Less than a week ago, I completed TryHackMe’s Cyber Security 101 path. This path covered the core fundamentals of cybersecurity, preparing me to branch into any path within cybersecurity. In this article, I’ll go over what I learned from this path as well as who would most benefit from it.

Who is this for?

TryHackMe’s Cyber Security 101 path is designed for those that want to get into any cybersecurity-related role but don’t have any technical experience yet. This path will go through most of the basics that need to be learned as well as a slight overview on different paths that can be taken in cybersecurity. Overall, it’s an excellent way to start learning the basics and figure out if cybersecurity is the right path for you. However, keep in mind that many of the labs inside of the path are hidden behind a paywall, and if you’re not willing to pay for them then you might not get as much value from the path. Still, I highly recommend taking the beginning courses to learn about if cybersecurity is something that you’re actually interested in.

Topics covered

I’m going to give an overview of all the sections covered inside the path as well as how valuable they are to learn. Keep in mind that this is just a summary and not all topics will be covered, so if you’re interested in any of them check the path by clicking here.

Computer fundamentals

This part covers all the basics of computers and how to use them. The first section is dedicated to Linux and understanding how to interact with Linux computers. You’ll learn about the basic commands to navigate through one of these computers as well as the advantages that basic command-line computers have. Since Linux is still highly prominent in a large amount of systems, this is one of the most critical things to master.

After this, the next section covers Windows fundamentals and Active Directory. Although the lessons on Windows might be trivial for daily Windows users, the overview on Active Directory is extremely useful for cybersecurity whether you’re planning on going into blue team or red team. There is also an overview on how to use the Windows Command Line and PowerShell which can be useful when navigating a Windows based system.

Networking

This is the section I recommend spending the most time on. Although relatively short, fundamental understanding of how networks work and how a computer can talk to another computer is essential no matter what field in cybersecurity you’re interested in.

The first topic covered is the OSI and TCP/IP models. These are models that demonstrate how data is traveled from one computer to another. The different layers cover things like MAC address, IP addresses (IPv4, IPv6), and ports. Although these are just models and real life usage might not exactly follow them, studying them is still an excellent way of understanding how one computer can speak to another in either the same network or on a different network.

This section will also go over some of the most common protocols and what they’re designed to do. A protocol is a set of predetermined instructions a computer takes for doing a specific action. For example, when you visit a website, your computer follows the steps outlined in the HTTPS protocol to obtain a website’s HTML code and display it on your computer. These standard protocols are what allows different systems or devices to communicate with each other without any problems. Some protocols covered will include HTTP, FTP, SMTP, and IMAP, as well as some of their secure counterparts (HTTPS, SMTPS, SSH, etc.) designed to create user privacy.

Finally, there’s a quick overview on different tools that can be used in correlation with networks, whether it’s for defensive or offensive security. The first tool, Wireshark, is used to look at individual packets traveling through your computer’s network and can be especially beneficial when trying to see how a computer was hacked into. There’s also a lesson covering Tcpdump, which is an alternative to Wireshark that allows you to look at and filter through packets quickly through a terminal. The final tool, Nmap, is essential for those interested in offensive security. Nmap is a program that allows you to scan an IP’s network and view more information about the system. This can allow you to discover the open ports and services on a specific IP address and allow you to exploit the computer’s misconfigurations. This program is also useful for those in defensive security as it can be used to look for weaknesses within a computer’s network and patch them before they’re exploited.

Cryptography

Cryptography is another essential topic to learn about as understanding how a computer can store data securely is important no matter what you’re interested in. Although important, this section is very short, so I recommend doing more research about this on YouTube and other external sources.

In this section, you learn about the fundamentals of encryption and the basic types of encryption used throughout history. It goes over the Caesar Cipher, basic single-key encryption, and modern day public/private key encryption methods. There is also a quick overview of what hashing is and the key concept of how it works. Some common hashing methods, such as SHA-256 and MD5 are also covered. Finally, there’s a brief lesson on John the Ripper, a tool used by penetration testers to crack hashes.

Red/Blue team fundamentals

The rest of the course is divided into the basics of either red team or blue team. For red team, you learn about Metasploit and how to use it to hack into computers as well as common methods used to hack into websites. For blue team, you learn about what the different positions do and what tools they use to accomplish their goals (SIEM, CyberChef, FlareVM). Since this part of the course is long, I won’t fully explain everything learned here. If you want to learn more about what’s covered, check out the course on their website.

Was it worth it?

From my own experience, I thought that this course was an excellent way to learn the basics of cybersecurity in a straightforward way. Although I had to pay for it, I found it extremely helpful that all the information I needed to learn was in a centralized place and I simply had to follow along with the lessons already outlined. The labs for red and blue team were engaging and showed a simple version of what it would look like to work on each team.

One shortcoming I found from this course is that it tries to cover too many topics in a single course and doesn’t go into depth as a result. Although useful, the lessons on networking and cryptography were short and didn’t cover everything that should be learned about those subjects. This didn’t matter since I found useful videos online from YouTubers like Practical Networking, but I would have liked it if they just included more information in their lessons. Despite the shortcomings, I still thought the overall course was worth the money and definitely recommend it to anyone thinking of going into cybersecurity.

What’s next?

Now that I’ve finished this course, my next plan is to obtain my CompTIA Security+ certificate. Alongside this, I plan on studying the SOC Analyst level 1 plan since I plan on going into defensive security before I go into penetration testing. Doing this alongside experimenting in my own home lab with different exploits will prepare me to become a penetration tester in the future. For anyone just starting out and not sure if cybersecurity is the right path for you, I think this is one of the best starting points that I’ve found so far. If you’re interested in learning how I got started, click here.