Phase 1: Foundations (Beginner)

1. Computer Networking
OSI & TCP/IP Models
IP Addressing, Subnetting, DNS, DHCP
HTTP/HTTPS, FTP, SSH, VPNs
Firewalls, Proxies, NAT
2. Operating Systems
Linux Basics (Commands, File System, Permissions)
Windows Administration (Users, Groups, Registry)
Virtualization (VMWare, VirtualBox)
3. Programming & Scripting
Python (Basics → Scripting for Security)
Bash/PowerShell Scripting
C/C++ (For Exploit Development)
4. Cybersecurity Basics
CIA Triad (Confidentiality, Integrity, Availability)
Threat Models, Attack Vectors
Security Policies, Risk Management

Phase 2: Intermediate Skills

5. Web Application Security
OWASP Top 10 (SQLi, XSS, CSRF, SSRF, etc.)
Burp Suite, OWASP ZAP
Secure Coding Practices
6. Network Security
Packet Analysis (Wireshark, Tcpdump)
IDS/IPS (Snort, Suricata)
Nmap, Nessus, Metasploit
7. System Hardening
Windows/Linux Hardening Techniques
Active Directory Security
Patch Management
8. Cryptography
Symmetric/Asymmetric Encryption
Hashing (SHA, MD5), PKI, SSL/TLS
Cryptanalysis Basics
Phase 3: Advanced Topics
9. Penetration Testing
PTES Methodology
Advanced Exploitation (Buffer Overflows, ROP)
Post-Exploitation (Privilege Escalation, Pivoting)
10. Malware Analysis
Static/Dynamic Analysis (IDA Pro, Ghidra)
Reverse Engineering
Sandboxing (Cuckoo)
11. Cloud Security
AWS/Azure/GCP Security
Container Security (Docker, Kubernetes)
Serverless Security
12. Digital Forensics & Incident Response (DFIR)
Disk/Memory Forensics (FTK, Volatility)
Chain of Custody, Evidence Handling
SIEM (Splunk, ELK)
13. Red Team / Blue Team
Red: Advanced Attack Simulations (C2 Frameworks)
Blue: Threat Hunting, SOC Operations

Phase 4: Specializations (Choose One)

14. Offensive Security
OSCP, OSCE Certifications
Advanced Exploit Development
15. Defensive Security
CISSP, CISM Certifications
Security Architecture
16. Industrial Control Systems (ICS) Security
SCADA, IoT Security
17. Threat Intelligence
TTPs, APT Analysis

Phase 5: Continuous Learning

Bug Bounty Programs (HackerOne, Bugcrowd)
CTF Challenges (TryHackMe, HackTheBox)
Research Papers & Conferences (BlackHat, DEF CON)
Tools to Master Along the Way
Scanning: Nmap, Nessus
Exploitation: Metasploit, Burp Suite
Forensics: Autopsy, Volatility
Defensive: Snort, Wazuh, Splunk

This roadmap is linear but flexible—adjust based on your interests (e.g., focus more on
offense/defense). Would you like resource recommendations for each phase?

Here’s a detailed resource breakdown for each phase of the cybersecurity roadmap, including free &
paid learning materials, tools, and certifications:

Phase 1: Foundations (Beginner)

1. Computer Networking

Free:
Computer Networking Full Course (YouTube – Kunal Kushwaha)
Practical Networking (Website)
Paid:
Book: Network+ Guide to Networks by Jill West
Course: Cisco CCNA (Udemy)

2. Operating Systems

Linux:
Linux for Hackers (YouTube – The Cyber Mentor)
OverTheWire Bandit (CTF-style practice)
Windows:
Windows Command Line Basics (FreeCodeCamp)

3. Programming & Scripting

Python:
Automate the Boring Stuff (Free Book)
Python for Cybersecurity (YouTube – The Cyber Mentor)
Bash/PowerShell:
Bash Scripting Tutorial (LinuxHint)
PowerShell for Beginners (Microsoft Docs)
4. Cybersecurity Basics

Free:
Cybersecurity Fundamentals (IBM Coursera)
TryHackMe Pre-Security Path
Paid:
Book: Cybersecurity for Dummies by Joseph Steinberg

Phase 2: Intermediate Skills

5. Web Application Security

OWASP Top 10:

OWASP Web Security Testing Guide
PortSwigger Web Security Academy (Free Labs)
Burp Suite:
Burp Suite Tutorial (YouTube – The Cyber Mentor)

6. Network Security

Nmap & Wireshark:

Nmap Crash Course (YouTube – The Cyber Mentor)
Wireshark Tutorial (YouTube – NetworkChuck)
Metasploit:
Metasploit Unleashed (Free Course)

7. System Hardening

Windows:
Windows Hardening Guide (Microsoft)
Linux:
Linux Hardening Checklist (GitHub)

8. Cryptography

Free:
Crypto 101 (Book)
Cryptography (Khan Academy)

Phase 3: Advanced Topics

9. Penetration Testing
 Free:
TryHackMe Offensive Pentesting Path
HackTheBox Machines
Paid:
Certification: OSCP (Offensive Security)

