Learn Cybersecurity with TryHackMe — Delivering Gamified, Real-World Lessons Through Your Browser

TL; DR: TryHackMe makes cybersecurity education more accessible with a gamified, browser-based platform that equips users with real-world skills. The system’s rooms, or virtual spaces, ensure that it’s easy to set up teaching material and track progress with just a few clicks. Now, new offerings, such as TryHackMe Classrooms, are providing users with additional cloud-based learning opportunities.

With a deficit of nearly 500,000 skilled workers in the U.S. and more than 4 million globally, the cybersecurity talent gap is an undeniable threat to our online futures.

Unfortunately, filling that gap isn’t as easy as one might hope. Online security is a complex field, with many positions requiring years of prior IT experience and knowledge. From an educational standpoint, barriers to accessibility, such as complicated setups, make learning a challenge.

The team behind TryHackMe is doing its part to help close the cybersecurity talent gap with a gamified, browser-based education platform that learners can use at any time and from any system.

TryHackMe’s virtual rooms, for instance, make it easier for students to explore the many different areas of cybersecurity.

“We want to make it easier for people to break into the security field,” said Ashu Savani, Co-Founder at TryHackMe. “With TryHackMe, you can access your virtual machine with nothing more than a browser, a good internet connection, and the click of a button.”

Ben Spring, Co-Founder at TryHackMe, said the company is also working to remove financial roadblocks to cybersecurity education.

“We offer plenty of free learning material, but if you want to take things to the next level, we offer access to a lot of interesting, real-world concepts at a very affordable price,” he said.

Now, as more students embrace remote learning environments to slow the spread of COVID-19, TryHackMe is also making it easier for teachers to tap into cloud-based learning opportunities via innovations like TryHackMe Classrooms.

Ben and Ashu met while learning about the cybersecurity world as interns at a consultancy company.

“At the time, our training was done primarily through virtualized environments,” Ashu said. “In workshops, instructors would physically hand out virtual machines on a USB stick. We’d have to spend time configuring these machines, and, depending on the complexity of the environment, that process would take up a lot of time that could have been used for learning.”

Ben said the system wasn’t particularly time-efficient or useful, especially for beginners who didn’t have enough information on how to progress.

He began working on a side project that entailed a basic proof of concept that would make it easy to deploy structured virtual machines around various security topics, rather than using fragmented environments.

“I sent it to Ashu, who said, ‘Wouldn’t it be super cool if we had lots of guided material around the virtual machines we’re deploying?’” Ben told us. “Traditionally, in this gamification method of deploying a machine, we had been given very little information about a machine. We had to enumerate it and go through a whole process in order to ethically hack it.”

The pair initially built the solution to make their own lives easier. But it was so helpful that they soon released it to the public. Since then, users have appreciated the more guided, handheld approach to security education that evolved into the TryHackMe we know today.

Gamification is transforming everything from surveys to training and education. The idea is that injecting a bit of fun into everyday tasks increases motivation and improves the overall user experience.

According to Statista, the education gamification market is estimated to reach $1.5 billion this year, underscoring growing adoption rates.

“We’ve seen a lot of providers and companies using gamification to engage with their audiences in different ways,” Ashu said. “Recognizing that this is something that excites users, we’ve incorporated lots of gamification features into the TryHackMe platform. Our features include streaks — when you complete a challenge, you increase your streak. We award you with badges after, say, completing a room on a particular security topic. And we have leaderboards.”

Ben and Ashu both said the virtual room concept TryHackMe uses to carry out training makes the platform shine. The idea is to mirror a familiar classroom environment for private training classes, workshops, challenges, and teaching new topics.

The process is simple: The user simply creates and customizes the room, adds tasks and resources (such as files and virtual machines), and shares the room publicly or privately.

“The room structure allows for so much flexibility because it means that people can clone rooms to use for educating, training, and teaching,” Ashu said. “That way, they can start teaching straight away instead of having to develop materials from scratch.”

At the heart of TryHackMe is one of its greatest benefits: an involved community of IT professionals with similar interests. Tens of thousands of community members frequently communicate via Discord, offering to help others in real time.

They also gather via the relatively new TryHackMe Forum, designed to assist individuals in improving their cyber skills.

“We have an incredibly large community now, and I think that’s the heart of TryHackMe,” Ben said. “People can come, get involved, and help each other out. When you’re in a group with other like-minded ethical hackers, there’s this feeling that you’re a part of something bigger — and that’s really cool.”

Ashu agreed that the TryHackMe community is central to the platform’s success.

“The fact that you get to interact with wonderful, helpful people who are going through the same thing as you is priceless,” he said. “People love to give back to TryHackMe in any way they can.”

As for what the future holds, TryHackMe is working on courses focused on network vulnerabilities in Windows Active Directory. “The network program will be released at the end of the month,” he said.

The company is also putting a lot of time into its TryHackMe Classrooms solution, which features content that students of all experience levels can use to acquire new skills. Students can simply deploy vulnerable virtual machines in the cloud, removing the need for complicated setups and OpenVPN configurations.

“We’ve released a classroom program where teachers or trainers can manage their users on the TryHackMe,” Ben told us. “They can take preexisting rooms, rebrand them, and privately redistribute those rooms to groups of students for monitoring purposes.”

He said he has seen this approach work well with some of the education institutions currently using TryHackMe, allowing students to stay engaged while putting theoretical knowledge into practice.

“Teaching students ethical hacking requires a considerable amount of time to develop and set up laboratory experiments,” said Dr. Nick Savage, Head of the School of Computing at Portsmouth University. “TryHackMe has significantly reduced our development time and provided students with a platform that they can use at any time and from any system.”

In terms of changes prompted by COVID-19, Ashu said he’s observed an increase in demand for professional development opportunities.

“People have a lot more free time now,” he said. “At the same time, the fact that everyone is moving to remote infrastructure also increases the online risks organizations face. So it’s a combination of free time and people wanting to get more involved with cybersecurity.”