Skip to main content

Help us improve the Digital Marketplace - send your feedback

TRYHACKME LTD

TryHackMe: Online Cyber Security Training Labs

TryHackMe offers online Cyber Security and Cloud Security training to government and educational organisations. Users can expand their Cyber Security skills with gamified real-world scenarios, available 24/7.

Features

  • Two Weeks free trial for all UK government entities
  • 800+ Real-word Cyber Scenarios: Interactive, gamified learning and training.
  • Learning Paths: From beginner to expert, offensive and defensive
  • Browser-Based: Nothing to download; access anytime and anywhere.
  • Safe-controlled Experience: Practice during training instead of a live incident.
  • Great Learning Experience: Badges, global leaderboards, points.
  • Individual and Team Skill Assessment to spot opportunities.
  • Customisable Learning: Tailor existing learning materials or create your own
  • Advanced Reporting: Progress reports, skill development tracking and insights.
  • Capture the Flag builder: Create CTF events for free.

Benefits

  • Increased cyber resilience.
  • Improved effectiveness to get more done with the same team.
  • Faster ramping of new hires with structured learning paths.
  • Hire candidates without prior experience and train them quickly.
  • KPI driven to discover vulnerabilities and cost per vulnerability.
  • Cost-effective training and no lab maintenance.
  • Reduced reliance on external consultants by equipping internal teams.
  • Simple pricing structure inclusive of all training content.
  • Diverse learning path includes offensive and defensive, learn and practice
  • Reduce load on snr team members for onboarding new hires

Pricing

£296.40 a licence a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ashu@tryhackme.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

3 5 9 9 7 3 6 9 9 2 6 8 0 8 3

Contact

TRYHACKME LTD Ashu Savani
Telephone: 07521097922
Email: ashu@tryhackme.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Our service does not have any constraints.
System requirements
  • Browser: Chrome, Firefox, Safari, or Edge
  • Broadband Internet Connection
  • Desktop/Laptop

User support

Email or online ticketing support
Email or online ticketing
Support response times
We do provide email and online ticketing support. We monitor the support inbox and respond to queries within one working day. The working hours are from Monday to Friday (excluding UK bank and public holidays) from 9.00 to 17.00 GMT/BST.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
None
Onsite support
Yes, at extra cost
Support levels
We support the web application and underlying content.
We provide email and online ticketing support.
We monitor the support inbox and respond to queries within one working day. Online support is reachable through support@tryhackme.com.
The working hours are from Monday to Friday (excluding UK bank and public holidays) from 9.00 to 17.00 GMT/BST.

We also provide phone support at a cost of 50 GBP per user/year with a minimum of 100 users. The add-on phone support is available from Monday to Friday (excluding UK bank and public holidays) from 9.00 to 17.00 GMT/BST.

Clients with >9 licenses (excluding free/premium) receive a technical account manager.

We also provide (optional) onsite support at a cost of 1100 GBP per day per technical account manager, excluding transport and additional charges.
Support available to third parties
No

Onboarding and offboarding

Getting started
We are committed to a seamless and user-friendly onboarding process to ensure your users can easily and quickly start learning on TryHackMe.
After signing up for TryHackMe security training, managers/admins will be introduced to a dedicated Customer Success Manager who will guide and support them through implementation. The Customer Success Manager will serve as a primary contact for any questions during the onboarding process.
To facilitate the onboarding and adoption, we provide comprehensive onboarding instructions, including a user FAQ and deployment strategy. They help understand how to navigate the training platform and make the most of its features. In addition, extensive documentation is also available with detailed guidance on how to develop the Cyber Security skills of your team.
Another critical component of our onboarding process is the online training session led by our Customer Success Manager. This session helps admins familiarise themselves with the platform and provides hands-on guidance, answering their questions in real time. The session will be tailored to the specific needs of each admin to ensure that they receive support to kickstart their journey with us. By providing reliable onboarding support, we empower admins to navigate through our platform confidently and harness its full potential.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Following a user's request, our team extracts the requested data and prepares it for handover to the user. Once the data is ready, we download and transfer it to the user in CSV format. Users can easily export reports from our platform to capture specific insights and information they require. These reports provide valuable data that users can use for data analysis and reporting.
In line with our commitment to managing the security of users effectively, we dispose the user data in compliance with ISO 27001 standards. Upon handing over the user's data, we delete all client data from our platform. However, it is important to note that achievements such as points, badges and certificates remain within the user’s profile even after the end of the contract. Users can continue to access these achievements on their free account as their progress and accomplishments are preserved.
End-of-contract process
There are no additional costs associated with termination of service at the end of the contract. As the platform operates entirely online, users will lose access to the platform after the end of the contract. Features and functionalities that were available under the paid subscription will no longer be available.
However, the users will automatically default to a free user status, wherein they can continue to access certain features and functionalities of the platform. Users will not be charged for terminating the service or transitioning to a free user status.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Only the reporting functionalities and some training labs are accessible via mobile devices.
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Yes, we do have a service interface. It is customisable for each user based on their requirements. It displays all information relevant to the user with options enabling them to easily navigate the system.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
None
API
Yes
What users can and can't do using the API
A. How can users set up the service through the API?
1. Create user accounts
2. Add users to seats
3. Retrieve list of all users in seats

