Cybersecurity Roadmap for Newbies

Cybersecurity Roadmap for Newbies

As AI is becoming more and more popular, so is the prevalence of cyberattacks. Simply because it allows more novices to exploit vulnerabilities and attack systems while helping more experienced threats speed up the process of curating an attack. That, and the emerging use of "hype-coding" for production is also introducing many vulnerabilities into the wild. All of this is increasing the need for cybersecurity and therefore the field is becoming more and more appealing as a career now more than ever.

The goal of this article isn't to convince you to get into cybersecurity, but to help you plan your next steps in your early cybersecurity life. Although, I too am in the early steps of my cybersecurity career, I have researched and spoken to some of my mentors, allowing me to write an excellent guide as to what certificates and training would be crucial for your early cybersecurity journey. "Early" can be quite vague, so I would say for your first 5-10 years depending on how fast you progress.

Before I start, this article is for those who have foundational computer science knowledge, maybe from university, or from experience. This is not going to help you if you are missing those. This isn't a guide that shows you all the possible certifications that you can take, but the most efficient route one can take to build a strong foundation.


Pre-requisites for Cybersecurity

I would argue, and so would many, there are five key foundations you should be familiar with before getting into cybersecurity. This is because cybersecurity will typically build around these fields, and by learning all of them, you are giving yourself the best opportunity for choice. These five are:

  • Networking
  • Hardware
  • Programming
  • Databases
  • Cloud Computing

I won't go into too much depth as to how to expand your knowledge in these areas, however, I will recommend resources you can buy or get for free to learn about these fields. It's important you are familiar with these areas, as cybersecurity builds on them. They are symbiotic with cybersecurity, and the more of these areas you have covered, the better, as it will increase the number of opportunities you have to work in cybersecurity.

Below are some of the best resources for each topic.

The guides I've linked below are full of depth, but if certification is your goal, they are worth it! However, if you are simply looking to learn, I would recommend only consuming one course in each guide, and a couple of exams to refresh your knowledge.

Networking

Networking is probably the MOST important aspect of cybersecurity. A computer network is what most attacks want to get access to. Networks can facilitate the distribution of attacks to wider systems, and can be used to monitor communication.

I would recommend studying for one of the following certificates:

  • CompTIA Network+
  • Cisco CCNA

I would not necessarily recommend paying for the certificate as they are quite expensive, but studying for them and taking practice exams to test your knowledge is good enough. Of course, there is nothing wrong with getting qualified in these courses, but I would highly recommend you ask your employers to cover it instead.

I highly recommend the following guides on studying for the following certifications, as they are so perfectly explained:

Hardware

It is important to understand hardware, as a lot of malware will rely on exploiting the intricacies of the computer. Knowing what a target is looking to exploit, or where valuable data is stored, or how a computer works as a whole, is crucial to being good at cybersecurity.

I would recommend studying for the following certificates:

  • CompTIA A+
  • Google IT Support Professional Certificate

Like I also mentioned before, there is no need to pay for the certificate as it can be expensive, but I would recommend studying the course and taking some practice exams. CompTIA A+ is probably the best generalized hardware security course on the market, and as a whole CompTIA is incredibly reputable.

Below are study guides curated by the community and Google that will help you learn all you need for each certification:

Programming

All software is made by using some sort of programming language, and therefore a popular attack vector is software vulnerabilities. It is important to know how to use software to automate crucial cybersecurity actions, but also as a way of learning what potential flaws can be in a system.

Below are resources that are incredibly popular for learning different programming languages:

You don't necessarily need to learn all of the above languages, however, the more you know the better you will be at all of them. I would however, recommend SQL, and another language as a minimum.

Databases

Nearly all important data is stored within some sort of a database, especially in production. These can either be SQL databases (structured databases) or NoSQL databases (non-structured databases). It is crucial to understand how these work, as nearly all products nowadays are built on top of these tools.

Below are resources that you can use to improve your knowledge on databases:

With NoSQL Databases, you should really pick one and really understand how it works, as they don't really share much in common with each other.

Cloud Computing

Everything you use online, even this article you are reading, is built on Cloud Computing. Therefore, it is incredibly critical for all those working in cybersecurity to understand how the cloud works.

I would recommend studying for the following certificates:

  • CompTIA Cloud+
  • AWS CP (AWS)
  • AZ-900 (Microsoft Azure)

Personally, if you don't know anything about the cloud, I would revise for the CompTIA Cloud+ certification, as that is vendor agnostic and covers a lot more fundamentals of the cloud than the others. However, if you are already a bit familiar with the cloud, AWS CP or AZ-900 is good for those looking to understand how AWS or Azure work.

Below are study guides curated by the community that will help you learn all you need for each certification:


Cybersecurity Roadmap: Beginner to Advanced

You might have skipped to here if you have all the foundations for cybersecurity you need. That's good! Well if that's the case, this next section is for those who have just finished with university, have just entered the workforce, or have been in cybersecurity for a few years but are looking to take a next step.

Above, I did mention that it wasn't necessary to get qualified in the courses, although it may increase your job prospects. However, for the following certificates, I do recommend getting certified in. You're looking to prove your knowledge, and the below certificates are perfect at doing that.


Foundational Core Cybersecurity Certificates

Firstly, you want to know the foundations of cybersecurity. In previous courses, you may have touched on it as secondary subject matter. But the following courses are putting security as a primary concern. My recommendations are:

  • CompTIA Security+
  • ISC2 CC
  • Google Cybersecurity Professional Certificate

Personally, I would choose CompTIA Security+. This certificate is one of the most requested certificates in job applications, and having it under your belt is a good stepping stone into the field of cyber. ISC2 CC and Google CP are also well respected cybersecurity fundamentals courses, however, Security+ really covers all you need. The downside is its price, and so if you are unable to afford it and don't have a company to fund it, I would recommend choosing the alternatives.

