This comprehensive roadmap is designed to take you from having no technical background to becoming an advanced cybersecurity expert. Itβs divided into three progressive phases and includes skills, tools, YouTube channels, certifications, and hands-on resources. Whether you want to become a penetration tester, security analyst, or cloud security engineer, this guide is your path forward.
π― Goal: Build a solid base in IT and cybersecurity fundamentals.
π€ For: Absolute beginners
β³ Duration: 3β6 months
- Basic IT Skills: Hardware, OS navigation, file systems
- Networking Fundamentals: IP addressing, DNS, HTTP, OSI model
- Cybersecurity Basics: Threat types, security hygiene, encryption
- Wireshark
- VirtualBox / VMware
- Windows CMD & Linux Terminal
- Cybrary β Intro to IT & Cybersecurity
- Professor Messer β A+ & Network+ YouTube courses
- Khan Academy β Computer Science basics
- WsCube Tech β Cybersecurity Full Course (Hindi)
- Professor Messer β CompTIA A+
- NetworkChuck β Networking for Beginners
- The Cyber Mentor β Cybersecurity for Beginners
- Install Linux in VirtualBox
- Use Wireshark to inspect traffic
- Try basic terminal commands
- CompTIA ITF+
- CompTIA A+
π― Goal: Begin specializing and gain practical skills
π€ For: Those with basic IT knowledge
β³ Duration: 6β12 months
- Programming: Python, Bash, PowerShell
- System Administration: Linux/Windows configs, firewalls
- Vulnerability Assessment: Network and system scanning
- Incident Response Basics
- Nmap
- Metasploit
- Burp Suite
- Splunk or ELK Stack
- TryHackMe β "Learn Linux", "Nmap", "Web Hacking 101"
- Hack The Box β Practical CTFs
- Metasploit Unleashed
- Books:
- Python Crash Course
- The Hacker Playbook 3
- Hak5 β Metasploit for Beginners
- LiveOverflow β Binary Exploitation
- The Cyber Mentor β Practical Ethical Hacking
- Write a Python network scanner
- Set up and secure a Linux server
- Complete TryHackMeβs βBasic Pentestingβ room
- CompTIA Network+
- CompTIA Security+
- CEH
π― Goal: Master a cybersecurity domain
π€ For: Intermediate learners ready to specialize
β³ Duration: 1β2 years
- Advanced Penetration Testing: Exploit dev, red teaming
- Security Architecture: Designing secure systems
- Incident Response & Forensics
- Cloud Security: AWS, Azure, IAM
- Cobalt Strike
- Advanced Wireshark
- Splunk, QRadar
- Volatility, Autopsy, EnCase
- SANS Institute β Advanced paid courses
- Pluralsight β Advanced paths
- Offensive Security β PWK/OSCP
- Books:
- Black Hat Python
- Web Application Hackerβs Handbook
- Complete a βHardβ HTB box
- Use Volatility to analyze memory dumps
- Build secure cloud infrastructure in AWS
- OSCP
- CISSP
- CCSP
| Role | Requirements | Tools | Certifications |
|---|---|---|---|
| Security Analyst | Log analysis, SIEM, scripting | Splunk, ELK, Wireshark | Security+, CEH, GCIH |
| Penetration Tester | Exploits, web/app hacking | Metasploit, Burp, Nmap | CEH, OSCP, GPEN |
| Incident Responder | Malware, logs, forensics | Volatility, Autopsy, SIEM | GCIH, CHFI, SANS FOR508 |
| Cloud Security Engineer | AWS/Azure security, IAM, policies | Terraform, AWS CLI, KMS | CCSP, AWS Security Specialty |
| SOC Analyst | SIEM, alerts, triage | QRadar, Splunk, Kibana | Security+, CySA+ |
| Red Team Operator | Advanced exploits, stealth ops | Cobalt Strike, Empire | OSCP, CRTO |
- Reddit: r/netsec, r/hacking, r/cybersecurity
- Discord: TryHackMe, Hack The Box servers
- LinkedIn groups and CTF teams
- Follow top blogs: KrebsOnSecurity, ThreatPost
- Twitter/X: Follow researchers & exploit devs
π¬ Pro Tip: Cybersecurity is a journey. Practice regularly, join CTFs, document your learning, and donβt be afraid to break things in a lab!
Saurabh Subhash Kokate
GitHub: kokatesaurabh
Instagram: 0day.xploit_101
LinkedIn: Saurabh Kokate
X/Twitter: SaurabhKokate20
This roadmap is open-source and available for educational use. Feel free to fork and modify for your personal learning or teaching curriculum.