B. How can users make changes through the API?
1. Remove users from seats
2. Remove users from room (lab)

Any limitations to how users can set up or make changes through the API?
1. All API calls must be authenticated with a valid API key.
2. API calls only ever return information about users in seats within your company.

APIs relating to user progression and rooms are available in addition to functionality listed above.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Users and admins can easily customise TryHackMe. Our flexible platform allows clients to customise: a) Training content, including text, images, questions, answers, and even Virtual Machines. b) Customisable reporting by user, group, skill, duration, progress, etc.,

Scaling

Independence of resources
We ensure uninterrupted user experience and prevent any negative impact from increased demand to users by using AWS Cloud Guacamole, which provides infinite scalable resources without compromising on quality and performance. We employ a resource pool system wherein each customer is allocated limited dedicated resources which can automatically scale according to the underlying infrastructure capacity. As resources are allocated dynamically and managed based on the needs of each user, we can guarantee that individual users are not affected by fluctuations in demand from other users.

Analytics

Service usage metrics
Yes
Metrics types
Yes, we do provide a wide range of service usage metrics to our service users upon request.
Businesses, education and enterprise license customers receive reporting that covers the following:
• Time spent on the platform.
• Percentage of content completed.
• User activity by questions answered or lessons (rooms) completed.
• Skill development.
These metrics offer actionable insights into how the platform is used, enabling them to track their progress, identify drawbacks and develop a plan of action to address gaps identified to enhance their cybersecurity and cloud platform skills.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
Less than once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other
Other data at rest protection approach
We prioritise the security of data at rest by employing robust encryption protocols. Specifically, we use Advanced Encryption Standard (AES) with a 256-bit key, the highest commercial encryption standard available. This method ensures that all data stored on our systems, including user information, training materials, and operational data, is fully encrypted and protected against unauthorised access. Our encryption practices are regularly reviewed and updated in accordance with the latest security standards and technological advancements, ensuring the ongoing safety and confidentiality of the data entrusted to us.
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users can export their data in CSV format.
Data export formats
CSV
Data import formats
Other
Other data import formats
Users will not upload their data.

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Our platform is designed to be available 24/7, 365 days a year. As a part of our SLA, we operate on a target minimum service availability of 99.5% uptime. We monitor this both internally and internally. To monitor uptime externally, we employ a third-party service that alerts us if the site experiences any downtime. In case of issues, users can reach out to support@tryhackme.com.
Approach to resilience
TryHackMe is built on high-performance and high-availability cloud architecture that makes it easy to restore services in the event of an outage or any issues.

Our internal engineering team maintains the SLAs of the platform. The team contains infrastructure and application specialists who are available on call to address any issues with the platform according to TryHackMe’s internal triage system. This triage system uses a combination of automated checks on the application and infrastructure to ensure that these components are working according to a high standard.

