I'm a CS student at Michigan Tech with a cybersecurity minor. Here's what actually works and what's a waste of time.
| Platform | Best For | Cost |
|---|---|---|
| TryHackMe | Total beginners | Free tier available |
| HackTheBox Academy | Intermediate learners | Free modules |
| Professor Messer (YouTube) | Cert prep (Security+) | Free |
| Cybrary | Broad course library | Free tier |
| OverTheWire | Linux/wargame practice | Free |
| SANS Cyber Aces | Foundations | Free |
| Google Cybersecurity Certificate | Career starters | Free on audit |
TryHackMe is where I send everyone who asks me how to get started. The guided learning paths make it impossible to get lost, and the browser-based attack box means you can practice without setting up a local VM.
Verdict: Start here. Spend your first 2-3 months on TryHackMe before moving anywhere else. Start TryHackMe Free →
Once TryHackMe has given you the basics, HackTheBox Academy is where you level up. The free modules are genuinely high quality.
Verdict: Move here after 2-3 months on TryHackMe. Start HackTheBox Academy Free →
If you're studying for CompTIA Security+, Professor Messer's free YouTube course is all you need. I used it alongside my university coursework and it filled in every gap.
Verdict: If you're targeting Security+, watch this entire playlist before buying any paid course. Professor Messer on YouTube →
OverTheWire is a series of wargames that teach Linux and security concepts through puzzles. Bandit is perfect for Linux beginners.
Verdict: Do Bandit alongside TryHackMe's Pre-Security path. Start OverTheWire Free →
Google's Cybersecurity Certificate on Coursera is normally paid but you can audit it for free. It's designed for complete beginners targeting SOC Analyst roles.
Verdict: Great if you're targeting a SOC Analyst role. Audit it for free — don't pay.
All of these courses are better with a hands-on lab: