Complete Cybersecurity Learning Path

Cybersecurity Mastery Roadmap

A streamlined, step-by-step guide to starting and advancing your cybersecurity career. From fundamentals to expert-level specializations — curated to prevent information overload.

5Phases
12Sections
36+Topics
200+Resources
Full Document

Beginner? Start Here

From zero to "I know what I'm doing" in 30 days using only free resources.

11–2 hrs

Linux Basics

Linux Journey + OverTheWire Bandit

21–2 hrs

Networking Basics

Professor Messer Network+ (Free)

31–2 hrs

Security Fundamentals

TryHackMe Pre-Security Path

41–2 hrs

First Hands-on Hacking

TryHackMe Complete Beginner Path

1

Phase 1: Foundation

4–8 weeks

Computing fundamentals, networking, basic security principles and tools.

1Computer Fundamentals

Essential1–2 weeks

Operating Systems

CS50: Introduction to Computer Science (Harvard)
Essential1–2 weeks

Linux Fundamentals

Linux Journey (Grasshopper section)
Essential1–2 weeks

Networking Basics

Professor Messer Network+ Full Course
Essential2–3 weeks

Programming Fundamentals

Python Tutorial by Corey Schafer (YouTube)

2Information Security Principles

Essential1 week

CIA Triad & Security Fundamentals

NIST Cybersecurity Framework Online Learning
Recommended1–2 weeks

Cryptography Basics

Khan Academy Cryptography
Recommended1 week

Security Policies & Compliance

SANS Security Policy Templates

3Basic Security Tools

Essential1–2 weeks

Security Tool Fundamentals

TryHackMe: Complete Beginner Path
Recommended1 week

Vulnerability Scanning

OpenVAS / Greenbone Community Edition
2

Phase 2: Technical Skills

8–16 weeks

Practical security skills across network, system, and web domains.

4Network Security

Essential2–3 weeks

Network Protocols & Security

TryHackMe: Network Fundamentals
Recommended1–2 weeks

Firewalls & IDS/IPS

Snort IDS Tutorial on TryHackMe
Recommended1 week

VPN & Secure Communications

WireGuard Quick Start Guide

5System Security

Essential2–3 weeks

Operating System Security

TryHackMe: Windows Fundamentals + Linux Privesc
Recommended1 week

Endpoint Protection

Wazuh Open-Source HIDS Setup Guide
Recommended1 week

Vulnerability Management

Nessus Essentials (Free for 16 IPs)

6Web Application Security

Essential2–3 weeks

OWASP Top 10

PortSwigger Web Security Academy
Essential3–4 weeks

Web App Penetration Testing

OWASP Juice Shop
Recommended1–2 weeks

Secure Coding Practices

OWASP Secure Coding Practices Quick Reference
3

Phase 3: Specialization

12–24 weeks

Choose Offensive or Defensive security focus, then add the other.

7Offensive Security

Essential4–6 weeks

Penetration Testing Methodology

Ethical Hacking in 12 Hours — TCM Security (YouTube)
Recommended4–6 weeks

Exploitation Techniques

Metasploit Unleashed (Offensive Security)
Recommended1–2 weeks

Social Engineering

Social Engineering Framework

8Defensive Security

Essential3–4 weeks

Security Operations Center (SOC)

LetsDefend SOC Analyst Path
Essential2–3 weeks

Incident Response

NIST Incident Response Guide SP 800-61r2
Recommended2–3 weeks

Digital Forensics

Autopsy Digital Forensics Training

9Cloud Security

Recommended2–3 weeks

Cloud Security Fundamentals

AWS Cloud Security Fundamentals
Recommended2 weeks

Cloud Security Architecture

AWS Well-Architected Framework — Security Pillar
Optional1–2 weeks

Container Security

Docker Security Documentation
4

Phase 4: Advanced

Ongoing

Advanced topics and specialized security domains.

10Advanced Topics

Recommended4–6 weeks

Malware Analysis

ANY.RUN Interactive Malware Sandbox
Recommended2–3 weeks

Threat Intelligence

MITRE ATT&CK Framework
Recommended2–3 weeks

Advanced Persistent Threats

MITRE ATT&CK Groups

11Specialized Security Domains

Optional2–3 weeks

IoT Security

OWASP IoT Attack Surface Areas
Optional2–3 weeks

Mobile Security

OWASP Mobile Security Testing Guide
Optional2–4 weeks

Industrial Control Systems Security

ICS-CERT Training (CISA)
5

Phase 5: Professional Development

Ongoing

Career advancement, certifications, networking, and continuous learning.

12Career Development

RecommendedOngoing

Certifications Planning

Paul Jerimy's Security Certification Roadmap (Free)
RecommendedOngoing

Building a Professional Network

LinkedIn + Twitter/X Security Community
RecommendedOngoing

Continuous Learning

SANS Internet Stormcast Daily Podcast

Complete Resource Library

Every tool, certification, career path, and resource — expand any section below.

"Security is a process, not a product." — Bruce Schneier

Made with ❤️ by Hamed Esam — Enhanced Edition