Cyber Security Roadmap

A beginner-to-job-ready roadmap covering networking fundamentals, defensive security, ethical hacking, and professional certifications to launch a cyber security career.

✓ Every resource link below is verified live.

1. Stage 1: Foundations & Core Concepts

Networking Fundamentals
All security concepts rely on understanding how networks communicate.
courseNetworking Basics – Cisco NetAcad videoComputer Networking Full Course – freeCodeCamp
Operating Systems (Linux & Windows)
Security professionals must administer and harden both OS families.
tutorialLinux Command Line Basics – Ubuntu Docs courseIntroduction to Linux – edX / Linux Foundation
Core Security Concepts (CIA Triad, Threats, Vulnerabilities)
Foundational vocabulary underpins every cyber security discipline.
docNIST Glossary of Key Information Security Terms
Introduction to Cryptography
Encryption and hashing protect data at rest and in transit.
docCryptography – MDN Web Docs (Web Crypto API)courseCryptography I – Stanford / Coursera

2. Stage 2: Networking & Protocol Deep Dive

TCP/IP, DNS, HTTP/S & Common Protocols
Attackers exploit protocol weaknesses; defenders must know them deeply.
docRFC 793 – TCP Specification (IETF)tutorialHTTP Overview – MDN Web Docs
Packet Analysis with Wireshark
Capturing and reading packets reveals malicious traffic patterns.
docWireshark Official Documentation tutorialWireshark Tutorial – TryHackMe
Firewalls, IDS/IPS & VPNs
These are primary perimeter controls in every enterprise environment.
docNIST SP 800-41 – Guidelines on Firewalls videoFirewalls & IDS Explained – Professor Messer
Network Scanning & Enumeration (Nmap)
Knowing what's on a network is step one for both attackers and defenders.
docNmap Official Documentation tutorialNmap Room – TryHackMe

3. Stage 3: Defensive Security & Blue Team Skills

Security Information & Event Management (SIEM)
SIEMs aggregate logs for detecting and investigating incidents at scale.
tutorialIntroduction to SIEM – TryHackMe docMicrosoft Sentinel Documentation
Incident Response & Handling
Structured response limits damage and recovery time after breaches.
docNIST SP 800-61 – Computer Security Incident Handling Guide courseIncident Response – Cybrary
Vulnerability Management & Scanning
Proactively finding weaknesses before attackers do reduces attack surface.
docOpenVAS / Greenbone Documentation tutorialVulnerability Management – TryHackMe
Hardening & Security Baselines
Reducing default configurations limits exploitable attack vectors.
docCIS Benchmarks (Center for Internet Security)docNIST National Checklist Program

4. Stage 4: Ethical Hacking & Offensive Techniques

Web Application Security (OWASP Top 10)
Web apps are the most attacked surface; OWASP Top 10 is the baseline.
docOWASP Top 10 Official Documentation tutorialOWASP Juice Shop – Hands-on Practice
Penetration Testing Methodology
A structured methodology ensures thorough and legal security assessments.
courseJr Penetration Tester Path – TryHackMe
Exploitation Basics with Metasploit
Metasploit is the industry-standard framework for understanding exploits.
docMetasploit Unleashed – Offensive Security tutorialMetasploit Room – TryHackMe
Password Attacks & Privilege Escalation
Credential attacks are the leading initial access technique in breaches.
tutorialLinux Privilege Escalation – TryHackMe tutorialWindows Privilege Escalation – TryHackMe

5. Stage 5: Cloud & Application Security

Cloud Security Fundamentals (AWS/Azure/GCP)
Most enterprises run workloads in cloud; cloud misconfigs cause major breaches.
docAWS Security Documentation
Secure Software Development (DevSecOps)
Shifting security left into the SDLC prevents vulnerabilities at the source.
docOWASP DevSecOps Guideline tutorialDevSecOps – freeCodeCamp
Container & Kubernetes Security
Containerized workloads introduce unique runtime and supply-chain risks.
docKubernetes Security Documentation docNIST SP 800-190 – Application Container Security Guide

6. Stage 6: Governance, Risk & Compliance (GRC)

Risk Management Frameworks (NIST CSF, ISO 27001)
Security programs must align with business risk and regulatory requirements.
docNIST Cybersecurity Framework Official Site docISO 27001 Overview – ISO.org
Compliance & Regulations (GDPR, HIPAA, PCI-DSS)
Non-compliance carries legal penalties and reputational damage.
docGDPR Official Text – EUR-Lex docPCI DSS Standards – PCI Security Standards Council
Security Policies & Documentation
Written policies enforce accountability and guide employee security behavior.
docSANS Security Policy Templates tutorialWriting Security Policies – CISA

7. Stage 7: Certifications, CTFs & Career Launch

Industry Certifications (CompTIA Security+, CEH, OSCP)
Certifications validate skills and are often required for security job roles.
docCompTIA Security+ Certification Page docOffensive Security OSCP Certification
Capture the Flag (CTF) Practice
CTFs build hands-on attacker mindset and problem-solving under pressure.
tutorialPicoCTF – Beginner CTF Platform tutorialHack The Box – CTF & Lab Platform
Building a Home Lab
Practical lab experience accelerates skill development beyond courses alone.
docVirtualBox Download & Documentation
Portfolio, Resume & Job Search
Showcasing projects and skills differentiates candidates in a competitive market.
docCyberSeek Career Pathway Tool

Want this taught by an AI tutor — with lessons, quizzes, flashcards, and progress tracking?

Open the app — free to start

Generated & verified by RM Full Stack & AI Engineer · Generate your own roadmap · Browse all roadmaps