The Ultimate Guide
Start Your Cybersecurity Journey
Everything has a first day. Select your current status below to reveal your complete, step-by-step roadmap.
The Fundamentals (Tech Literacy)
You cannot hack a network if you don't know how data moves. You cannot secure a server if you can't use the command line.
Goal: Explain how I can see `google.com` when I type it.
- IP Addresses (IPv4 vs IPv6)
- DNS (The phonebook of the internet)
- Ports (80, 443, 22, 21)
- OSI Model (Layers 1-7)
Goal: Install Ubuntu Linux on a Virtual Machine (VirtualBox).
- File System Hierarchy (/etc, /var, /home)
- Basic Commands (cd, ls, grep, chmod, chown, sudo)
Security Concepts
Now that you understand the technology, learn how it breaks.
Confidentiality, Integrity, Availability. Memorize this.
Goal: Understand common threats.
- Phishing & Social Engineering
- Malware types (Ransomware, Trojans)
- OWASP Top 10 (Web vulnerabilities)
First Hands-On Labs
Stop reading. Start typing.
- Complete the "Pre-Security" path on TryHackMe.
- Complete Levels 0-10 on OverTheWire (Bandit).
- Get your first certification: ISC2 CC (Certified in Cybersecurity) - It's Free!
Free Starter Pack
- Course: Google Cybersecurity Cert
- Video: NetworkChuck: Linux for Hackers
- Lab: TryHackMe (Free Tier)
Anti-Patterns (Do NOT do this):
- × Don't install Kali Linux immediately. Learn Ubuntu first.
- × Don't pay for expensive bootcamps yet.
- × Don't try to hack your neighbor's WiFi. It is illegal.
"Act as a Cyber Tutor. Explain the concept of [Topic, e.g., DNS] using a real-world analogy (like a phonebook). Keep it simple for a non-tech person. Output the explanation followed by one key takeaway."
Copy to EthanThe Pivot Strategy
You are not a beginner. You are a professional changing domains. Your strategy is "Translation," not "Re-learning."
From IT Background
<Developers, SysAdmins, QA, Network Engineers>
You know how to build. Now learn how to break and patch.
- Learn: SAST/DAST tools (Snyk), CI/CD Security.
- Labs: TryHackMe rooms (Snyk, CI/CD, DevSecOps).
- Must-Read: OWASP Top 10.
- Project: Build a simple app, hack it (SQLi/XSS), then patch it.
You know permissions and logs. That is 50% of defense.
- Learn: Hardening (CIS Benchmarks), SIEM (Splunk/Wazuh), IAM.
- Cert Goal: CompTIA Security+ or AWS Security Specialty.
"Act as a Technical Recruiter. I am a [Developer/SysAdmin]. Analyze my background and list 5 specific security-relevant skills I likely already possess. Format this as a 'Skills' section for a Cybersecurity Resume."
Copy to EthanFrom Non-IT Background
<Sales, HR, Finance, Medical, Arts>
Your Advantage: Soft Skills.
Tech can be taught. Crisis communication, report writing, and stakeholder management are harder to learn. You have these.
Governance, Risk, and Compliance. Auditing, policy writing, and risk management.
- Read: ISO 27001, NIST Frameworks, GDPR basics.
- Target Role: Jr. GRC Analyst, Third-Party Risk Analyst.
If you want to be technical, you must catch up fast.
- Month 1-2: CompTIA A+ (Hardware/OS) - Do not skip.
- Month 3: CompTIA Network+ (Crucial).
- Month 4: Security+, CEH, eJPT, or PNPT.
"Act as a Career Coach. I come from [Sales/HR]. Explain how 'Crisis Management' and 'Reporting' apply to a Cyber GRC role. Write 3 bullet points for my cover letter highlighting these transferable traits."
Copy to EthanThe Final Mile
Certifications get you past HR filters. Projects get you the job. Choose your specialization.
The Pentester
Role: Find vulnerabilities before criminals do.
The Portfolio Checklist
-
Documentation (Crucial) Don't just say "I hacked a box." Write a report: Executive Summary, Technical Walkthrough, Remediation Steps. Publish it on Medium.
-
GitHub Scripting Write a simple Python script (e.g., "Subdomain Enumerator" or "Port Scanner") and host it on GitHub.
"Act as a Senior Penetration Tester. Simulate a technical interview. Ask me one hard question about [Topic, e.g., Active Directory or SQLi] and critique my answer for accuracy and depth."
Copy to EthanThe SOC Analyst
Role: Monitor, Detect, Respond.
The Portfolio Checklist
-
The Home Lab Blueprint Install VirtualBox. Setup an Ubuntu Server with Wazuh (SIEM). Attack it with a Kali VM. Detect the attack. Screenshot the logs.
-
Malware Analysis Analyze a sample in a sandbox (Any.Run). Write a report on what IP addresses it contacted.
"Act as a SOC Manager. Present a 'Ransomware Infection' scenario. Ask me to walk through the Containment and Eradication steps using the NIST Incident Response framework."
Copy to EthanThe Golden Rule for Resumes
Do not list "Watching YouTube" as a skill. List Projects.
"Built a Home Lab SIEM" beats "Enthusiastic Learner" every time.
Why Juniors Get Rejected
- Tool Monkey Syndrome: Knowing Nmap but not TCP handshake.
- Poor Communication: If you can't explain the risk, you are useless.
- Isolation: Join communities (Discord, LinkedIn). Build in Public.
How to Learn (Resources)
YouTube Channels
Hands-on Labs
TryHackMe
Beginner FriendlyGamified learning. Start with the "Pre-Security" path.
Hack The Box
IntermediateReal-world machines. Start with "Starting Point" tier.
OverTheWire (Bandit)
Linux BasicsThe best way to learn Linux command line via wargames.
PortSwigger Academy
Web SecurityFree, world-class training for Web Application hacking.
Certification Roadmap
Level 1: Entry
Prove you understand the vocabulary and basics.
Level 2: Skill
Prove you can actually use the tools.
Feeling Stuck? Ask Ethan.
Your Personal Cybersecurity Learning Assistant
Ethan is my custom AI mentor trained to answer your questions, suggest labs, and unblock you when you are stuck.
Chat with Ethan →The Daily Habit (Stay Updated)
Cybersecurity changes every hour. You cannot survive if you stop reading.
Commit to reading 1 article per day from these sources: