Intro

The assumption is you are starting from scratch. You don’t know what you don’t know hence you don’t know what you need to know.

I’m here to here to help you with that.

Let me preface this by saying THERE IS NO ONE PATH INTO CYBSERSECURITY.

These are merely my suggestions based on my experience.

Take what you think is useful, tailor it to your schedule and goals and feel free to discard the rest.

Unless you already know exactly what you want to specialize in, take your time to explore different areas.

It’s okay to feel a little lost as you try to figure out what exactly piques your interest.

Starting Point

Start with TryHackMe.

In my humble opinion, TryHackMe has the best content (beginner and advanced) out there for the price.

My favorite thing about TryHackMe is the wide variety of paths to pick from with most of them including FREE.99 content.

They even have a whole localized roadmap around their content to help you learn the right things.

There are two views - Premium & Free. I also gravitate towards starting with free stuff and then paying if you like what you see.

I recommend you do the following paths to, firstly, get familiar with the basics of security, secondly, get familiar with the different specializations within security.

After all, you might just decide you want to be a blue teamer after trying out the SOC Level 1 path and that’s totally okay.

Go to the learning paths and go through the following paths:

• Pre security

• Intro to Cyber Security

• Complete Beginner

• Soc Level 1 - This one is long so let’s make it optional. You can skim through the material

• Jr Penetration Tester

• Security Engineer

At this point, you should be able to decide what route you want to take.

By this, I mean either red team or blue team.

This is a very important decision as it will inform most of what you consume from this point on.

Red Team / Hacker Roadmap

I work as a penetration tester (hacker) and there are a few things you do to start learning the skills required for the job.

1. Use Capture The Flag (CTF) platforms -

   CTFs are gamified learning scenarios intended to test and develop cybersecurity skills. Platforms to check out include

   • TryHackMe (General) - Covers everything security-related. Free & Premium labs. Probably the best starting point for anything with a paid subscription.

   • Hack The Box (General) - Covers everything security-related. Free & Premium labs. Has a separate academy platform that is a goldmine, but a little more pricey than other alternatives.

   • PwnedLabs (Cloud & DevOps) - Mostly focused on cloud security with everything from AWS, GCP, and Azure with free and premium labs. Also covers DevSecOps topics.

   • Portswigger (Web) - Best research for anything web application security-related. All labs are free. Research papers are gold.

   • Vulnlab (Enterprise Security/AD) - Focuses on enterprise security with red teaming labs that have standalone machines and big Active Directory Environments

2. Certifications

   There are a lot of certifications available.

   In my humble opinion; the cheaper the certification, the less recognition it gets you for the most part.

   Of course, there are exceptions to the rule - vendors like TCM Security and Altered Security offer rich content at affordable prices.

   But a $25 certification by some random vendor with no street cred? C’mon now.

   Don’t get caught up in people telling you what certifications to take and what not to take.

   Everyone has a different experience with different vendors.

   If you can afford the certification you are eyeing and you like the curriculum, go for it.

   I recommend you look into the following certifications - they are in order of difficulty:

   • eJPT by eLearnSecurity

   • AWS Cloud Practitioner

   • AWS Solutions Architect Associate

   • PJPT by TCM Security

   • BSCP by Portswigger

   • CRTP by Altered Security

   • PNPT by TCM Security

   • OSCP by Offsec

   • Certified Cyber Defender by Cyber Defenders - Opens doors for purple teaming-type work

   • CPTS by Hack The Box

   • OSEP by Offsec

   • CWEE by Hack The Box

   • At this point, you probably already know what else to take

3. Bug Bounty Platforms

   These are programs that allow companies and hackers to meet.

   Companies basically outsource their security testing and anyone on the platform can try to find any vulnerabilities in the infrastructure listed and get paid for it.

   This requires a lot of prior knowledge so you’d probably want to start bug bounty hunting after learning some of the fundamentals of web security, Linux, etc.

   There are a lot of people who can help you navigate the bug bounty world more than I would and here are some of my favorite creators (or some of their products/services):

   • Nahamsec: https://www.youtube.com/@NahamSec

   • JHaddix: https://www.youtube.com/c/jhaddix

   • Critical Thinking Bug Bounty podcast: https://www.youtube.com/@criticalthinkingpodcast

   • Grzegorz - BBRE: https://www.youtube.com/@BugBountyReportsExplained

     • Bug Bounty Reports Explained - https://members.bugbountyexplained.com/premium/

   • Securi Bee - https://securib.ee/newsletter/

Blue Team / Defender

Coming Soon, but for now

Check out Day Cyberwox. He started out in SOC analysis and all and is now in cloud security, detection and incident response.