study program at Noroff allowed me to spend around half of 2023 studying Python and databases. During this time, I realized I was having much more fun than expected, deep-diving into extracurricular activities on advanced programming concepts, data modeling, data structures, algorithms, and system architecture. I realized that I enjoyed both programming and infrastructure equally. However, I also realized I had to choose one specialization in IT. That specialty had to be the one closest to my heart and the one that I thought was the most fun. Because of this, I decided to go all in on cybersecurity during the last half-year of my Noroff studies to give myself the insight needed to make an informed decision on my specialization.

The final class at the Network and Information Security Program at Noroff was Computer Forensics, which ended just before Easter break. During the final weeks of this class, I finally decided on my specialization in IT, which, to my surprise, was not cyber security but programming.

I realized that hacking was not as sexy as I had imagined it would be.

"The Cybermentor" Heath Adams had a video monologue on YouTube in which he told the story of a guy he had talked to who said that the TCM courses on Ethical Hacking made him NOT pursue a career in Ethical Hacking.

I guess you can say that my journey through the Network and Information Security program at Noroff and my time spent on TryHackMe made me come to the same conclusion. I think cyber security is fun and exciting, but as a professional, I'm more of a builder than a user or breaker. I have more fun building programs and tools that help people be productive, solve business goals, or create projects for fun.

After spending so much time learning about hacking, I realized that hacking was not as sexy as I had imagined it would be.

From now on, my main focus will be on building stuff using programming and DevOps processes. I think I will return to CTF challenges and TryHackMe from time to time just for fun and to stay somewhat updated on the world of cyber security.

Wasted time?

Do I have regrets?

Four years as a part-time student of Cyber Security is a long time, and it might seem like wasted time because I decided not to pursue a career in Cyber Security, but I don't think so. Cyber Security is in every part of IT. Without insight and know-how, every project and organization becomes vulnerable.

Because of the adversarial mindset I have achieved, I can avoid many common security mistakes that other developers do not know about. I can create hardened Docker containers and virtual private servers for my projects. I can secure my API endpoints and web applications because I know how non-APTs would try to attack them. I know from first-hand experience what can go wrong if user input is not properly sanitized and validated by the application. I also know how to stop most basic enumeration methods and authentication attacks.

I hope that studying cybersecurity will set me apart from other developers without this experience. At the very least, I will always be the security evangelist who points the finger at every apparent security vulnerability and be the one who puts security on the agenda.