Bottom line: TryHackMe’s Pre-Security and SOC Level 1 paths are the best entry points in the industry right now. The Jr Penetration Tester path is solid but shows its age. Skip the CompTIA-aligned paths unless you’re studying for the cert specifically.
Why Learning Path Choice Matters
TryHackMe has over 20 learning paths, and the quality gap between them is significant. The best paths are structured like a curriculum, with each room building on the last. The weakest are loosely coupled topic collections dressed up as “paths” that leave gaps you’ll only discover when you try to apply the knowledge.
Choosing wrong doesn’t just waste time — it can give you false confidence going into job applications or certifications. This ranking is based on content quality, logical progression, practical applicability, and how well they map to actual job roles in 2026.
The Paths, Ranked
1. SOC Level 1 ⭐⭐⭐⭐⭐
Best overall path on the platform.
SOC Level 1 is TryHackMe at its best: coherent curriculum, high production quality, genuinely practical exercises. You’ll work through log analysis, SIEM fundamentals (Splunk and Elastic), threat intelligence, digital forensics basics, incident response workflows, and phishing triage — the actual daily workload of a Tier 1 SOC analyst.
The path has excellent room-to-room continuity. Each section builds on the previous one, and by the end, you’ve simulated real analyst workflows rather than just completed isolated exercises. The Splunk modules in particular are excellent — more useful for a job search than most six-week bootcamp courses.
Who it’s for: Career changers targeting their first security role, IT professionals pivoting to security, anyone aiming for SOC analyst or junior IR roles.
Job relevance: High. SOC Level 1 completion is increasingly recognized by hiring managers as a meaningful signal for Tier 1 analyst candidates.
2. Pre-Security ⭐⭐⭐⭐⭐
Best starting point for absolute beginners — period.
Pre-Security covers networking fundamentals, Linux basics, web application concepts, and Windows administration in a way that doesn’t assume anything. The rooms are well-paced, the exercises are interactive, and the content is accurate.
What separates Pre-Security from similar beginner content elsewhere is the hands-on delivery. You’re not reading theory and taking multiple-choice quizzes — you’re actually running commands, analyzing packets, and exploring systems in a guided browser-based environment. That active engagement matters for retention.
Who it’s for: Complete beginners, IT help desk professionals building toward security, students in early IT/CS programs.
Job relevance: Indirect — this is foundation building, not job-ready skills. But skipping it when you need it is a mistake that costs time later.
3. Jr Penetration Tester ⭐⭐⭐⭐
Solid pentesting introduction with some gaps.
The Jr Penetration Tester path remains one of the most popular on the platform, and for good reason — it walks through the offensive security methodology from enumeration through exploitation to post-exploitation with actual hands-on labs. Metasploit, Nmap, web app vulnerabilities, privilege escalation, and basic network pentesting are all represented.
The weaknesses: the path was built over time by different contributors, and the room-to-room consistency suffers for it. A few rooms feel like they were dropped in because they were available rather than because they fit the curriculum. The web application content in particular is thinner than it should be given how much modern pentesting work involves web apps.
For OSCP prep specifically, supplement this with dedicated web application content — PortSwigger’s Web Security Academy and Hack The Box’s web challenges fill the gaps well.
Who it’s for: Beginners targeting offensive security roles, students preparing for OSCP or eJPT, bug bounty hunters building foundational skills.
Job relevance: Moderate. Completing this path makes you a more credible candidate, but employers know it’s beginner-level. Pair it with HTB or a cert.
Books that pair well with this path:
- The Hacker Playbook 3 — Red team TTPs that go well beyond what TryHackMe covers. Practical and scenario-driven.
- Penetration Testing by Georgia Weidman — One of the clearest intro-to-pentesting books written. Complements the hands-on work.
4. Red Teaming ⭐⭐⭐⭐
Advanced path for practitioners ready to go beyond basics.
The Red Teaming path picks up where Jr Penetration Tester leaves off — assuming you already know how to use basic tools and focusing instead on adversary simulation: initial access techniques, command and control frameworks (specifically Cobalt Strike basics and open-source alternatives), Active Directory attacks, evasion, and post-exploitation tradecraft.
This is legitimately advanced content. The OPSEC modules are particularly strong, and the Active Directory attack chains reflect realistic enterprise environments. Not everything is polished — some rooms could use updating — but the overall curriculum is the most realistic adversary simulation training available on TryHackMe.
Who it’s for: Pentesters who’ve finished Jr Penetration Tester and want to move toward red team operator roles. Requires solid fundamentals.
Job relevance: High, for the right roles. Red team jobs are competitive and typically require real experience, but this path gives you vocabulary and demonstrated skills for junior red team positions.
5. Cyber Defense ⭐⭐⭐⭐
Well-rounded blue team fundamentals.
Cyber Defense covers the defender side of security: threat detection, SIEM, endpoint monitoring, network traffic analysis, and threat hunting. It’s a broader, less focused version of SOC Level 1 — good for building general blue team awareness but less tightly structured than SOC Level 1 for job targeting.
If you’re already past beginner level and want to understand how defenders think — which is valuable even if you’re on the offensive side — this path is worth working through.
Who it’s for: Experienced IT professionals moving into security, offensive practitioners wanting to understand defense, security generalists.
Job relevance: Moderate. Less targeted than SOC Level 1 for specific roles, but good for breadth.
