Cybersecurity Professional Syllabus

Your Complete Roadmap from Novice to Expert

A comprehensive, structured learning path with courses, certifications, hands-on labs, projects, and resources to launch and advance your cybersecurity career.

4
Learning Phases
50+
Free Courses
30+
Certifications
100+
Resources

Learning Path Overview

Structured Learning

Progress through four carefully designed phases, from absolute beginner to industry expert. Each phase builds upon the previous, ensuring a solid foundation before advancing to complex topics.

Hands-On Practice

Learn by doing with practical labs, CTF challenges, and real-world projects. Build a portfolio that demonstrates your skills to potential employers.

Industry Certifications

Prepare for leading industry certifications including CompTIA Security+, CISSP, OSCP, and more. Get certification guidance and preparation resources.

Community Resources

Access curated YouTube channels, online platforms, books, and community forums. Join a global community of learners and professionals.

Your Learning Journey

1

Phase 1: Foundation (0-6 months) Novice

Master computer fundamentals, networking, operating systems, and basic security concepts. Set up your home lab and learn programming basics.

Networking Linux Python Security Basics
2

Phase 2: Core Skills (6-12 months) Intermediate

Master security tools, penetration testing, defensive security, and web application security. Complete CTF challenges and earn your first certification.

Wireshark Metasploit SIEM Web Security
3

Phase 3: Specialization (12-18 months) Advanced

Choose your specialization: Red Team, Blue Team, GRC, Cloud Security, or Application Security. Pursue advanced certifications and complex projects.

OSCP CISSP Cloud Security DFIR
4

Phase 4: Expert Level (18+ months) Expert

Lead security programs, conduct research, contribute to the community, and achieve expert-level certifications. Become a thought leader.

Leadership Research Architecture Mentoring
Novice Level

Phase 1: Foundation

Duration: 0-6 months

Learning Objectives

  • Understand basic computer and network concepts
  • Learn Linux and Windows fundamentals
  • Grasp cybersecurity principles (CIA Triad)
  • Set up your first home lab
  • Learn basic scripting (Python/Bash)
  • Complete beginner CTF challenges

Computer & Networking Fundamentals

Free Courses

CS50's Introduction to Cybersecurity
Harvard University | 5 weeks
Learn More
Networking Fundamentals
Cisco Networking Academy | Self-paced
Learn More
Google Cybersecurity Certificate
Google via Coursera | 8 months
Learn More

YouTube Channels

NetworkChuck
Network fundamentals & IT education
Visit Channel
Professor Messer
Free certification training
Visit Channel
David Bombal
Practical networking tutorials
Visit Channel

Operating Systems & Command Line

Linux Fundamentals

Linux Journey
Free interactive tutorial
OverTheWire: Bandit
Command line practice wargame
Commands to Master:
ls, cd, pwd, cat, grep, find, chmod, chown, sudo, apt, ssh, netstat, ping

Windows Administration

Microsoft Learn
Free official documentation
Commands to Master:
ipconfig, ping, netstat, tasklist, net user, PowerShell basics

Home Lab Setup

Build Your First Security Lab

Lab Setup Steps
  1. Install VirtualBox/VMware
  2. Download Kali Linux VM
  3. Set up Ubuntu Server
  4. Configure networking
  5. Practice basic commands

Phase 1 Projects

Home Lab with 3 VMs
Skills: Virtualization, OS basics
Beginner
Network Diagram
Skills: Networking concepts
Beginner
Python IP Ping Script
Skills: Python, Networking
Beginner
Basic Firewall with UFW
Skills: Linux, Security
Beginner

Recommended Certifications

CompTIA Network+

Networking fundamentals

Learn More →

ISC2 CC

Free security basics certification

Learn More →

CompTIA Security+

Entry-level security certification

Learn More →
Intermediate Level

Phase 2: Core Skills

Duration: 6-12 months

Learning Objectives

  • Master security tools (Wireshark, Nmap, Metasploit)
  • Learn penetration testing methodology
  • Understand SIEM and defensive security
  • Complete guided CTF challenges
  • Master web application security (OWASP Top 10)
  • Earn first security certification

