Three weeks ago, the most dangerous thing I could do with a computer was forget to save my work. Now I’m in the top 5% on TryHackMe. Here’s how I accidentally speedran cybersecurity (and why you probably can too.)

The “Oh Crap, What Have I Done?” Moment

Picture this: You’re on YouTube at 2AM when you stumble across a video about hackers on the dark web. A few hours into that rabbit hole, the birds are chirping and the sky seems to be getting dangerously bright for “bedtime”. That’s when you come across TryHackMe.

Suddenly you’re staring at something called “Blue” room, and the instructions might as well be written in ancient Sanskrit. “Enumerate the machine.” Eh?

TryHackMe is an online platform with gamified cybersecurity challenges called ‘rooms.’ Each room teaches specific skills, from basic Linux commands to advanced penetration testing. Think of it as Duolingo for hackers, complete with leaderboards and achievement badges.

That was me three weeks ago. Fast forward 21 days, and I’m sitting in the top 5% of all TryHackMe users, having completed dozens of rooms and somehow developed the ability to make computers do things they probably shouldn’t.

The twist? I did it all on a MacBook Pro. No intimidating Kali Linux setup, no basement server farm, just me, my laptop, and an unhealthy amount of (sugar free) Red Bull.

Why This Isn’t a Humble Brag (I Promise)

Before you roll your eyes and click away, this isn’t about how brilliant I am. It’s the opposite. It’s about how accessible this stuff actually is once you get past the intimidation factor.

Cybersecurity has this mystique around it. We picture hackers as hoodie-wearing wizards who learned assembly language in the womb. The reality? A lot of it is just being curious, methodical, and stubborn enough to Google error messages until things work.

If anything, my journey proves that you don’t need to be Neo from The Matrix to make real progress. You just need to be willing to break stuff (safely) and learn from it.

The MacBook Heretic

Here’s where I probably lost half the cybersecurity community: I did everything on macOS.

Most people will tell you that you need Kali Linux. It’s the holy grail of penetration testing distributions, comes pre-loaded with every tool you could want, and makes you look 47% more l33t.

But here’s the thing. I already had a MacBook Pro, and I’m fundamentally lazy. Setting up a virtual machine felt like unnecessary work, and I wanted to start breaking things immediately.

This decision led to some… interesting moments:

• Spending 30 minutes figuring out why apt-get doesn’t work on macOS (spoiler: it’s because it’s not Ubuntu)
• Discovering that some tools have different names or slightly different syntax
• Learning to love Homebrew more than any reasonable person should

But it also taught me something valuable: the tools matter less than understanding what they do. Once you grasp the concepts, you can make almost any system work for you.

If you’re really dead set on using Kali, TryHackMe gives you access to an AttackBox (a Kali VM accessible from their website) for an hour every day on a free plan and includes unlimited high-speed access with their paid subscription.

I’ll have a dedicated article up in the near future about my experience hacking with a Mac (has a ring to it, doesn’t it?)

What I Actually Learned (Beyond How to Sound Cool at Parties)

Over those three weeks, I built a toolkit of practical skills:

OSINT & Digital Detective Work: Learning to find information hiding in plain sight, like social media posts, website metadata, public databases. It’s like being Sherlock Holmes, except your magnifying glass is Google dorking and your crime scene is the internet.

Web Exploitation: Turns out, a lot of websites are held together with digital duct tape and wishful thinking. Directory busting with tools like Gobuster is like playing a guessing game where the prize is finding secret admin panels someone forgot to secure.

Password Cracking & System Access: Using tools like Hydra, John the Ripper and Hashcat to automate the guessing process. Modern password cracking isn’t about typing furiously on multiple keyboards (sadly.) it’s about understanding how people create passwords and exploiting those patterns.

The Cybersecurity Mindset: Most importantly, I developed systematic thinking, persistent curiosity, and comfort with failure. Every error message became a clue, not a roadblock.

The Plot Twist: It’s Not About the Percentile

Here’s what I realized: the “top 5%” metric is kind of meaningless. TryHackMe rankings are based on points from completing rooms. Someone (*cough* me) could grind easy rooms and rank higher than someone working on advanced challenges.

The real victory isn’t the ranking. It’s the confidence to approach unknown systems and figure out how they work. It’s knowing that when you encounter a new technology or attack vector, you have the foundational knowledge to understand it quickly.

My Completely Unscientific Success Formula

Looking back, here’s what actually moved the needle:

Consistency Over Heroics

I didn’t pull all-nighters or sacrifice my social life. I just committed to doing something cybersecurity-related every day, even if it was just 30 minutes of reading.

Document Everything

After googling the same thing 2 or 3 (or 10) times, I realized that I need to start keeping notes of the commands, tools and hacks (no pun intended.) Not because I’m organized, but because I’d forget everything otherwise.

Embrace the Suck

Cybersecurity is frustrating. Exploits fail for mysterious reasons, documentation can be outdated, and instead of fighting this reality, my stubbornness saw it as a challenge. Every weird error message became a mini-puzzle to solve.

Learn from Others (Shamelessly)

Reading other people’s writeups didn’t feel like cheating, it felt like apprenticeship. Seeing different methodologies expanded my thinking and introduced me to tools I wouldn’t have discovered otherwise.

What I Can Actually Do Now

Three weeks in, I’m not quite ready to defend against nation-state actors, but I can:

• Systematically enumerate and exploit common services (web apps, SSH, SMB, FTP, Telnet)
• Conduct effective reconnaissance using both automated tools and manual techniques
• Crack password hashes and perform credential-based attacks
• Identify and exploit privilege escalation vectors in Linux and Windows environments
• Navigate Metasploit and debug when payloads don’t work as expected
• Use steganography tools and OSINT methodologies for image analysis

Most importantly, I’ve developed intuition about how systems can be compromised and where to look for weaknesses.

Why Your Excuses Are Probably Wrong

"I don't have time." I was studying full-time with other commitments (the local pub has phenomenal beer on tap!) But 30 minutes a day adds up faster than you think.

"I don't have the right setup." I literally used a MacBook. You can start with whatever computer you're reading this on.

"I'm not technical enough." If you can troubleshoot why Netflix isn't working, you can learn to troubleshoot why exploits aren't working.

"I'll just screw something up." That's the point! You want to break things in controlled environments so you understand how they fail in the real world.

The Takeaway (Besides “MacBooks Can Hack Too”)

Cybersecurity isn’t as intimidating as it seems from the outside. It’s pattern recognition, systematic thinking, and healthy curiosity wrapped up in intimidating terminology.

You don’t need a computer science degree, a home lab, or years of preparation. You need the willingness to be confused, make mistakes, and learn from both.

The cybersecurity community talks a lot about “imposter syndrome”, the feeling like you don’t belong or know enough. Here’s the secret: everyone feels that way. The field is too broad and changes too quickly for anyone to know everything.

What matters is the willingness to keep learning and the humility to know that there’s always more to discover.