Cybersecurity Roadmap
Learn network security, ethical hacking, threat analysis, and defense strategies to protect systems and data from cyber threats.
Prerequisites
- Basic computer skills
- A text editor installed
- Browser (Chrome recommended)
Recommended Tools
Your Progress
0 of 14 topics completed
Security Foundations
1.Networking for Security
Deep understanding of networks — the foundation of all cybersecurity.
What you'll learn
- OSI and TCP/IP models in depth
- Common protocols (HTTP, DNS, SMTP, FTP, SSH)
- IP addressing, subnetting, and routing
- Packet analysis with Wireshark
- Firewalls and packet filtering
- VPNs and tunneling protocols
- Wireless network security (WPA2/WPA3)
- Network scanning (Nmap)
Resources
Network Analysis Lab
Set up a virtual lab, capture network traffic with Wireshark, identify protocols, scan a network with Nmap, and document findings.
2.Linux & OS Security
Master Linux administration with a security focus.
What you'll learn
- Linux file permissions and ownership
- User management and sudo
- SSH hardening and key-based auth
- Firewall configuration (iptables/ufw)
- Log analysis (/var/log, journalctl)
- Process monitoring and management
- SELinux/AppArmor basics
- System hardening (CIS benchmarks)
Resources
Hardened Linux Server
Set up a Linux server and harden it: disable root SSH, configure firewall, set up fail2ban, enable audit logging, and run a CIS benchmark scan.
3.Security Concepts & CIA Triad
Learn core security principles, threat modeling, and the security mindset.
What you'll learn
- CIA Triad (Confidentiality, Integrity, Availability)
- Authentication, Authorization, Accounting (AAA)
- Threat modeling (STRIDE, DREAD)
- Risk assessment and management
- Security policies and compliance
- Defense in depth strategy
- Common vulnerability types (OWASP Top 10)
- Security frameworks (NIST, ISO 27001)
Resources
Threat Model Document
Perform threat modeling on a sample web application using STRIDE. Document threats, assess risks, and propose mitigations.
Threat Model Document
Perform threat modeling on a sample web application using STRIDE. Document threats, assess risks, and propose mitigations.
Build this before moving to the next stage
Ethical Hacking & Pentesting
4.Reconnaissance & OSINT
Gather intelligence about targets using open-source information.
What you'll learn
- Passive vs active reconnaissance
- OSINT tools and techniques
- DNS enumeration and subdomain discovery
- Google dorking and search operators
- Social engineering basics
- Metadata analysis
- Shodan and Censys for device discovery
- Footprinting and information gathering
OSINT Report
Perform OSINT on a target domain (with permission). Enumerate subdomains, find exposed services, discover email formats, and compile a report.
5.Web Application Exploitation
Find and exploit vulnerabilities in web applications.
What you'll learn
- SQL Injection (Union, Blind, Error-based)
- Cross-Site Scripting (Reflected, Stored, DOM)
- Cross-Site Request Forgery (CSRF)
- Server-Side Request Forgery (SSRF)
- Insecure Direct Object References (IDOR)
- Authentication and session attacks
- File upload vulnerabilities
- Command injection
- Burp Suite for web testing
Resources
Web App Pentest Report
Exploit vulnerabilities in DVWA or Juice Shop. Document each finding with proof-of-concept, severity rating, and remediation advice.
6.Network Exploitation
Exploit network services and escalate privileges on compromised systems.
What you'll learn
- Service enumeration and vulnerability scanning
- Metasploit framework
- Password attacks (brute force, spraying, cracking)
- Privilege escalation (Linux and Windows)
- Lateral movement techniques
- Active Directory attacks basics
- Post-exploitation and persistence
- Pivoting and tunneling
Resources
CTF Challenge Completion
Complete 10+ machines on TryHackMe or HackTheBox. Document your methodology: recon, exploitation, privilege escalation, and flags captured.
CTF Challenge Completion
Complete 10+ machines on TryHackMe or HackTheBox. Document your methodology: recon, exploitation, privilege escalation, and flags captured.
Build this before moving to the next stage
Defensive Security
7.SOC Operations & SIEM
Work as a security analyst — monitor alerts, investigate incidents, and use SIEM tools.
What you'll learn
- Security Operations Center (SOC) workflow
- SIEM concepts (Splunk, Elastic SIEM)
- Log analysis and correlation
- Alert triage and investigation
- Indicator of Compromise (IoC)
- MITRE ATT&CK framework
- Sigma rules for detection
- Incident classification and escalation
Resources
SIEM Lab Setup
Set up Elastic SIEM, ingest logs from multiple sources, create detection rules, investigate simulated attacks, and write incident reports.