Network Security & Traffic Analysis

Essential Tools

Wireshark
Network packet analysis
Official Site
Nmap
Network scanning & enumeration
Official Site
Metasploit Framework
Penetration testing platform
Official Site

Learning Resources

Wireshark Tutorial (David Bombal)
Watch on YouTube
Nmap Tutorial (NetworkChuck)
Watch on YouTube
Metasploit Unleashed
Free Course

Penetration Testing & Ethical Hacking

Hands-On Learning Platforms

TryHackMe

Guided learning paths & CTF challenges

Visit Platform
Hack The Box

Realistic hacking challenges

Visit Platform
VulnHub

Downloadable vulnerable VMs

Visit Platform

TryHackMe Learning Paths

Complete Beginner
Core cybersecurity concepts | ~40 hours
Pre-Security
Security fundamentals | ~20 hours
Web Fundamentals
Web application security | ~30 hours
Jr Penetration Tester
Pentesting basics | ~50 hours

Defensive Security & SOC

SIEM Tools

Splunk
Industry-leading SIEM platform
Free Version Available
Wazuh
Open source SIEM platform
Free & Open Source
Security Onion
Network security monitoring
Free Download

SOC Training Platforms

LetsDefend
SOC analyst training & simulations
Visit Platform
CyberDefenders
Blue team CTF challenges
Visit Platform
Blue Team Labs Online
Defensive security training
Visit Platform

Web Application Security

OWASP Top 10 (2021)

A01: Broken Access Control
A02: Cryptographic Failures
A03: Injection
A04: Insecure Design
A05: Security Misconfiguration
A06: Vulnerable Components
A07: Authentication Failures
A08: Software and Data Integrity
A09: Security Logging Failures
A10: Server-Side Request Forgery

Practice Platforms

PortSwigger Web Security Academy
Free Training →
OWASP Juice Shop
Download →

Phase 2 Projects

Vulnerable Web App Lab
Skills: Web Security, VMs
Intermediate
SIEM Dashboard
Skills: Log Analysis, Splunk
Intermediate
Penetration Test on VM
Skills: Pentesting methodology
Intermediate
Network Packet Analyzer
Skills: Python, Networking
Intermediate

Phase 2 Certifications

CompTIA Security+

Core security skills certification

Learn More →

CompTIA CySA+

Security analytics certification

Learn More →

CEH

Certified Ethical Hacker

Learn More →
Advanced Level

Phase 3: Specialization

Duration: 12-18 months

Choose Your Specialization Path

Select a track based on your interests and career goals. Each specialization offers unique challenges and opportunities.

Red Team

Offensive Security

  • Penetration Testing
  • Bug Bounty Hunting
  • Exploit Development
  • Red Team Operations
Key Certifications:
OSCP, CPTS, CBBH, CRTO

Blue Team

Defensive Security

  • SOC Analyst
  • Incident Response
  • Threat Hunting
  • Digital Forensics
Key Certifications:
BTL1, BTL2, GCIH, GCFA

GRC

Governance, Risk & Compliance

  • Compliance Management
  • Risk Assessment
  • Security Auditing
  • Policy Development
Key Certifications:
CISM, CISA, CRISC, CISSP

Cloud Security

Cloud Infrastructure Security

  • AWS/Azure/GCP Security
  • Cloud Pentesting
  • Container Security
  • DevSecOps
Key Certifications:
AWS Security, AZ-500, CCSP

DFIR

Digital Forensics & IR

  • Incident Response
  • Malware Analysis
  • Digital Forensics
  • Memory Forensics
Key Certifications:
GCFA, GCIH, FOR500, FOR508

AppSec

Application Security

  • Secure Development
  • Code Review
  • App Pentesting
  • DevSecOps
Key Certifications:
GWAPT, CSSLP, OSCP

Red Team / Penetration Testing Track

Advanced Tools & Platforms

Training Courses
OSCP (Penetration Testing with Kali)
Offensive Security
Learn More
CPTS (Certified Penetration Testing Specialist)
Hack The Box Academy
Learn More

