The Ultimate Guide
Everything has a first day. This is yours.
Pick where you stand — the path
unfolds below.
Where do you stand?
Same destination. Different starting points.
Most people fail because they skip the fundamentals and reach for Kali Linux on day one. Don't. The foundation you build in the next 90 days determines how far you can go. Start slow, go deep — everything else builds on top of this.
Month 1
Every attack and every defence lives on a network. Before tools, learn the terrain — how packets travel, where they get stopped, and what the command line actually does.
Month 2
Now that you understand the technology, learn how it breaks.
Month 3
Reading and watching will only take you so far. Month 3 is about doing — breaking real systems in controlled environments, writing your first investigation report, and earning a credential that proves you started. Pick one lab platform and one cert. Finish both before moving on.
TryHackMe Pre-Security
Interactive guided beginner path
OverTheWire: Bandit
Linux command line wargame
ISC2 CC — Free!
Your first official certification
From the Lab
OSINT Guide — 2026 Edition
A practical, no-fluff walkthrough of open-source intelligence gathering. Perfect as your first real investigation exercise — no special tools, just a browser and methodology.
Ready to start? Open your first lab.
The TryHackMe Pre-Security path is browser-based — no setup required. Do it now.
You are not a beginner. You are a professional changing domains. Your strategy is "Translation", not Re-learning. Your existing experience is an advantage — you just need to learn the language of security.
<Devs / SysAdmins / QA / Network>
Developer → AppSec / DevSecOps
You know how to build. Now learn to break and patch.
SysAdmin → Cloud Security / Blue Team
You already understand permissions and logs — that's 50% of defense.
From the Lab
SOC Lab Guide — Monitoring Logs in Wazuh
Set up a real SIEM, ingest logs, trigger alerts. Exactly what Blue Team interviews will ask you to walk through.
QA / Network → Penetration Testing
From the Lab
API Security Lab — ShopEasy
Hands-on OWASP API Top 10 exploitation on a deliberately vulnerable e-commerce API. Build this kind of lab report for your portfolio.
<Sales / HR / Finance / Medical / Arts>
Tech can be taught in 3 months. Crisis communication, stakeholder management, and clear reporting are harder to learn and take years. You already have these.
Strategy 1: The GRC Route (Less code, more logic)
Governance, Risk, and Compliance. Policy writing, auditing, risk management.
Strategy 2: The Tech Sprint (High effort, high reward)
Not sure which path fits your background?
Ask Ethan — describe your current role and he'll map your transferable skills to the right entry point.
Certifications get you past HR filters. Projects get you the job. Pick your specialization, build the portfolio, and stop waiting.
Find vulnerabilities before criminals do.
Write Pentest Reports
Don't just say "I hacked a box." Write: Executive Summary → Technical Walkthrough → Remediation. Publish on Medium.
GitHub Scripting
Build a Python "Subdomain Enumerator" or "Port Scanner" and host it publicly.
Cert Target
eJPT (beginner) → PNPT → OSCP (advanced)
From the Lab
API Security Lab — ShopEasy
OWASP API Top 10 on a real target. Model your portfolio reports on this.
Monitor, Detect, Respond.
Home Lab Blueprint
Ubuntu Server + Wazuh SIEM. Attack with Kali VM. Detect the attack. Screenshot the alerts.
Malware Analysis
Detonate a sample in Any.Run. Write a report: C2 IPs, persistence, exfiltration method.
Cert Target
CompTIA Security+ → CySA+ → BTL1
From the Lab
SOC Lab Guide — Wazuh SIEM
Build a real detection lab. Screenshot the alerts. That's your portfolio piece.
Don't list "Watching YouTube" as a skill. List Projects. "Built a Home Lab SIEM" beats "Enthusiastic self-learner" every single time.
Need a mock technical interview?
Ask Ethan to grill you on Active Directory, SQL injection, or incident response — and critique every answer.
You have the theory — data structures, networking, maybe some OS concepts. What you're missing is adversarial thinking and practical exposure. Employers know this gap exists. Your job is to close it before graduation, not after.
Year 1–2
Capture The Flag competitions are the fastest way to make your coursework feel real. You already understand TCP/IP — now use that knowledge to exploit it. Start with TryHackMe, move to PicoCTF, then compete in CTFtime events as a team.
From the Lab
OSINT Guide — 2026 Edition
A great first practical exercise — no special tools, just methodology. Use it as a template for writing your own investigation reports.
Year 2–3
Your degree is the baseline. Certifications prove you can apply knowledge under exam conditions. Get your first cert before your final year — it massively improves internship applications.
Step 1 — Free
ISC2 CC
Free certification. Covers all core domains. Do this first — it validates your degree-level knowledge.
