Skip to content
Shadow Cipher

Cyber Security Roadmap

Guides lead a user through a specific task they want to accomplish, often with a sequence of steps. Writing a good guide requires thinking about what your users are trying to do.

Fundamental IT Skills

  • 💁 Computer Hardware Components

  • 💁 Connection Types and their functions

    • 💁 NFC
    • 💁 WiFi
    • 💁 Bluetooth
    • 💁 Infrared

  • 💁 OS-Independent Troubleshooting

  • 💁 Understand Basics of Popular Siutes

    • 💁 iCloud
    • 💁 Google Suite
    • 💁 Microsoft Office Suite
    • 💁 Infrared

  • 💁 Basics Of Computer Networking

Operating Systems

  • 💁 Windows

  • 💁 Linux

  • 💁 MacOS

Learn Following for Each

  • 💁 Installation and Configuration
  • 💁 Different versions and Differences
  • 💁 Navigating Using GUI and CLI
  • 💁 Understand Permissions
  • 💁 Installing Software and Applications
  • 💁 Performing CRUD on files
  • 💁 Troubleshooting
  • 💁 Common Commands

Networking Knowledge

  • 💁 Understand the OSI Model
  • 💁 Common Protocols and their uses
  • 💁 Common Ports and their Usage
  • 💁 SSL and TLS Basics
  • 💁 Basics of NAS and SAN
  • 💁 Performing CRUD on files
  • 💁 Troubleshooting
  • 💁 Common Commands

Basics of Subnetting

  • 💁 Public vs Private IP Address

  • 💁 IP Terminology

    • 💁 Localhost
    • 💁 loopback
    • 💁 CIDR
    • 💁 subnet mask
    • 💁 default gateway

  • 💁 Understand the Terminology

    • 💁 VLAN
    • 💁 DMZ
    • 💁 ARP
    • 💁 VM
    • 💁 NAT
    • 💁 IP
    • 💁 DNS
    • 💁 DHCP
    • 💁 Router
    • 💁 Switch
    • 💁 VPN

  • 💁 Understand These

    • 💁 MAN
    • 💁 LAN
    • 💁 WAN
    • 💁 WLAN

  • 💁 Function of Each

    • 💁 DHCP
    • 💁 DNS
    • 💁 NTP
    • 💁 IPRAM

  • 💁 Network Topologies

    • 💁 Star
    • 💁 Ring
    • 💁 Mesh
    • 💁 Bus

  • 💁 Understand Common Protocols

    • 💁 SSH
    • 💁 RDP
    • 💁 FTP
    • 💁 SFTP
    • 💁 HTTP / HTTPS
    • 💁 SSL / TLS

Commom Virtualization Technologies

  • 💁 VMWare
  • 💁 VirtualBox
  • 💁 esxi
  • 💁 proxmox

Understand basics of virtualization

  • 💁 Hypervisor
  • 💁 VM
  • 💁 GuestOS
  • 💁 HostOS

Troubleshooting Tools

  • 💁 nslookup
  • 💁 iptables
  • 💁 Packet Sniffers
  • 💁 ipconfig
  • 💁 netstat
  • 💁 Port Scanners
  • 💁 ping
  • 💁 dig
  • 💁 arp
  • 💁 Protocol Analyzer
  • 💁 nmap
  • 💁 route
  • 💁 tcpdump
  • 💁 tracert

Authentication Methodologies

  • 💁 Kerberos
  • 💁 LDAP
  • 💁 SSO
  • 💁 Certificates
  • 💁 Local Auth
  • 💁 RADIUS

Security Skills and Knowledge

Security skills - Part I

  • 💁 Blue Team vs Red Team vs Purple Team
  • 💁 False Negative / False Positive / True Negative / True Positive
  • 💁 Basics of Threat Intel, OSINT
  • 💁 Understand Handshakes
  • 💁 Understand CIA Triad
  • 💁 Priviledge escalation / User based Attacks
  • 💁 Web Based Attacks and OSWASP 10
  • 💁 Learn how Malware Operates and Types

Security skills - Part II

  • 💁 Authentication vs Authorization
  • 💁 Basics of IDS and IPS
  • 💁 Honeypots
  • 💁 Understand the Concepts of Isolation
  • 💁 Operating System Hardening
  • 💁 Cyber Kill Chain
  • 💁 MFA and 2FA
  • 💁 Understand Backups and Resiliency
  • 💁 Understand the Definition of Risk
  • 💁 Roles of Compliance and Auditors
  • 💁 Core Concepts of Zero Trust

Security skills - Part III

  • 💁 Perimiter vs DMZ vs Segmentation
  • 💁 Penetration Testing Rules of Engagement
  • 💁 Basics of Reverse Engineering
  • 💁 Basics of Vulnerabilitily Management
  • 💁 Understand Basics of Forensics
  • 💁 Understand Concepts of Runbooks
  • 💁 Understand Concept of Defense in Depth
  • 💁 Understand Common Exploit Frameworks
  • 💁 Understand Common Hacking Tools

Attack Types and Differences

  • 💁 Phishing vs Vishing vs Whalling vs Smishing
  • 💁 Spam vs Spim
  • 💁 Shoulder Surfing
  • 💁 Dumpster Diving
  • 💁 Tailgating
  • 💁 Zero Day
  • 💁 Social Engineering
  • 💁 Reconnaissance
  • 💁 Impersonation
  • 💁 Watering Hole Attack
  • 💁 Drive by Attack
  • 💁 Typo Squatting
  • 💁 Brute Force vs Password Spray

