If you're starting cybersecurity from zero and you've been told to "just go on TryHackMe," this is the path they meant. TryHackMe rebuilt its beginner content in 2025 and 2026 — three older paths got retired and consolidated into two: Pre-Security (revamped Feb 2026) and Cyber Security 101 (which absorbed Complete Beginner, Intro to Cyber Security, and parts of Cyber Defense).
Together they're the closest thing the industry has to a free, hands-on foundation for someone with no IT background.
This is the honest take from someone who's been around long enough to remember when "cyber training" meant a printed CISSP study guide.
What these paths cover
Pre-Security is the prerequisite. It's the "before you can do anything else" content — networking, basic Linux, basic Windows, command-line, and how the web actually works. About 15-20 hours of material, depending on how much you already know.
Cyber Security 101 is the next step. It's the broad foundation: defensive basics, offensive basics, cryptography, security operations concepts, light incident response, and an intro to most of the subdisciplines you might eventually specialize in. About 70-80 hours of material.
Together they replace what used to be three separate paths plus a chunk of a fourth. The consolidation actually makes the curriculum more coherent — fewer dead ends, less overlap, clearer progression.
Who this path is for
- Career changers with no IT background. This is your starting point.
- IT generalists who want to pivot into security but have never touched it formally.
- Students who want a hands-on supplement to a college program that's mostly theory.
- People studying for Security+ who want lab time, not just videos.
Who it's not for
- Sysadmins with 5+ years of experience. You'll be bored. Skip to SOC Level 1 or Jr Penetration Tester.
- People who already finished the Google Cybersecurity Certificate — there's heavy overlap, especially on networking and SIEM intro.
- Aspiring red teamers in a hurry. The beginner path is broad, not deep. You'll cover offensive concepts but the actual exploitation skills come from Jr Pentester and HTB.
How long it actually takes
THM lists Cyber Security 101 at around 80 hours. Reality:
- If you have some IT background: 40-60 hours, working at full attention. About 6-10 weeks at 6 hours a week.
- If you're truly starting from zero: 100-150 hours when you include the time it takes to Google concepts you've never seen. Plan on 3-4 months at 8 hours a week.
Pre-Security adds another 15-30 hours depending on your starting point.
The platform lets you skip rooms, but resist that until you can actually finish them without hints. Skipping ahead is how people end up six months in, "completed" three paths, and unable to investigate a basic alert.
The hands-on quality
This is where THM beats almost every alternative. The labs are real VMs you're SSHing into or attacking, not interactive video quizzes. The browser-based VPN-free access (using AttackBox) is the killer feature — no OpenVPN setup, no broken local lab. It just works.
Some rooms still have the quirks of being community-built: typos in answers, occasionally finicky flag formats, the rare deprecated tool. The newer content (post-2025 revamp) is noticeably more polished than legacy material.
Compared to the alternatives
vs. the Google Cybersecurity Certificate on Coursera: Google's program is more structured, has actual instructor commentary, and gives you a recognizable credential. THM is more hands-on and cheaper. Best play: do both. Google for the structured foundation, THM for the lab time. Full Google review here: Google Cybersecurity Certificate Review.
vs. Hack The Box Academy: HTB Academy is more polished and more difficult, but pricier and aimed at people who already have foundations. THM's beginner path is unmatched for true beginners. Full breakdown: TryHackMe vs Hack The Box.
vs. free YouTube content: Professor Messer can teach you Network+ for free. He can't give you a Linux box to break into. The two are complementary, not competitors.
Pricing
Free tier covers a meaningful chunk of Pre-Security and parts of Cyber Security 101. To do the full path, you need the subscription, currently about $14 a month or cheaper annually.
The math on whether the subscription is worth it: if you're spending more than 3-4 sessions a week on the platform, yes. If you're dabbling, stick with free until you've decided this is your path.
The certification at the end (SEC1)
If you finish Cyber Security 101, THM offers the SEC1 cert — a hands-on, 24-hour timed exam in the same lab environment you've been using. It's a foundational cert. It won't replace Security+ on a job posting filter, but it does prove practical ability in a way Security+ can't.
Worth it if you're targeting hiring managers who actually look at portfolios. Less useful if you're trying to get past keyword-filtered HR systems.
Honest weaknesses
- Some rooms reward guess-the-flag energy over actual understanding. You can sometimes brute-force answers without learning the lesson. The newer content is better about this.
- Theory rooms sometimes outweigh hands-on. Skip a couple if your time is tight; come back if you need them.
- The "Cyber Security 101" name is generic enough that the path doesn't appear in search results well. Most people find it through THM's homepage funnel rather than Google.
What to do after
Once you've finished Cyber Security 101, pick a direction. Three real options:
- Blue team / SOC analyst: Move to SOC Level 1. Full review here.
- Red team / pentester: Move to Jr Penetration Tester. Full review here.
- AI security: THM's AI Security path is newer but increasingly relevant if you're targeting AI/ML security roles. Worth watching as the path matures.
Most people benefit from doing one Blue and one Red path even if they're committed to one side — defenders need to know how attackers work, and vice versa.
The verdict
Cyber Security 101 (paired with Pre-Security if you need it) is the best free-to-cheap entry point for someone starting cybersecurity in 2026. It won't get you hired by itself — nothing single will — but it builds the foundations that everything else depends on.
Pair it with the Google Cybersecurity Certificate for structure and credential value, follow it with a career-track path (SOC L1 or Jr Pentester), and you've got a real 6-12 month plan instead of cert-collecting drift.