6. Web Fundamentals ⭐⭐⭐
Useful but gets outclassed by PortSwigger Academy.
Web Fundamentals is an accessible introduction to web application security: how HTTP works, OWASP Top 10 vulnerabilities, basic web app exploitation. The content is accurate and approachable, and the guided labs work well.
The problem is ceiling. PortSwigger’s Web Security Academy is free, goes much deeper, uses better labs, and is explicitly designed to build toward professional web app testing skills. If you’re serious about web application security, Web Fundamentals is a reasonable starting point, but you’ll outgrow it quickly.
Who it’s for: Complete beginners who want a gentler introduction to web security before tackling PortSwigger Academy.
Job relevance: Low on its own. Use it as a stepping stone, not a destination.
7. Security Engineer ⭐⭐⭐
Ambitious scope, inconsistent execution.
The Security Engineer path attempts to cover the breadth of a security engineering role: secure development practices, cloud security basics, cryptography, IAM, and threat modeling. The scope is genuinely useful — security engineering is a real and growing job category.
Execution is uneven. Some modules are excellent; others feel thin for a topic that deserves more depth. Cloud security in particular covers AWS/Azure/GCP at a surface level that won’t get you past a technical interview at a mature organization.
Who it’s for: Software developers pivoting into security, engineers looking to add security fundamentals to their skillset.
Job relevance: Moderate, as a supplement. Don’t rely on this alone to target security engineering roles at mature companies.
8. CompTIA Paths (Security+, Network+, Pentest+) ⭐⭐
Fine for cert prep. Not much else.
TryHackMe offers learning paths explicitly aligned to CompTIA certifications. If you’re actively studying for Security+, Network+, or Pentest+, these paths provide decent supplementary practice — particularly the hands-on elements that most study guides lack.
As standalone learning? The CompTIA framework optimizes for certification pass rates, not practical skill development. The content reflects what’s on the exam rather than what you’ll do on the job. Work through these if you’re targeting the cert; skip them if you’re not.
Who it’s for: Cert candidates who want hands-on practice alongside their study materials.
Free vs. Premium: What Does a Subscription Actually Buy You?
TryHackMe’s free tier is genuinely useful — you can access most early rooms in most paths without paying. The premium subscription ($14/month or $10.50/month annually) unlocks the full premium room catalog, which includes most of the advanced content in the Red Teaming path and the later modules in SOC Level 1.
The math: if you’re actively using the platform 3–4 times a week, the subscription pays for itself in study time compression. If you’re dabbling, stick with free until you have a specific path you want to complete.
How TryHackMe Compares in 2026
TryHackMe’s primary competition is Hack The Box, and the distinction matters for your learning strategy:
| TryHackMe | Hack The Box | |
|---|---|---|
| Guided learning | Excellent | Moderate |
| Beginner accessibility | Best in class | Steeper curve |
| CTF/challenge quality | Good | Industry-leading |
| Job market recognition | Growing | Strong |
| Price | $14/month | $14/month (VIP) |
| Best for | Structured learning, beginners | Intermediate+, proving skills |
The honest answer is you should use both. TryHackMe builds foundational knowledge and guided methodology. HTB builds problem-solving skills and gives you verifiable achievements (machines pwned, rankings) that carry weight with technical hiring managers.
For a comprehensive comparison, see our HTB vs TryHackMe 2026 breakdown.
Recommended Progression by Goal
Goal: Land a SOC Analyst role
- Pre-Security (if needed)
- SOC Level 1 ← your main focus
- Cyber Defense for breadth
- CompTIA Security+ path if the role requires the cert
Goal: Break into pentesting
- Pre-Security (if needed)
- Jr Penetration Tester
- Web Fundamentals → PortSwigger Academy
- Hack The Box for challenge-based skill validation
- Red Teaming once fundamentals are solid
Goal: Transition from IT/sysadmin to security
- Pre-Security (quick review)
- Cyber Defense for blue team grounding
- SOC Level 1 for job targeting
- Security Engineer for broader positioning
The Honest Take on TryHackMe in 2026
TryHackMe has matured significantly. The platform’s best paths — SOC Level 1, Pre-Security, Red Teaming — are genuinely excellent training resources that hold up against paid alternatives. The weakest paths are still better than most tutorial content scattered across YouTube.
The ceiling is real, though. No TryHackMe path by itself gets you job-ready. Employers hiring pentesters want to see HTB machines or CVEs. Employers hiring SOC analysts want to see SIEM experience from real environments or a recognized cert. TryHackMe is a building block — a very good one — not a complete solution.
Use it for what it’s excellent at: structured, guided, hands-on skill building. Supplement with HTB, real-world lab environments, and certification study for the credentials that open doors.
The right books to pair with your TryHackMe work, depending on your track:
Offensive track:
- The Hacker Playbook 3 — Red team methodology that bridges lab skills to real engagements.
- Hacking: The Art of Exploitation — Deep technical foundation for understanding what’s actually happening under the hood.
Defensive track:
- Blue Team Handbook: SOC, SIEM, and Threat Hunting — Practical SOC operations guidance written by practitioners.
- The Practice of Network Security Monitoring — Richard Bejtlich’s foundational NSM text. Required reading for anyone going into detection and response.
Disclosure: This article contains Amazon affiliate links. If you purchase through these links, RedTeamGuide.com earns a small commission at no additional cost to you. We only link to resources we’d recommend regardless.