Common Network Based Attacks

  • 💁 DoS vs DDos
  • 💁 MITM
  • 💁 ARP Poisoning
  • 💁 Evil Twin
  • 💁 Spoofing
  • 💁 Deauth Attack
  • 💁 VLAN Hopping
  • 💁 Rogue Access Point
  • 💁 War-driving/dialing
  • 💁 Buffer Overflow
  • 💁 Memory Leak
  • 💁 XSS
  • 💁 SQL Injection
  • 💁 CSRF
  • 💁 Replay Attack
  • 💁 Pass the Hash
  • 💁 Directory Traversal

Understand Audience

  • 💁 Stakeholders
  • 💁 HR
  • 💁 Legal
  • 💁 Compliance
  • 💁 Management

Basics of Cryptography

  • 💁 Salting
  • 💁 Hashing
  • 💁 Key Exchange
  • 💁 PKI
  • 💁 Pvt Key vs Pub Key
  • 💁 Obfuscation

Understand Secure and Unsecure Protocols

  • 💁 FTP vs SFTP
  • 💁 SSL vs TLS
  • 💁 IPSEC
  • 💁 DNSSEC
  • 💁 LDAPS
  • 💁 SRTP
  • 💁 S/SMIME

Understand the following Terms

  • 💁 Antivirus
  • 💁 Antimalware
  • 💁 EDR
  • 💁 DLP
  • 💁 Firewall and Nextgen Firewall
  • 💁 HIPS
  • 💁 NIDS
  • 💁 NIPS
  • 💁 Host Based Firewall
  • 💁 Sandboxing
  • 💁 ACL
  • 💁 EAP vs PEAP
  • 💁 WPA vs WPA2 vs WPA3 vs WEP
  • 💁 WPS

Understand Incient Response Process

  • 💁 Preparation
  • 💁 Indetification
  • 💁 Containment
  • 💁 Eradication
  • 💁 Recovery
  • 💁 Lessons Learned

Understand Threat Classification

  • 💁 Zero Day
  • 💁 Known vs Unknown
  • 💁 APT

Understand Common Tools

  • 💁 Virus Total
  • 💁 Joe Sandbox
  • 💁 any run
  • 💁 urlvoid
  • 💁 urlscan
  • 💁 WHOIS

Tools for Incient Response and Recovery

  • 💁 nmap
  • 💁 tracert
  • 💁 nslookup
  • 💁 dig
  • 💁 curl
  • 💁 ipconfig
  • 💁 hping
  • 💁 ping
  • 💁 arp
  • 💁 cat
  • 💁 dd
  • 💁 head
  • 💁 tail
  • 💁 grep
  • 💁 wireshark
  • 💁 winhex
  • 💁 memdump
  • 💁 FTK Imager
  • 💁 autopsy

Understand Frameworks

  • 💁 ATT&CK
  • 💁 Kill chain
  • 💁 Diamond Model

Understand Common Standards

  • 💁 ISO
  • 💁 NIST
  • 💁 RMF
  • 💁 CIS
  • 💁 CSF

Understand

  • 💁 SIEM
  • 💁 SOAR

Common Distros for Hacking

  • 💁 ParrotOS
  • 💁 Kali Linux

Using tools for unintended purposes

  • 💁 LOLBAS

Learn How to find and Use These Logs

  • 💁 Event Logs
  • 💁 syslogs
  • 💁 netflow
  • 💁 Packet Captures
  • 💁 Firewall Logs

Understand Hardening Concepts

  • 💁 MAC-based
  • 💁 NAC-based
  • 💁 Port Blocking
  • 💁 Group policy
  • 💁 ACLs
  • 💁 Sinkholes
  • 💁 Patching
  • 💁 Jump Server
  • 💁 Endpoint Security

Cloud Skills and knowledge

  • 💁 Understand concepts of security in the cloud
  • 💁 Understand the basics and general flow of deploying in the cloud
  • 💁 Understand the differences between cloud and on-premises
  • 💁 Understand the concepts of infrastructure as code
  • 💁 Understand the concepts of serverless
  • 💁 Understand the CDN
  • 💁 Understand the Cloud Services
    • 💁 Saas
    • 💁 PaaS
    • 💁 IaaS
      • 💁 Common Cloud Environments
        • 💁 AWS
        • 💁 GCP
        • 💁 Azure
  • 💁 Cloud Models
    • 💁 Private
    • 💁 Public
    • 💁 Hybrid
      • 💁 Common Cloud Storage
        • 💁 S3
        • 💁 Dropbox
        • 💁 Box
        • 💁 OneDrive
        • 💁 Google Drive
        • 💁 iCloud

Programming Skills and Knowledge

  • 💁 Python
  • 💁 Go
  • 💁 Javascript
  • 💁 C++
  • 💁 Bash
  • 💁 Power Shell

Capture the Flag(CTFs)

  • 💁 HackTheBox
  • 💁 TryHackMe
  • 💁 VulnHub
  • 💁 pipoCTF
  • 💁 SANS Holiday Hack Challenge

Certifications

  • 💁 Beginner Certifications
    • 💁 CompTIA A+
    • 💁 CompTIA Linux+
    • 💁 CompTIA Network+
    • 💁 CCNA
    • 💁 CompTIA Security+
  • 💁 Advanced Certifications
    • 💁 CISSP
    • 💁 CISA
    • 💁 CISM
    • 💁 GSEC
    • 💁 GPEN
    • 💁 GWAPT
    • 💁 GIAC
    • 💁 OSCP
    • 💁 CREST
    • 💁 SEH

Hands-on Projects

  • 💁 CTF challenges
  • 💁 getting involved with open-source projects
  • 💁 Platforms to Join CTF Communities
    • 💁 Discord servers
    • 💁 Reddit
    • 💁 CTFtime
    • 💁 GitHub
  • 💁 Participate in Beginner-Friendly CTFs
    • 💁 HackTheBox
    • 💁 TryHackMe
    • 💁 picoCTF
    • 💁 CTFtime