There will be times when we will reduce availability to the platform for maintenance. However, customers will be notified at least two weeks in advance with more details like the time TryHackMe will be unavailable and what improvements we will be looking to make.
Outage reporting
We ensure timely and transparent reporting of outages through various channels including an API, reporting agents and external monitoring service. In addition to these, we also send email notifications to the registered users, ensuring that they are informed about the service disruptions. Through this multi-channel approach, we keep our users informed about any outages and the resolution process to address the issue.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Access is restricted using role-based access control when required. According to the principle of least privilege, individuals are only given the roles needed to perform their duties. Support channels are public, but administrative tasks are restricted to authorised users through federated Single Sign-On to Google G Suite.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
No audit information available
Access to supplier activity audit information
No audit information available
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
We follow the ISO/IEC 27001 security framework and the audit in process is planned at the end of 2024. Our Co-founder Ben-Spring is responsible for the security of all our services.
Information security policies and processes
Everyone within the organisation is responsible for security, but current security responsibilities sit within the engineering and infrastructure teams.

What do you do to ensure security policies are followed?
We ensure adherence to security policies by implementing the following:
● Regular Audits and Compliance Checks: We conduct audits to assess and align with industry standards and regulatory requirements, ensuring continuous improvement in our security practices.
● Employee Training and Awareness: Employees undergo security training that covers our policies, data protection laws, and best practices. This training is updated regularly to address emerging security challenges.
● Automated Systems: We use automated tools to monitor our infrastructure and services for compliance with our security policies. These systems help identify and mitigate risks promptly.
● Access Controls: Robust access control measures are in place to limit information access to authorised personnel only, based on their role within the organisation.
● Incident Response Plan: A well-defined incident response plan ensures swift action and mitigation in the event of a security breach, minimising potential impacts.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We comply with supplier-defined controls of configuration and change management processes.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We leverage automated scanning tools to continuously monitor our systems for vulnerabilities. These are configured to conduct scans regularly and are updated frequently to detect the latest threats. Once identified, vulnerabilities are prioritised based on their severity and potential impact on our operations. Threats are then assessed by considering exposure, existing mitigations, and business criticality. This assessment guides the timely application of patches or implementation of mitigations. Additionally, we regularly review and update our vulnerability management policies to adapt to evolving security landscapes.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
As a cloud-native SaaS platform, we utilise our cloud providers' logging and monitoring services. We also generate additional logs to track and monitor any unusual activities. Upon detection of irregular behaviour, a security incident is declared, and a cross-functional team is assembled to address the issue. The response is customised based on the severity of the incident to ensure appropriate measures are taken.
Incident management type
Supplier-defined controls
Incident management approach
Our incident reporting process is structured to ensure timely and efficient communication of security events. We have predefined protocols for identifying, categorising, and escalating incidents based on severity. This process begins with immediate notification to our dedicated security team / relevant personnel. Each reported incident is logged into our system, facilitating tracking, analysis, and resolution. The incidents are categorised by urgency and impact, which dictates the escalation path to the appropriate stakeholders, including technical leads and management. Additionally, we maintain a comprehensive communication plan that includes notifying affected customers and complying with regulatory reporting requirements, if applicable.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

As TryHackMe is a fully remote company, we are pro sustainability and have a strong focus on reducing our carbon footprint. We currently carry out and will implement the following steps in the day to day delivery of the project:
- Encourage the use of energy-efficient technology such as laptops, tablets, and smartphones, to reduce energy consumption during training sessions. TryHackMe’s infrastructure is designed in a way that all the tooling needed to learn security can be done through the browser - as such, there is no need for high specification technology that is not energy efficient or environmentally friendly.
- As TryHackMe is fully remote, we use virtual meeting platforms instead of physical meetings to reduce travel emissions where possible. We will continue to advocate for this approach through the engagement.
- By delivering training materials and courses digitally, TryHackMe reduces the use of paper, ink, and other resources required for traditional training methods.
- TryHackMe’s current platform primarily uses live resources such as virtual machines and networks. When these are used in scale, they generate some waste and contribute towards using electricity and other resources, even though this is done through our cloud provider. However, TryHackMe has automatic mechanisms to disable resources that aren’t being used to ensure that there’s no additional environmental impact by leaving these running.
In addition to this, at a higher level, TryHackMe also engages in educating employees on sustainable practices and encourages them to adopt sustainable habits in their daily work.

Covid-19 recovery

We are committed to facilitating an effective recovery from COVID-19 within our local communities and nationwide.

