What is cybersecurity?

Cybersecurity is the practice of protecting computers, networks, programs, and data from theft, damage, or unauthorized access. It covers technology, processes, and people — from configuring firewalls to training employees not to click suspicious links.

Core domains

• Network security — protecting data in transit (routers, switches, firewalls, VPNs).
• Endpoint security — securing devices (antivirus, EDR, patching).
• Application security — finding/fixing bugs in software (secure coding, SAST/DAST).
• Identity & access management (IAM) — authentication, authorization, 2FA, least privilege.
• Cloud security — securing AWS/GCP/Azure workloads and configurations.
• Security operations (SecOps / SOC) — monitoring, detection, incident response.
• Penetration testing / red team — offensive testing to find weaknesses (ethical & legal).
• Forensics & incident response — investigating breaches and recovering systems.
• Governance, risk & compliance (GRC) — policies, audits, standards (ISO, NIST, GDPR).

Why it matters

• Financial losses, reputational damage, and legal penalties follow breaches.
• Everything is connected — a small vulnerability can lead to big compromises.
• Demand for trained cybersecurity people is high and growing.

Starter learning path (3–12 months plan)

1. Month 0–1 — Foundations
   • Learn basic networking (TCP/IP, DNS, HTTP/HTTPS).
   • Study OS fundamentals (Windows + Linux basics).
   • Start reading: NIST Cybersecurity Framework, OWASP Top 10.
2. Month 2–4 — Tools & hands-on
   • Practice with: Nmap (scanning), Wireshark (traffic analysis), Burp Suite CE (web testing), Metasploit (exploit framework), basic Linux CLI.
   • Do beginner labs on TryHackMe or Hack The Box (beginner paths).
3. Month 5–8 — Deeper skills
   • Learn secure coding basics, web vulnerabilities (XSS, SQLi), and how to exploit/patch them.
   • Study incident response basics and SIEM concepts.
   • Build small projects: set up a home lab (VMs + vulnerable apps like OWASP Juice Shop).
4. Month 9–12 — Specialize & certs
   • Choose path: defensive (SOC / cloud security / IAM) or offensive (pentesting).
   • Consider certs: CompTIA Security+ (entry), CEH (intro to ethical hacking), then OSCP (hands-on pentesting) or CISSP (senior, requires experience).
   • Contribute to bug bounties or open-source security projects for experience.

Hands-on labs & practice platforms

• TryHackMe (beginner-friendly guided rooms)
• Hack The Box (progressive, realistic challenges)
• OWASP Juice Shop (vulnerable web app for learning)
• CTFtime — capture-the-flag events for skill sharpening

Useful tools to learn

• Recon & scanning: Nmap, Masscan
• Traffic analysis: Wireshark, tcpdump
• Web testing: Burp Suite (Community), ZAP
• Exploitation: Metasploit (use only in labs)
• Vulnerability scanning: OpenVAS, Nessus
• Forensics/IR: Volatility, Autopsy
• Cloud: AWS IAM, Security Hub, CloudTrail (learn via free tiers)

Defensive best practices (for individuals & orgs)

• Use strong, unique passwords + password manager.
• Enable multi-factor authentication everywhere possible.
• Keep systems and software patched.
• Backup important data with air-gapped or offline copies.
• Train people: phishing simulations and awareness.
• Apply least-privilege access control.
• Monitor logs and set up alerting (SIEM).

Career roles & approximate entry routes

• Security Analyst / SOC Analyst — entry: Security+, Splunk/ELK basics, monitoring skills.
• Penetration Tester / Red Team — entry: strong hands-on, OSCP, portfolio of pentest reports/CTFs.
• Cloud Security Engineer — entry: cloud fundamentals + cloud-specific security certifications.
• Application Security Engineer — entry: dev + secure coding experience, SAST/DAST tools.
• Incident Responder / Forensics — entry: log analysis, forensics tools, real incident exercises.

Project ideas to build a portfolio

• Build a home lab (Kali, Windows Server, vulnerable web app) and document pentest reports.
• Find/fix a web app vulnerability in a lab and write a write-up.
• Create a small program that checks for common misconfigurations in cloud buckets.
• Set up ELK/Graylog and write detection rules for simple threats.

Ethics & legality — non-negotiable

Always practice on systems you own or have explicit permission to test. Unauthorized access is illegal and unethical. Focus on learning and protecting — that’s where the real career and satisfaction are.

Nice — here’s a ready-to-run personalized 3-month (12-week) cybersecurity roadmap with weekly tasks, hands-on lab setup, and project milestones. I designed it so you can follow it straight away (3–10 hours/week recommended). Let’s go.

Goal

Give you practical, job-ready skills in defensive & offensive basics, plus a portfolio project you can show employers or use for bug-bounty practice.