Below are study guides curated by the community and Google that will help you learn all you need for each certification:


Intermediary Cybersecurity Certificates

Now that you have the basics of cybersecurity covered, mentors of mine and the community as a whole recommend going for the following security certificates to give you a better grasp of cybersecurity. You aren't required to do both, just choose the one that suits you best.

  • ISC2 SSCP
  • CompTIA CySA+

These certificates build on the previous certifications and give you a much more solid understanding of security as a whole.

Below are study guides curated by the community that will help you learn all you need for each certification:

At this point in your cybersecurity career, you may have started to like one aspect more than another. Maybe you enjoy monitoring and protecting your assets. Or maybe you enjoy using your creative prowess to attack a system. Below are the best entry-level specialized certificates on the market.

Red Team Foundations

  • eJPT (eLearnSecurity Junior Penetration Tester)
  • PJPT (Practical Junior Penetration Tester)
  • CBBH (Certified Bug Bounty Hunter)

These are considered to be the best in the market according to people I know in the penetration testing industry, and the community as a whole. Like I've said many times now, you aren't required to do all three, typically one is enough, however, it really depends on what suits you best. Maybe you would find it valuable doing all three. Or maybe one just does the trick.

Either way, below are study guides that will help you learn all you need for each certification:

Blue Team Foundations

  • TryHackMe SOC Level 1
  • Cisco CyberOps Associate
  • TCM Security PJSA (Practical Junior Security Analyst)

These are considered to be the best in the market according to people I know in the SOC industry, and the community as a whole. Like I've said many times now, you aren't required to do all three, typically one is enough, however, it really depends on what suits you best. Maybe you would find it valuable doing all three. Or maybe one just does the trick.

Either way, below are study guides that will help you learn all you need for each certification:


Advanced Cybersecurity Certificates

Once you've got a solid understanding of the more in-depth coverage of cybersecurity and the specialty you are in, it's time to really dig deep into the field and understand how it works in the managerial sense, but also work towards becoming a master in your field.

Below is the golden qualification when it comes to cybersecurity:

  • ISC2 CISSP

ISC2 CISSP is one of the most wanted qualifications for senior level positions in cybersecurity. Companies even accidentally put it in entry level jobs!

Below is a study guide that will help you learn all you need for CISSP:

Red Team Advanced

Now, once you're done with the CISSP exam (or maybe even before) you can start working towards your specialty. Below are the recommended certificates for anyone serious about penetration testing.

  • OSCP (Offensive Security Certified Professional)
  • CRTO (Certified Red Team Operator)
  • OSEP (Offensive Security Experienced Penetration Tester)

These are all incredibly reputable and are highly recommended for anyone interested in learning as much as they can about penetration testing. You have to work within your time constraints, however, I would highly recommend getting all of them, especially the OffSec ones as they are highly regarded.

Below are some resources you can use to prepare yourself for these certifications:

Blue Team Advanced

Now, once you're done with the CISSP exam (or maybe even before) you can start working towards your specialty. Below are the recommended certificates for anyone serious about SOC.

  • BTL2 (Blue Team Level 2)
  • HTB CDSA (Certified Defensive Security Analyst)
  • TryHackMe SOC Level 2

These are all incredibly reputable and are highly recommended for anyone interested in learning as much as they can about SOC operations. As a whole, I would recommend going for the TryHackMe SOC Courses, if you follow it in sequential order it ensures anything you haven't covered will be covered, and as a whole TryHackMe is also very reputable.

Below are some resources you can use to prepare yourself for these certifications:


Summary

The goal of this article is to help someone interested in cybersecurity, or someone already in cybersecurity plan the next steps for their career. There is so much "fluff" out there, and my goal was to remove all of that. The article is broken down into four parts:

  1. Pre-requisites for cybersecurity
  2. Guide for Beginners
  3. Guide for Intermediaries
  4. Guide for Advanced

In each section I provide education to cover, and resources to get that education.

I'm still on this journey myself, so I leaned on the understanding of others close to me and also the cybersecurity community as a whole. This guide isn't a guess as to what is good to do, but rather an in-depth, simplification of what to do next.

If you disagreed with anything I said, I would love to read it in the comments below, and I can edit anything if necessary!

Roadmap for a Blue Team Specialist

  1. CompTIA A+
  2. CompTIA Network+
  3. Learn Python
  4. Learn JavaScript
  5. Learn MySQL
  6. Learn DynamoDB
  7. CompTIA Cloud+/AWS CP
  8. CompTIA Security+
  9. CompTIA CySA+
  10. TryHackMe SOC Level 1
  11. CISSP
  12. TryHackMe SOC Level 2

Roadmap for a Red Team Specialist

  1. CompTIA A+
  2. CompTIA Network+
  3. Learn Python
  4. Learn JavaScript
  5. Learn MySQL
  6. Learn DynamoDB
  7. CompTIA Cloud+/AWS CP
  8. CompTIA Security+
  9. CompTIA CySA+
  10. PJPT
  11. CISSP
  12. OSCP
  13. OSEP

Resources

If you are interested in the sources that I used for this beginner guide to becoming a certified cybersecurity specialist, you can find these below.

I've also added my favourite read on tech for the week!

Resources for Cybersecurity Roadmap

Favourite Read of the Week