The Honest Truth About Being in the Top 2% on TryHackMe — What That Ranking Actually Means (And Doesn't)
My TryHackMe profile shows "Top 2% globally." I've completed 170+ rooms. I have four path completion certificates. When I mention this on job applications, in cover letters, or in LinkedIn messages to recruiters, it gets noticed — people respond to it more than almost any other item in my profile.
So let me tell you the honest truth about what that ranking actually means, because I don't think I'm the only person chasing it without fully understanding what it does and doesn't measure.
My TryHackMe Profile — The Real Numbers
- How TryHackMe's ranking system actually works
- What top 2% does and doesn't mean about your skills
- Does the ranking actually matter to employers?
- The dark side of ranking — what I wish I'd known
- What to optimise for instead of rank
How TryHackMe's Ranking System Actually Works
What Goes Into Your TryHackMe Rank
The primary driver. Points are earned by completing rooms, answering questions correctly, and solving challenges. Harder rooms give more points. Completing a room partially gives partial points.
Daily login and activity streaks contribute to ranking. Consistent daily activity raises your rank faster than equivalent activity spread irregularly.
Earned for completing paths, finishing specific room categories, and hitting certain milestones. Badges contribute to ranking score.
Recent activity is weighted — an active account ranks higher than an account with the same historical points but no recent activity.
The important implication of this structure: the ranking measures consistent engagement with the platform, not pure technical skill. Someone who does one hard room per week and someone who does five easy rooms per day accumulate points at different rates. The volume of completion matters as much as the difficulty.
What Top 2% Does and Doesn't Mean About Your Skills
Does it mean you can actually hack things?
PartiallyCompleting 170+ TryHackMe rooms means you have encountered a very wide range of security concepts — network scanning, web vulnerabilities, privilege escalation, cryptography basics, forensics, incident response, and more. The breadth of exposure is genuine and valuable.
What it doesn't mean: that you can approach an unfamiliar target without guidance and find a way in. TryHackMe rooms are designed to be solvable. The vulnerability is definitely there. The hints system exists. The community writeups exist. Completing a guided room and independently compromising a real target are meaningfully different skills.
The honest answer: my TryHackMe rank reflects consistent practice with guided security challenges. My ability to work on unguided targets — which I test on HackTheBox and in bug bounty — is real but is lower than my TryHackMe rank might suggest to someone who doesn't understand what the platform measures.
Does it signal genuine interest and consistency to employers?
Yes — genuinelyThis is where the ranking has real value. A public TryHackMe profile with top 2% ranking, 170+ completed rooms, and four path certificates tells an employer or interviewer: this person has been consistently engaging with practical security content for months. It is public, verifiable evidence of sustained effort. That signal is harder to fake than a certification.
In my job application experience — 40 applications, 11 responses — the applications that included my TryHackMe profile link had significantly higher response rates than those without it. Not because the rank itself impressed everyone, but because it was verifiable evidence of actual engagement. A recruiter could click the link and see my real activity history. That verifiability matters.
Does it prove you're better than 98% of cybersecurity professionals?
No — not even closeThis is the misinterpretation I want to address most directly, because I caught myself falling into it. Top 2% globally on TryHackMe means you're in the top 2% of TryHackMe users by engagement. TryHackMe's user base is heavily weighted toward beginners and students — people who are learning, not experienced professionals working in the field.
The vast majority of working cybersecurity professionals are not on TryHackMe maintaining active rankings. They are doing the actual work. Senior pentesters, experienced SOC analysts, malware researchers — most of them are not competing for TryHackMe points. The "top 2% globally" is a ranking among learners, not among practitioners.
This doesn't make the achievement meaningless. It means framing it correctly: top 2% among the global community of people actively learning security on this platform. That's still a meaningful signal of engagement and effort. It is not a claim that you are among the top 2% of security professionals worldwide.
The Dark Side of Ranking — What I Wish I'd Known
Around month two of my TryHackMe journey, I noticed something uncomfortable about my own behaviour. I was choosing rooms based on how many points they gave per minute, not based on what they would teach me. I would complete an easy room I half-understood quickly to keep my streak going, rather than spending the same time on a hard room that would have built more skill.
The ranking system is designed to encourage engagement — and it does. But the incentive it creates is engagement, not skill development. Those are related but not identical. A room that earns you 100 points in 20 minutes teaches you something. A room that earns you 100 points in 3 hours teaches you more. The ranking doesn't differentiate.
I eventually noticed this when I compared my point accumulation rate against my actual skill progression. My rank was climbing smoothly. My ability to solve new, unfamiliar problems was climbing more slowly. The gap told me I had been optimising for the wrong thing.
What I changed: I stopped checking my rank daily. I started spending more time on rooms that genuinely challenged me, even when they took longer and earned fewer points per hour. My rank has grown more slowly since then. My skills have grown faster.
What to Actually Optimise For
How I Think About TryHackMe Now
- Use it as a curriculum, not a competition. The learning paths — Pre Security, Jr Penetration Tester, SOC Level 1 — are well-structured curricula. Following a path to completion is more valuable than accumulating points across random rooms. The certificate at the end is a genuine signal; the rank is a side effect.
- Struggle deliberately. When you get stuck on a room, the productive response is to spend time trying to figure it out — not to immediately check hints or community writeups. The struggle is where the learning happens. I now give myself a minimum of 2 hours on a hard room before looking at any external help.
- The rank is a portfolio item, not a goal. The rank is most useful as a signal on your LinkedIn and resume — evidence that you've been consistently active. It becomes less useful the more you optimise for it directly. Treat it as a byproduct of doing the actual learning work, not as the target.
- Supplement with unguided practice. HackTheBox's unguided machines, VulnHub challenges, and bug bounty hunting are where the skill that TryHackMe builds gets tested and extended. The TryHackMe rank shows consistency; HackTheBox solves and bug bounty findings show independent capability. Both matter, but independently.
- Your public profile link is more valuable than the number. When you share tryhackme.com/p/[yourname], employers see your activity history, your completed rooms, and your certificates — not just a percentage. The full profile tells a story; the percentage is a headline that someone has to trust without context.
TryHackMe's top 2% ranking is a meaningful signal of consistent engagement with practical security learning. It is verifiable, public evidence of sustained effort. It generates positive responses from recruiters and helps applications get seen.
It is not evidence of advanced skill, not a ranking against working professionals, and not a substitute for the unguided, independent problem-solving ability that real security work requires. The number is a conversation starter. Your actual knowledge and your portfolio of real work are what the conversation has to deliver.
I'm proud of the ranking because it represents months of daily practice. I'm more proud of the specific things that practice produced: the IDOR finding on HackerOne, the DIAM project, the Security+ pass, this blog. Those things exist because of the consistency that TryHackMe's structure helped me maintain. The rank is a measurement of that consistency — not a measurement of the work itself.
0 Comments