Step 2 — Foundation
CompTIA Security+
The industry standard. Many graduate job listings require it or treat it as equivalent to 1 year of experience.
Step 3 — Specialise
Pick your lane
Red: eJPT → PNPT. Blue: CySA+. Cloud: AWS Security. GRC: CISA. Don't spread across all — go deep on one.
Final Year
A 3-month internship is worth more than any certification in a hiring manager's eyes. Apply early — most security internships are posted in October for the following summer. While you wait, build your public portfolio.
From the Lab
API Security Lab — ShopEasy
A real-world style security assessment writeup. Use this as a template for your own bug bounty or internship reports.
Not sure which specialisation fits you?
Ask Ethan to map your interests and strengths to the right cybersecurity domain before you invest in a cert.
You're already in the field. The question isn't whether to keep learning — it's where to go next. Use this map to find adjacent roles, identify the gaps between where you are and where you want to be, and plan the shortest path.
Lateral move map — find your next role
From
SOC Analyst / L1–L2
Threat Intelligence Analyst
Gap: MITRE ATT&CK, Threat hunting
Cert: GCTI
Incident Responder
Gap: DFIR methodology, memory forensics
Cert: GCFE / BTL1
Cloud Security Engineer
Gap: AWS/Azure security, IAM, CSPM tools
Cert: AWS Security Specialty
From
Pentester / Red Team
AppSec / Product Security
Gap: SAST/DAST, secure SDLC, threat modelling
Cert: CSSLP / GWEB
Red Team Lead / Manager
Gap: Report writing, team management, CBEST
Path: OSCP → CRTO → Lead
Bug Bounty / Independent
Gap: Scope management, disclosure writing
Platform: HackerOne / Bugcrowd
From
GRC / Compliance
CISO / Security Manager
Gap: Board communication, budget ownership
Cert: CISSP / CISM
Privacy Engineer
Gap: GDPR technical implementation, data flow mapping
Cert: CIPP/E
Third-Party Risk Lead
Gap: Vendor assessment frameworks, TPRM tooling
Cert: CTPRP
From
DevOps / Cloud Eng.
DevSecOps Engineer
Gap: Pipeline security, secrets management, SCA
Tools: Snyk, Checkov, Trivy
Cloud Security Architect
Gap: Zero Trust architecture, CSPM, landing zones
Cert: CCSP / AWS Security
Container / K8s Security
Gap: CIS Benchmarks for K8s, Falco, OPA/Gatekeeper
Cert: CKS
From the Lab
SOC Lab Guide — Monitoring Logs in Wazuh
Even if you're moving away from SOC, understanding how SIEM detection works makes you a better architect, engineer, or IR lead. Run through this lab once — it'll change how you think about visibility.
Want a personalised upskilling plan?
Tell Ethan your current role, your target role, and your timeline. He'll map the gap and suggest the shortest path.
AI-Powered Mentor
Copy a prompt below, then open Ethan — your AI cybersecurity mentor — to get a personalised answer.
"I am completely new to cybersecurity. I have [X] hours per week and [Y] months. Build me a step-by-step learning plan with free resources only."
"Explain [concept, e.g. 'TCP/IP' or 'Public Key Cryptography'] to me like I am 15 years old. Use an analogy from real life."
"Act as a Technical Recruiter. I am a [Developer/SysAdmin/HR Professional]. List 5 specific security-relevant skills I already have. Format as a resume Skills section."
"I come from [Sales/HR/Finance]. Explain how my experience in 'Crisis Management' and 'Reporting' applies to a GRC Analyst role. Write 3 bullet points for my cover letter."
"Act as a Senior Penetration Tester. Simulate a technical interview. Ask me one hard question about [Active Directory / SQL Injection / Buffer Overflow] and critique my answer."
"Act as a SOC Manager. Present a Ransomware scenario. Walk me through the Containment and Eradication phases using the NIST Incident Response framework. Critique my answers."
"I am a [Year X] CS/IT student. I have [Y] hours per week. I want to enter [Red Team / Blue Team / GRC / Cloud Security]. Build me a 12-month roadmap mixing CTF practice, a certification, and a project I can publish."
"I am currently a [SOC Analyst / Pentester / GRC Analyst / DevOps Engineer] with [X] years of experience. I want to move into [target role]. List the 3 most critical skill gaps, the best certification to bridge them, and a realistic 6-month plan."
Learn Every Day
Cybersecurity changes daily. Commit to reading one article per day from these trusted sources.
Breaking news & latest CVEs daily.
Deep technical malware & ransomware analysis.
Investigative journalism on cybercrime gangs.
Enterprise security trends & CISO insights.
Hands-On Platforms
The Next Step
Ethan is trained on real-world cybersecurity knowledge. Ask the question you're afraid to ask anywhere else.
Start with EthanFree · No signup required · Powered by ChatGPT