Visual learning path from fundamentals to cybersecurity career roles
A practical, beginner-to-advanced roadmap to learn Cybersecurity, covering fundamentals, tools, hands-on labs, and career paths.
This roadmap is designed for:
- Students
- Career shifters
- Developers transitioning to security
- Self-learners
Learn the core concepts before diving deep.
-
What is Cybersecurity
https://www.cisa.gov/cybersecurity -
CIA Triad (Confidentiality, Integrity, Availability)
https://www.cloudflare.com/learning/security/what-is-the-cia-triad/ -
Types of Cyber Attacks
https://www.ibm.com/topics/cyber-attack
Cybersecurity starts with networking.
-
TCP/IP Model
https://www.cloudflare.com/learning/network-layer/what-is-tcp-ip/ -
OSI Model
https://www.geeksforgeeks.org/layers-of-osi-model/ -
Ports & Protocols
https://www.geeksforgeeks.org/common-ports-used-in-computer-network/ -
DNS Explained
https://www.cloudflare.com/learning/dns/what-is-dns/
You must understand both Linux & Windows.
-
Linux Fundamentals
https://linuxjourney.com/ -
TryHackMe Linux Path
https://tryhackme.com/path/outline/linux
- Windows Internals Overview
https://learn.microsoft.com/en-us/windows/win32/sysinfo/windows-system-overview
Focus on attacking systems ethically.
-
What is Penetration Testing
https://www.kali.org/docs/introduction/what-is-penetration-testing/ -
OWASP Top 10
https://owasp.org/www-project-top-ten/ -
TryHackMe (Beginner Friendly)
https://tryhackme.com/ -
Hack The Box
https://www.hackthebox.com/
Focus on detection, monitoring, and defense.
-
What is Blue Team
https://www.ibm.com/topics/blue-team -
SIEM Basics
https://www.splunk.com/en_us/what-is-siem.html -
Incident Response Lifecycle
https://www.sans.org/incident-response/
Combination of Red + Blue.
- Purple Team Explained
https://www.splunk.com/en_us/blog/learn/purple-team.html
-
TryHackMe Labs
https://tryhackme.com/ -
Hack The Box Labs
https://academy.hackthebox.com/ -
OverTheWire (Linux & Security Games)
https://overthewire.org/wargames/
-
Nmap
https://nmap.org/ -
Wireshark
https://www.wireshark.org/ -
Metasploit
https://www.metasploit.com/ -
Burp Suite
https://portswigger.net/burp
-
CompTIA Security+
https://www.comptia.org/certifications/security -
CEH (Certified Ethical Hacker)
https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh/ -
Blue Team Level 1 (BTL1)
https://securityblue.team/certifications/blue-team-level-1
- SOC Analyst
- Penetration Tester
- Security Engineer
- Incident Responder
- Cybersecurity Analyst
-
Cybersecurity Full Course (YouTube – freeCodeCamp)
https://www.youtube.com/watch?v=U_P23SqJaDc -
OWASP WebGoat
https://owasp.org/www-project-webgoat/
Cybersecurity is not about memorizing tools —
it's about thinking like an attacker and defending like an engineer.
Consistency > Speed.
📌 Maintained by: Au Amores (ares-coding)
📅 Last Updated: 2026