Cybersecurity · Career Roadmap

Cybersecurity Engineering

A structured journey from beginner to security expert. Follow the phases in order — each builds on the previous one — and choose your specialisation as you progress.

RoadmapBlue Team · Red Team · Cloud · DevSecOps
LevelBeginner → Expert
ApproachLearn + Labs + Portfolio
Ready to learnBrowse all programs

What you'll gain

  • Clear phases covering foundations, blue team, red team, and advanced tracks.
  • Practical labs using industry tools and real-world workflows.
  • Guidance toward certifications and specialisation paths.
  • Portfolio-ready practice through platforms and projects.

Skills you'll build

You'll learn the fundamentals first, then move into defensive and offensive skills, and finally specialise into cloud security and DevSecOps.

Linux & Windows command lineNetworking fundamentals (TCP/IP, DNS, HTTP/S)Python & Bash scriptingSecurity mindset & core concepts (CIA triad)SIEM & log analysisIncident response & forensicsWeb app security (OWASP Top 10)Cloud security & DevSecOps

Who this is for

Ideal for beginners, IT professionals, developers pivoting into security, and anyone wanting a structured learning path.

Recommended prerequisites

  • Curiosity and consistency (a little every day)
  • Comfort using a computer and learning new tools
  • Willingness to practice in labs (TryHackMe / HackTheBox)
  • Basic networking interest (you’ll learn the rest)
  • Ability to communicate in written and spoken English

Phase-by-phase roadmap

Follow the phases in order. We keep the roadmap clear and structured — without week labels — so you can move at your own pace.

Phase 1 — Foundations

Beginner
  • Operating Systems: Linux & Windows CLI, file systems, processes, permissions
  • Networking basics: OSI model, TCP/IP, DNS, HTTP/S, subnetting, routing & switching
  • Programming: Python for scripting & automation + Bash basics
  • Security concepts: CIA triad, authentication, encryption basics, security mindset

Phase 2 — Core Security

Essential
  • Network security: firewalls, IDS/IPS, VPNs, Wireshark packet analysis, monitoring
  • Cryptography: symmetric/asymmetric encryption, hashing, PKI, TLS/SSL, signatures
  • Frameworks: NIST CSF, ISO 27001, CIS Controls
  • Compliance & GRC: GDPR, HIPAA, PCI‑DSS, risk management fundamentals

Phase 3 — Blue Team

Defence
  • SIEM & log analysis: Splunk, ELK, Microsoft Sentinel investigations
  • Incident response: detect, contain, eradicate, recover; build IR playbooks
  • Digital forensics: disk/memory basics, evidence handling, timeline analysis
  • Malware analysis: static/dynamic analysis, sandboxing, IOC extraction

Phase 4 — Red Team

Offence
  • Ethical hacking: recon → scanning → exploitation → post‑exploitation
  • Penetration testing: Nmap, Metasploit, Burp Suite; structured methodology
  • Web app security: OWASP Top 10 (SQLi, XSS, SSRF, auth issues, API testing)
  • Wireless basics: WPA2/3 concepts, evil twin, deauth, Bluetooth/RF fundamentals

Phase 5 — Advanced

Expert
  • Cloud security: AWS/Azure/GCP, IAM misconfigs, cloud‑native attacks, shared responsibility
  • DevSecOps: shift‑left security, CI/CD hardening, container security, SAST/DAST tooling
  • Reverse engineering: assembly, disassembly, decompilation fundamentals
  • Exploit development: buffer overflows, ROP, heap concepts, CVE analysis and PoC writing

Phase 6 — Career

Career
  • Entry certifications: Security+, Google Cybersecurity, CEH (choose what fits)
  • Advanced certs: OSCP, CISSP, CISM depending on your path
  • Practice platforms: TryHackMe, HackTheBox, PentesterLab, VulnHub
  • Specialise: Threat Intel, AppSec, Cloud Security, ICS/SCADA, AI Security

Practice platforms

Cybersecurity is a skill — you build it through reps. Use these platforms alongside the roadmap.

TryHackMe

Beginner-friendly guided learning paths and labs.

Best place to start

HackTheBox

Intermediate → advanced hands‑on boxes and challenges.

Skill builder

PortSwigger Web Security Academy

World‑class, free web security training and labs.

Web mastery

PentesterLab / VulnHub

More practice labs, especially for web and system exploitation.

Extra reps

Ready to start your cybersecurity journey?

Tell us your background and goals and we'll recommend the best track (blue team, red team, cloud security, or DevSecOps).

Ready to learn