I Reached the Top 2% on TryHackMe — Here's What Nobody Tells You

The Honest Truth About Being in the Top 2% on TryHackMe — What That Ranking Actually Means (And Doesn't)

I Reached the Top 2% on TryHackMe — Here's What Nobody Tells You

My TryHackMe profile shows "Top 2% globally." I've completed 170+ rooms. I have four path completion certificates. When I mention this on job applications, in cover letters, or in LinkedIn messages to recruiters, it gets noticed — people respond to it more than almost any other item in my profile.

So let me tell you the honest truth about what that ranking actually means, because I don't think I'm the only person chasing it without fully understanding what it does and doesn't measure.

My TryHackMe Profile — The Real Numbers

Public Profiletryhackme.com/p/AmardeepM
Global RankTop 2% globally (at time of writing)
Rooms Completed170+ rooms across all difficulty levels
CertificatesPre Security (Feb 16), Jr Penetration Tester (Mar 7), Web Fundamentals (Apr 22), Cyber Security 101 (May 15) — all 2026
Time to top 2%Approximately 4 months of consistent daily practice
What this post covers:
  1. How TryHackMe's ranking system actually works
  2. What top 2% does and doesn't mean about your skills
  3. Does the ranking actually matter to employers?
  4. The dark side of ranking — what I wish I'd known
  5. What to optimise for instead of rank

How TryHackMe's Ranking System Actually Works

 the Top 2% on TryHackMe

What Goes Into Your TryHackMe Rank

Points

The primary driver. Points are earned by completing rooms, answering questions correctly, and solving challenges. Harder rooms give more points. Completing a room partially gives partial points.

Streaks

Daily login and activity streaks contribute to ranking. Consistent daily activity raises your rank faster than equivalent activity spread irregularly.

Badges

Earned for completing paths, finishing specific room categories, and hitting certain milestones. Badges contribute to ranking score.

Activity

Recent activity is weighted — an active account ranks higher than an account with the same historical points but no recent activity.

The important implication of this structure: the ranking measures consistent engagement with the platform, not pure technical skill. Someone who does one hard room per week and someone who does five easy rooms per day accumulate points at different rates. The volume of completion matters as much as the difficulty.

What Top 2% Does and Doesn't Mean About Your Skills

Does it mean you can actually hack things?

Partially

Completing 170+ TryHackMe rooms means you have encountered a very wide range of security concepts — network scanning, web vulnerabilities, privilege escalation, cryptography basics, forensics, incident response, and more. The breadth of exposure is genuine and valuable.

What it doesn't mean: that you can approach an unfamiliar target without guidance and find a way in. TryHackMe rooms are designed to be solvable. The vulnerability is definitely there. The hints system exists. The community writeups exist. Completing a guided room and independently compromising a real target are meaningfully different skills.

The honest answer: my TryHackMe rank reflects consistent practice with guided security challenges. My ability to work on unguided targets — which I test on HackTheBox and in bug bounty — is real but is lower than my TryHackMe rank might suggest to someone who doesn't understand what the platform measures.

I found this out directly when I moved from TryHackMe to HackTheBox's Starting Point machines. The first machine I tried without any hints or guidance took me three hours and I still didn't fully solve it independently. My TryHackMe profile showed top 5% at that point. The gap between the ranking and the unguided skill was real.

Does it signal genuine interest and consistency to employers?

Yes — genuinely

This is where the ranking has real value. A public TryHackMe profile with top 2% ranking, 170+ completed rooms, and four path certificates tells an employer or interviewer: this person has been consistently engaging with practical security content for months. It is public, verifiable evidence of sustained effort. That signal is harder to fake than a certification.

In my job application experience — 40 applications, 11 responses — the applications that included my TryHackMe profile link had significantly higher response rates than those without it. Not because the rank itself impressed everyone, but because it was verifiable evidence of actual engagement. A recruiter could click the link and see my real activity history. That verifiability matters.

The most useful conversation the profile generated: a technical lead at a small consultancy told me during a call, "I looked at your TryHackMe profile before agreeing to this call — the consistency of your activity over the last four months tells me more than your resume does." That was exactly the right way for someone to interpret it.

Does it prove you're better than 98% of cybersecurity professionals?

No — not even close

This is the misinterpretation I want to address most directly, because I caught myself falling into it. Top 2% globally on TryHackMe means you're in the top 2% of TryHackMe users by engagement. TryHackMe's user base is heavily weighted toward beginners and students — people who are learning, not experienced professionals working in the field.

The vast majority of working cybersecurity professionals are not on TryHackMe maintaining active rankings. They are doing the actual work. Senior pentesters, experienced SOC analysts, malware researchers — most of them are not competing for TryHackMe points. The "top 2% globally" is a ranking among learners, not among practitioners.

This doesn't make the achievement meaningless. It means framing it correctly: top 2% among the global community of people actively learning security on this platform. That's still a meaningful signal of engagement and effort. It is not a claim that you are among the top 2% of security professionals worldwide.

The Dark Side of Ranking — What I Wish I'd Known

The Pattern I Fell Into

Around month two of my TryHackMe journey, I noticed something uncomfortable about my own behaviour. I was choosing rooms based on how many points they gave per minute, not based on what they would teach me. I would complete an easy room I half-understood quickly to keep my streak going, rather than spending the same time on a hard room that would have built more skill.

The ranking system is designed to encourage engagement — and it does. But the incentive it creates is engagement, not skill development. Those are related but not identical. A room that earns you 100 points in 20 minutes teaches you something. A room that earns you 100 points in 3 hours teaches you more. The ranking doesn't differentiate.