8.Malware Analysis Basics
Analyze malicious software to understand how it works and how to detect it.
What you'll learn
- Types of malware (viruses, trojans, ransomware, RATs)
- Static analysis (strings, hashes, PE headers)
- Dynamic analysis (sandboxing, behavior monitoring)
- Setting up analysis environments safely
- YARA rules for detection
- Reverse engineering basics
- Malware persistence mechanisms
- Indicators of Compromise extraction
Resources
Malware Analysis Report
Analyze malware samples in a sandbox. Perform static and dynamic analysis, extract IoCs, write YARA rules, and produce a detailed report.
9.Incident Response & Forensics
Respond to security breaches and perform digital forensics.
What you'll learn
- Incident response lifecycle (NIST/SANS)
- Evidence preservation and chain of custody
- Memory forensics (Volatility)
- Disk forensics basics
- Network forensics (packet captures)
- Timeline analysis
- Root cause analysis
- Incident documentation and reporting
Resources
Incident Response Exercise
Respond to a simulated breach: collect evidence, analyze memory dumps, build a timeline, identify the attack vector, and write a post-incident report.
Incident Response Exercise
Respond to a simulated breach: collect evidence, analyze memory dumps, build a timeline, identify the attack vector, and write a post-incident report.
Build this before moving to the next stage
Specialized Security
10.Cloud Security
Secure cloud infrastructure and detect misconfigurations.
What you'll learn
- AWS/Azure/GCP security services
- IAM misconfigurations and attacks
- S3 bucket security and enumeration
- Cloud-native security tools
- Container security (Docker, K8s)
- Serverless security considerations
- Cloud compliance (CIS Benchmarks)
- Cloud pentesting methodology
Resources
Cloud Security Audit
Audit an AWS account for misconfigurations: check IAM policies, S3 permissions, security groups, encryption, and logging. Use ScoutSuite or Prowler.
11.Application Security (AppSec)
Integrate security into the software development lifecycle.
What you'll learn
- Secure SDLC (DevSecOps)
- SAST and DAST tools
- Dependency vulnerability scanning (SCA)
- Code review for security
- Threat modeling for developers
- API security testing
- Security in CI/CD pipelines
- Bug bounty program basics
Secure CI/CD Pipeline
Integrate security into a CI/CD pipeline: SAST scanning, dependency checks, container scanning, DAST testing, and automated security gates.
12.Cryptography Essentials
Understand encryption, hashing, and PKI used to protect data.
What you'll learn
- Symmetric encryption (AES, ChaCha20)
- Asymmetric encryption (RSA, ECC)
- Hashing algorithms (SHA-256, bcrypt)
- Digital signatures and certificates
- PKI and certificate authorities
- TLS/SSL handshake
- Key exchange (Diffie-Hellman)
- Common crypto pitfalls and attacks
Resources
Encryption Implementation
Implement a secure messaging system: generate key pairs, encrypt/decrypt messages, sign and verify, and set up mutual TLS between services.
Encryption Implementation
Implement a secure messaging system: generate key pairs, encrypt/decrypt messages, sign and verify, and set up mutual TLS between services.
Build this before moving to the next stage
Career & Certifications
13.Security Certifications Path
Prepare for industry-recognized certifications that validate your skills.
What you'll learn
- CompTIA Security+ (entry-level, highly valued)
- CEH (Certified Ethical Hacker) overview
- OSCP (Offensive Security Certified Professional)
- AWS Security Specialty
- CISSP (for experienced professionals)
- Study strategies and resources
- Practice exams and labs
- Continuing education requirements
Resources
Certification Study Plan
Create a 90-day study plan for Security+: cover all domains, complete practice exams (80%+ score), and set up home labs for hands-on practice.
14.Portfolio & CTF Practice
Build a security portfolio and sharpen skills through CTF competitions.
What you'll learn
- CTF competition types (Jeopardy, Attack/Defense)
- Popular platforms (HTB, THM, PicoCTF, CTFtime)
- Writing quality write-ups
- Building a security blog
- Contributing to open-source security tools
- Bug bounty hunting (HackerOne, Bugcrowd)
- Networking in the security community
- Resume and LinkedIn for security roles
Resources
Security Portfolio
Complete 20+ CTF challenges, write detailed write-ups for 5, submit a bug bounty report, and create a portfolio site showcasing your security work.