Tackling economic inequality

We are committed to combating economic inequality by providing equal employment opportunities and training initiatives to individuals facing barriers to entry into the job market. Our company culture revolves around the comprehensive Equality, Diversity and Inclusion Policy that has been created by Human Resources team . To this end, our approach enforces this company policy while tackling wider economic inequalities. This involves:

● Supporting Displaced People: We offer employment opportunities to individuals, particularly people who lost their jobs. We provide temporary employment and training to equip them with the necessary skills to enhance their employability prospects. We empower individuals to upskill and regain confidence, thereby increasing their chances of securing full-time employment in the future.

● Local Hiring: We prioritise local hiring to contribute to the upskilling of the local workforce and support economic development and growth within the local communities. Our employment contracts adhere to ‘good work’ criteria, ensuring fair pay, equal opportunities for progression and autonomy for the employees. By providing quality local employment opportunities, we strive to promote economic stability and prosperity within the regions we operate.

● Training Initiatives: We conduct continuous training programs to enhance the skills of our workforce, supporting them in their career advancement. Each staff member is given a profile in our training matrix. We commit to providing 50 hours of training annually for staff training and promote Continuous Professional Development throughout.

● Review and Monitoring: Our HR team conducts regular reviews of our initiatives towards tackling economic inequalities through meetings and performance assessments to monitor and evaluate the effectiveness. Additionally, we collect feedback from employees as well as the management through surveys to inform our initiatives towards addressing economic inequalities.

Equal opportunity

At TryHackMe, we provide equal opportunities to all individuals irrespective of their background, age, disability, race, religion, belief, or sexual orientation. We have a dedicated ‘Equality & Diversity Policy’ in line with the Equality Act 2010, which forms the basis for our initiatives towards promoting equality and providing equal opportunities.

As an equal opportunity-providing employer, we continually review our processes to ensure that no job applicant or employee should ever be disadvantaged due to discriminatory or prejudicial beliefs. All applicants will be assured that our organisation will ensure:

● Recruitment procedures will be conducted objectively and will be without bias or discrimination.

● All job advertisements will encourage a diverse range of applicants from a range of communities and a range of media will be used to advertise to attract applicants from all sections of the community.

● All recruitment procedures and selection criteria will be based on merit, competence and the ability of the applicant to do the job and not unlawfully on the grounds of protected characteristics and will solely be related to the requirements of the job.
● Consideration is given to making reasonable and appropriate adjustments to the recruitment process to not disadvantage disabled applicants.

Additionally, we provide equal opportunities to all staff members for professional development. To this end, we will:

● Ensure all employees are provided with fundamental and specialist training to support their career progression.

● Ensure that no employee will be either directly or indirectly discriminated against during the training or selection process for promotion. This will be identified as part of an ongoing performance management process and will be determined objectively.

● Ensure that both part-time and full-time staff have equal access to training and promotion opportunities.

● Ensuring all employees undergo a comprehensive Equality and Diversity training module at induction.

Wellbeing

We are committed to ensuring the holistic wellbeing of our staff members, recognising that a healthy workforce is essential to delivering high-quality services. Our HR team will oversee our initiatives towards ensuring the well-being of staff.
To ensure that staff are coping with working conditions, we implement the following:

● National Minimum Wage or above.
● A comprehensive pension scheme, and a company healthcare scheme.
● Opportunities to be supported to access external counselling sessions.
● Providing an employee assistance programme who wish to stop drug/alcohol/smoking.

Supporting the mental well-being of our staff, we provide staff with mental health awareness training during the induction. This training helps them understand the importance of mental health and circumstances which may lead to the detriment of an individual’s mental health, including channels of communication and means to address issues.

We place a great emphasis on work-life balance to maintain the well-being of staff members. Accordingly, we offer flexible work arrangements, including remote working options and flexible scheduling, allowing employees to better manage and fulfil their professional as well as personal commitments on time.

Additionally, we ensure compliance with the Working Time Regulations 1998 by regularly reviewing the schedules of our staff to ensure their workload is manageable, accounting for additional considerations such as commuting and its subsequent effect on work/life balance. These are discussed as part of staff wellbeing one-to-one sessions, with improvement measures implemented based on feedback.

Pricing

Price
£296.40 a licence a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
On the free trial, we offer full access to the platform for two weeks
Link to free trial
Www.tryhackme.com/business

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ashu@tryhackme.com. Tell them what format you need. It will help if you say what assistive technology you use.