Cyber Security Roadmap: From Zero to Professional
Break It. Defend It. Master It.
With Tech In shortly – Evolve with tech …
From zero to job-ready. Build foundations, master offensive and defensive tools, then specialise as a hacker or defender.
Phase 1
Pre-Security (SEC0)
No experience needed
▶
Intro to Cyber Security
Offensive security introDefensive security introCareers in cyber
Network Fundamentals
What is networking?Intro to LANOSI modelPackets & framesExtending your network
How the Web Works
DNS in detailHTTP in detailHow websites workPutting it all together
Computer Fundamentals
Inside a computer systemComputer typesClient-server basicsVirtualisation basicsCloud computing fundamentals
OS Basics
OS introductionWindows basicsLinux CLI basicsWindows CLI basicsOS security
Software Basics
Data representationData encodingPython demoJavaScript demoSQL basics
Attacks & Defenses
CIA triadCryptography concepts
🎯 Goal: Understand how computers, networks & the internet actually work — before touching security tools
Phase 2
Cyber Security 101 (SEC1)
Core practical skills
▶
Linux & Windows Deep Dive
Linux fundamentals 1–3Windows fundamentals 1–3Active Directory basicsWindows CMDPowerShellLinux shells
Networking
Networking conceptsCore protocolsSecure protocolsWiresharkTcpdumpNmap
Cryptography
Crypto basicsPublic key cryptographyHashing basicsJohn the Ripper
Exploitation Basics
CVE-2024-21413Metasploit introMetasploit exploitationMeterpreter
Web Hacking
Web app basicsJavaScript essentialsSQL fundamentalsBurp Suite
Offensive Tools
HydraGobusterSQLMapShells overview
Defensive Security
SOC fundamentalsDigital forensicsIncident responseLogs fundamentalsSIEM introFirewall fundamentalsIDS fundamentals
Defensive Tools
CyberChefCAPAREMnuxFlareVM
OWASP Top 10 (2025)
IAAA failuresApplication design flawsInsecure data handling
🎯 Goal: Gain practical offensive + defensive skills across OS, networking, web hacking & SOC
Phase 3
Security Engineer Path
Design & defend systems
▶
Foundations
Security engineer introSecurity principlesCryptographyIdentity & access management
Threats & Risks
Governance & regulationThreat modellingRisk managementVulnerability management
Network & System Security
Secure network architectureLinux hardeningWindows hardeningAD hardeningNetwork device hardeningCloud security introAuditing & monitoring
Software Security
OWASP API Top 10SSDLCSASTDASTDevSecOps intro
Incident Management
IR & IM introLogging for accountabilityBecoming a first responderCyber crisis management
🎯 Goal: Design secure systems, manage risk, and lead incident response
Career Roles
Security engineerSecurity analystPenetration testerSOC analystEthical hacker
AI is the new attack surface. Learn to break it, defend it, and secure the full AI lifecycle — from models to data pipelines.
Phase 1
AI Fundamentals
Understand how AI works
▶
AI/ML security threatsAI models & dataPrompt engineeringAI forensicsContAInment strategies
🎯 Goal: Understand how AI systems function and where they can be exploited
Phase 2
Securing AI Systems
Protect real AI environments
▶
Securing AI systemsLLM security risksAI threat modellingAI system reconnaissanceRisk assessment & mitigation
🎯 Goal: Identify weaknesses and design more secure AI architectures
Phase 3
Prompt Security (LLM Attacks)
Attack & defend LLMs
▶
Prompt injection attacksJailbreaking techniquesPrompt defence strategiesLLMborghini (lab)White Rabbit (lab)
🎯 Goal: Understand how attackers manipulate AI behavior — and how to stop them
Phase 4
AI Supply Chain Security
Secure the full AI pipeline
▶
AI supply chain overviewSupply chain attack vectorsSecuring AI pipelinesModel & dependency risksPayload (lab)Checkpoint (lab)
🎯 Goal: Protect the full lifecycle — data, models, dependencies, and deployment
Phase 5
Data Poisoning & AI Attacks
Protect AI training data
▶
RAG security fundamentalsData poisoning in RAGSensitive data leakageHidden/unindexed data exposureUnIndexed (lab)Lockdown (lab)
🎯 Goal: Defend against data manipulation attacks targeting AI systems
Career Roles
AI security engineerLLM security specialistAI red teamerML security analyst
Cloud security is one of the most in-demand skills today. Learn to attack and defend the world’s most widely used cloud platform.
Phase 1
AWS Fundamentals
How cloud systems work
▶
AWS Cloud 101AWS basic conceptsShared responsibility modelCloud services overview
🎯 Goal: Understand how AWS and cloud computing work at a fundamental level
Phase 2
Identity & Access Management (IAM)
Control who accesses what
▶
IAM introIAM principalsIAM permissions & policiesIAM credentialsLeast privilege principleSTS credentials lab
🎯 Goal: Master access control — the #1 source of cloud misconfigurations
Phase 3
Core Services — Attack & Defense
Secure S3, EC2, VPC
▶
AWS S3 attack & defenseAmazon EC2 attack & defenseAWS VPC securityVPC data exfiltrationCloud misconfigurations
🎯 Goal: Understand real-world attack techniques on core AWS services — and how to stop them
Phase 4
Serverless Security
Lambda, APIs & beyond
▶
AWS Lambda securityLambda data exfiltrationAWS API GatewayLambda authorizer abuse
🎯 Goal: Secure serverless infrastructure, which is often overlooked by defenders
Phase 5
IAM Privilege Escalation
Advanced attack techniques
▶
IAM enumerationIAM initial accessPrivilege escalation techniquesCloud monitoring & logging
🎯 Goal: Think like an attacker to build stronger cloud defenses
Career Roles
Cloud security engineerAWS security specialistCloud SOC analystDevSecOps cloud engineer
Integrate security into every stage of software development — from writing code to deploying containers and managing infrastructure.
Phase 1
Secure Software Development
Security from day one
▶
DevSecOps introSDLC overviewSecure SDLC (SSDLC)Secure coding practicesShift-left security
🎯 Goal: Understand how secure software development differs from standard dev practice
Phase 2
Security of the Pipeline
Protect code delivery
▶
Pipeline automation introSource code securityCI/CD securityBuild securityCredential hygiene
🎯 Goal: Secure the code’s entire journey from commit to deployment
Phase 3
Security in the Pipeline
Find & fix vulnerabilities early
▶
Dependency managementStatic analysis (SAST)Dynamic analysis (DAST)Code security analysisMother’s Secret (lab)
🎯 Goal: Catch vulnerabilities before they ever reach production
Phase 4
Container Security
Docker & Kubernetes
▶
Intro to containerisationDocker basicsKubernetes introContainer vulnerabilitiesContainer hardening
🎯 Goal: Secure containerized applications from image to runtime
Phase 5
Infrastructure as Code (IaC)
Secure cloud infrastructure
▶
IaC fundamentalsOn-premises IaC securityCloud-based IaCSecure deployment practices
🎯 Goal: Treat infrastructure like code — and secure it the same way
Career Roles
DevSecOps engineerSecurity automation engineerApplication security engineer