I eventually noticed this when I compared my point accumulation rate against my actual skill progression. My rank was climbing smoothly. My ability to solve new, unfamiliar problems was climbing more slowly. The gap told me I had been optimising for the wrong thing.

What I changed: I stopped checking my rank daily. I started spending more time on rooms that genuinely challenged me, even when they took longer and earned fewer points per hour. My rank has grown more slowly since then. My skills have grown faster.

What to Actually Optimise For

How I Think About TryHackMe Now

  • Use it as a curriculum, not a competition. The learning paths — Pre Security, Jr Penetration Tester, SOC Level 1 — are well-structured curricula. Following a path to completion is more valuable than accumulating points across random rooms. The certificate at the end is a genuine signal; the rank is a side effect.
  • Struggle deliberately. When you get stuck on a room, the productive response is to spend time trying to figure it out — not to immediately check hints or community writeups. The struggle is where the learning happens. I now give myself a minimum of 2 hours on a hard room before looking at any external help.
  • The rank is a portfolio item, not a goal. The rank is most useful as a signal on your LinkedIn and resume — evidence that you've been consistently active. It becomes less useful the more you optimise for it directly. Treat it as a byproduct of doing the actual learning work, not as the target.
  • Supplement with unguided practice. HackTheBox's unguided machines, VulnHub challenges, and bug bounty hunting are where the skill that TryHackMe builds gets tested and extended. The TryHackMe rank shows consistency; HackTheBox solves and bug bounty findings show independent capability. Both matter, but independently.
  • Your public profile link is more valuable than the number. When you share tryhackme.com/p/[yourname], employers see your activity history, your completed rooms, and your certificates — not just a percentage. The full profile tells a story; the percentage is a headline that someone has to trust without context.
The Bottom Line — Honest Version

TryHackMe's top 2% ranking is a meaningful signal of consistent engagement with practical security learning. It is verifiable, public evidence of sustained effort. It generates positive responses from recruiters and helps applications get seen.

It is not evidence of advanced skill, not a ranking against working professionals, and not a substitute for the unguided, independent problem-solving ability that real security work requires. The number is a conversation starter. Your actual knowledge and your portfolio of real work are what the conversation has to deliver.

I'm proud of the ranking because it represents months of daily practice. I'm more proud of the specific things that practice produced: the IDOR finding on HackerOne, the DIAM project, the Security+ pass, this blog. Those things exist because of the consistency that TryHackMe's structure helped me maintain. The rank is a measurement of that consistency — not a measurement of the work itself.

TryHackMe Ranking — FAQs

How long does it realistically take to reach the top 2% on TryHackMe?
At consistent daily practice (1-2 hours per day, not skipping days), I reached the top 2% in approximately 4 months. The key factor is consistency — TryHackMe's streak and activity weighting means daily practice of 1 hour beats weekend sessions of 7 hours for ranking purposes. The rooms-completed count matters more than how fast each room was finished. Completing easy rooms counts; completing hard rooms counts more. If you're asking about skill development rather than ranking: the skill that 4 months of consistent practice builds is foundational — solid enough to pass entry-level security interviews and start bug bounty work, not sufficient for advanced penetration testing roles without additional practice on harder platforms.
Should I include my TryHackMe ranking on my resume?
Yes — but include the link, not just the percentage. "TryHackMe: Top 2% globally | 170+ rooms completed | tryhackme.com/p/[yourname]" is significantly more useful than "TryHackMe ranking: Top 2%." The link allows the reader to verify the claim and see your full activity history — which tells a richer story than a percentage alone. Where to include it: in a Skills or Certifications section, or in the Education section alongside other learning platforms. Include it alongside your HackerOne profile, GitHub, and any certifications — the combination of multiple verifiable signals is more compelling than any single item.
Is HackTheBox or TryHackMe better for building real security skills?
Both — in sequence. TryHackMe is better for beginners because it's guided: explanations, hints, structured paths. HackTheBox is better for building the unguided problem-solving that real work requires, but it's genuinely frustrating for beginners who haven't built the foundation. The sequence I'd recommend: TryHackMe Pre-Security + Jr Penetration Tester paths completely → then transition to HackTheBox Starting Point → then attempt harder HTB machines without writeups. Using HackTheBox before building TryHackMe foundations leads to frustration and quitting; using only TryHackMe without eventually moving to HackTheBox leaves the unguided skill gap I described in this post. Both platforms are part of a complete learning journey, not alternatives.

About the Author

Amardeep Maroli

MCA (Master of Computer Applications) — PES University, Bengaluru
Cybersecurity Intern — Inhok Technologies
TryHackMe — Top 2% Globally (160+ completed labs, Jr Penetration Tester certified)
Certifications: CTIGA, CRTOM, CSEDP

Hands-on experience with SIEM tools (Wazuh, ELK Stack, Splunk), cloud security, and network penetration testing. I document my cybersecurity research at TechWithAmardeep.

Tags: TryHackMe top 2 percent, TryHackMe ranking honest review, is TryHackMe ranking worth it, TryHackMe employer recognition, cybersecurity learning platform ranking, TryHackMe vs HackTheBox, tryhackme 170 rooms experience

What's your TryHackMe rank and does it match how you actually feel about your skills? The most honest comment section on this blog is always the one where people admit the gap between their profile and their confidence. That gap is normal and worth talking about.

Post a Comment

0 Comments