Cloud Security Track

Cloud Certifications by Provider

AWS Security
  • AWS Certified Security - Specialty
  • AWS Free Tier for Practice
Learn More →
Azure Security
  • Azure Security Engineer (AZ-500)
  • Azure Free Account
Learn More →
GCP Security
  • Google Cloud Security Engineer
  • GCP Free Tier
Learn More →

Phase 3 Projects

Active Directory Lab & Attacks
Skills: AD Pentesting
Advanced
Malware Analysis Sandbox
Skills: Malware Analysis
Advanced
Cloud Security Automation Tool
Skills: Cloud Security, Python
Advanced
SIEM Detection Rule Library
Skills: Threat Detection
Advanced
Expert Level

Phase 4: Expert Level

Duration: 18+ months

Learning Objectives

  • Lead security teams and programs
  • Architect enterprise security solutions
  • Conduct advanced research and development
  • Contribute to the security community
  • Mentor junior professionals
  • Establish thought leadership

Leadership & Management

CISSP

Security Leadership & Management

Learn More →

CISM

Information Security Management

Learn More →

CCISO

Chief Information Security Officer

Learn More →

Research & Community Contribution

Contributing to Community

CVE Research
Find and report vulnerabilities
MITRE CVE →
Open Source Contributions
Contribute to security tools
GitHub →
Conference Presentations
Share research at DEF CON, Black Hat

Building Your Reputation

Bug Bounty Programs
Find vulnerabilities for rewards
HackerOne → Bugcrowd →
Blog & Write-ups
Share your knowledge through writing
Mentoring
Help junior professionals grow

Expert-Level Certifications

OSCE3

Offensive Security Certified Expert

GXPN

GIAC Exploit Researcher & Advanced PT

GSE

GIAC Security Expert

Resources

Essential YouTube Channels

John Hammond

CTFs, Malware Analysis, Security

Visit Channel →

NetworkChuck

IT & Cybersecurity Education

Visit Channel →

The Cyber Mentor

Practical Security & Career Advice

Visit Channel →

David Bombal

Networking & Security Tutorials

Visit Channel →

IppSec

Hack The Box Walkthroughs

Visit Channel →

13Cubed

Digital Forensics & DFIR

Visit Channel →

Recommended Books

Beginner

Essential Reading

  • • Cybersecurity: The Beginner's Guide
  • • Hacking: The Art of Exploitation
  • • Linux Basics for Hackers
  • • The Basics of Hacking and Penetration Testing
Intermediate

Skill Building

  • • The Web Application Hacker's Handbook
  • • Real-World Bug Hunting
  • • Practical Packet Analysis
  • • Incident Response & Computer Forensics
Advanced

Expert Level

  • • The Shellcoder's Handbook
  • • The Art of Software Security Assessment
  • • Gray Hat Python
  • • Practical Malware Analysis

Hands-On Projects

Why Projects Matter

Practical projects demonstrate your hands-on skills to employers, help you understand concepts deeply, and build a portfolio that sets you apart from other candidates. Each project should be documented and showcased on GitHub or your personal website.

Beginner Foundation Projects

1. Home Lab Setup

Build a virtualized environment with Kali Linux, Ubuntu Server, and Windows VMs

Skills Gained:
  • • Virtualization (VirtualBox/VMware)
  • • OS installation and configuration
  • • Network configuration

2. Python Network Scanner

Create a script to scan IP ranges and identify active hosts

Skills Gained:
  • • Python programming
  • • Socket programming
  • • Network concepts (TCP/IP, ports)

3. Basic Firewall Configuration

Set up and configure UFW (Uncomplicated Firewall) on Linux

Skills Gained:
  • • Firewall concepts
  • • Linux system administration
  • • Network security basics

4. Security Policy Document

Create a sample security policy for a small organization

Skills Gained:
  • • Security policy development
  • • Risk assessment basics
  • • Technical writing

Intermediate Core Skills Projects

1. Vulnerable Web Application Lab

Deploy and test OWASP Juice Shop or DVWA

Skills Gained:
  • • Web application security
  • • OWASP Top 10 vulnerabilities
  • • Testing methodology

2. Basic Penetration Test Report

Conduct a simple pen test and document findings

Skills Gained:
  • • Penetration testing methodology
  • • Vulnerability assessment
  • • Report writing