10. Malware Analysis

Free:
Malware Analysis Tutorials (YouTube – OALabs)
Practical Malware Analysis (Book – Free PDF)

11. Cloud Security

AWS:
AWS Security Fundamentals (Free)
Azure:
Microsoft Learn Security Modules

12. Digital Forensics (DFIR)

Free:
SANS DFIR Resources
Volatility Memory Forensics (YouTube)

Phase 4: Specializations
14. Offensive Security (Red Team)

Certifications:
OSCP → OSEP (Advanced Exploitation)
Tools:
Cobalt Strike, Sliver (C2 Frameworks)

15. Defensive Security (Blue Team)

Certifications:
CISSP (Management)
CySA+ (SOC Analyst)
Tools:
Splunk, ELK Stack, Wazuh

16. ICS/SCADA Security

Free:
 ICS Security for Beginners (YouTube)

Phase 5: Continuous Learning

Bug Bounties:
HackerOne
Bugcrowd University
CTFs:
CTFTime (List of CTFs)
Research:
Follow BlackHat/DEF CON Talks on YouTube

Bonus: Certifications Roadmap

Level Certification Focus Area

Entry CompTIA Security+ General Security
Intermediate CEH (Ethical Hacking) Offensive Basics
Advanced OSCP (Pentesting) Hands-on Exploitation
Expert OSEE (Exploit Dev) Advanced Offensive
Defensive CISSP Security Management

Final Tips:
1. Practice daily (Labs > Theory).
2. Join cybersecurity communities (Discord, Reddit r/netsec).
3. Build a home lab (VirtualBox + Metasploitable).

Would you like a 30/60/90-day study plan based on this roadmap? 🚀

Here’s a 30/60/90-day study plan based on the cybersecurity roadmap, designed for consistent
progress while balancing theory and hands-on practice:

📅 Month 1 (Days 1-30): Foundations & Basic Skills

Goal: Build core knowledge in networking, Linux, and basic security concepts.
Week 1-2: Networking & OS Basics

Day 1-7:
Watch Computer Networking Full Course (YouTube).
Set up a home lab (VirtualBox + Kali Linux).
Practice Linux commands with Linux Journey.
Day 8-14:
Learn TCP/IP, subnetting, DNS, DHCP.
Try basic Wireshark packet analysis.
Complete OverTheWire Bandit (Levels 1-10).

Week 3-4: Scripting & Security Basics

Day 15-21:
Learn Python basics (Automate the Boring Stuff).
Write a simple port scanner in Python.
Day 22-30:
Study CIA Triad, threat models.
Complete TryHackMe Pre-Security Path.
Tool Practice: Nmap, Wireshark.

📅 Month 2 (Days 31-60): Intermediate Skills (Offensive

Focus)
Goal: Learn penetration testing, web security, and network attacks.

Week 5-6: Web App Security

Day 31-37:
Study OWASP Top 10 (PortSwigger Labs).
Practice SQLi, XSS on DVWA (Damn Vulnerable Web App).
Day 38-45:
Learn Burp Suite (YouTube Tutorial).
Complete 5+ TryHackMe Web rooms (e.g., OWASP Juice Shop).

Week 7-8: Network Pentesting

Day 46-52:
Master Nmap scanning ( -A , -sV , -p- ).
Attack Metasploitable VM with Metasploit.
Day 53-60:
Try HackTheBox (HTB) Easy Machines (e.g., "Blue", "Legacy").
Learn privilege escalation (GTFOBins).
📅 Month 3 (Days 61-90): Advanced Topics & Specialization
Goal: Dive into malware, forensics, or cloud security + certification prep.

Week 9-10: Choose a Focus Area

Option 1: Red Team/Pentesting

Day 61-70:
Practice buffer overflows (TryHackMe "Buffer Overflow Prep").
Learn C2 frameworks (Metasploit → Sliver).
Day 71-80:
Solve 3+ HTB Medium Machines.
Start OSCP Prep (TJNull’s List).

Option 2: Blue Team/Defensive

Day 61-70:
Learn SIEM (Splunk) (Free Splunk Fundamentals).
Practice log analysis (TryHackMe SOC Level 1).
Day 71-80:
Study CISSP Domains (MindMaps).

Week 11-12: Cert Prep + Real-World Practice

Day 81-90:
For OSCP: Do PG Practice Machines (HTB/Proving Grounds).
For CISSP: Take practice exams (Boson, CCCure).
Bug Bounty: Hunt on HackerOne (start with low-hanging fruit).

🎯 Weekly Routine (Example)

Day Task Time

Mon-Wed Theory (Courses/Books) 2 hrs
Thu-Fri Hands-On Labs (HTB, THM) 3 hrs
Sat CTF/Bug Bounty 4 hrs
Sun Review Weak Areas 1 hr

🔥 Pro Tips:
 1. Track Progress: Use a spreadsheet for labs/machines solved.
2. Join Communities: Discord (e.g., The Cyber Mentor, HackTheBox).
3. Stay Consistent: Even 1 hour/day > 7 hours/weekend.

Want adjustments? (e.g., more defense-focused, slower pace?) Let me know! 🚀