Quick setup (do this before Week 1 — ~2 hours)

• Create accounts: TryHackMe, Hack The Box, GitHub (for writeups), and a free cloud provider account (AWS/GCP/Azure) if comfortable.
• Install VirtualBox or VMware Workstation Player.
• Download a Kali Linux VM (for pentesting tools) and a Ubuntu server VM (for target services).
• Install Visual Studio Code and a password manager (Bitwarden).
• Create a notes folder (Markdown) to log everything — commands, room links, and writeups.

Home lab (minimum viable lab)

• Host machine (your PC) → VirtualBox.
• VMs: Kali Linux (attacker), Ubuntu Server (target), Windows 10/11 or Metasploitable/OWASP Juice Shop (vulnerable web).
• Optional: pfSense VM for a simulated network, ELK stack VM for logging.
• Snapshot VMs before experimenting.

Weekly plan — 12 weeks

Week 1 — Foundations (Networking & OS basics)

Time: 4–6 hrs

• Learn TCP/IP basics: IP, subnetting, ports, DNS, HTTP/HTTPS.
• Linux basics: file system, users, permissions, basic commands (ls, cd, cp, mv, chmod, chown).
• Windows basics: PowerShell, Event Viewer, services.
  Deliverable: Short notes + five subnetting practice problems solved.

Week 2 — Security fundamentals & threat concepts

Time: 4–6 hrs

• Read OWASP Top 10 (overview).
• Learn CIA triad (Confidentiality, Integrity, Availability), authentication vs authorization.
• Study basic cryptography concepts: hashing vs encryption, TLS purpose.
  Deliverable: 1-page summary and list of 5 mitigation controls.

Week 3 — Reconnaissance & scanning tools

Time: 5–8 hrs

• Tools: Nmap (scanning), Whois, dig, Masscan basics.
• Practice: run Nmap on your Ubuntu VM, identify open ports and services.
  Deliverable: Nmap scan report of your lab target (save as Markdown).

Week 4 — Traffic analysis & packet capture

Time: 5–8 hrs

• Tools: Wireshark, tcpdump.
• Learn how to capture traffic, filter packets, and identify HTTP vs TLS vs DNS queries.
  Deliverable: Capture an HTTP session to OWASP Juice Shop and summarize the key packets.

Week 5 — Web app security basics (offensive & defensive)

Time: 6–8 hrs

• Study XSS, SQLi, CSRF, authentication flaws (high level + examples).
• Tools: Burp Suite Community Edition and OWASP ZAP.
• Practice: exploit a simple XSS or SQLi in Juice Shop (in lab only).
  Deliverable: Short writeup describing the vulnerability and remediation.

Week 6 — Hands-on pentesting workflow

Time: 6–8 hrs

• Learn pentest phases: Recon → Scanning → Exploitation → Privilege Escalation → Reporting.
• Try a TryHackMe beginner box (complete the room and recording screenshots).
  Deliverable: Pentest checklist + screenshots + small findings list.

Week 7 — Endpoint & host hardening fundamentals

Time: 5–7 hrs

• Learn about EDR, AV basics, patch management, least privilege.
• Practice: Harden your Ubuntu VM (disable SSH password auth, setup key auth, simple UFW rules).
  Deliverable: Hardened VM checklist and commands used.

Week 8 — Logs, SIEM basics & detection

Time: 6–8 hrs

• Learn what logs to collect: syslog, Windows Event, web server logs.
• Set up a basic ELK/Graylog (or at least local file logs) and create a simple alert (e.g., many failed logins).
  Deliverable: Screenshot of logs and a detection rule described in Markdown.

Week 9 — Cloud security introduction & misconfigurations

Time: 6–8 hrs

• Learn basic cloud concepts: IAM, S3/bucket permissions, security groups.
• Practice: Create an S3 (or cloud storage) bucket and intentionally misconfigure then secure it.
  Deliverable: Cloud misconfiguration writeup (what you changed and why).

Week 10 — Forensics & incident response basics

Time: 6–8 hrs

• Learn forensic data sources: memory, disk, logs, timelines.
• Tools: Autopsy, Volatility (intro).
• Practice: Capture a simple image of a VM filesystem (or run Autopsy on a sample image) and find artifacts.
  Deliverable: Small IR timeline from your exercise.

Week 11 — Capture The Flag & real practice

Time: 8–10 hrs

• Complete 2–3 TryHackMe rooms or an easy Hack The Box machine.
• Write full technical writeups for each challenge (how you got from recon to exploit).
  Deliverable: Two polished writeups on GitHub (public repo).

Week 12 — Portfolio project & certification plan

Time: 8–12 hrs

• Final project (choose one):
  1. Pentest report for your lab (recon, findings, PoCs, remediation).
  2. Small tool or script that checks common misconfigurations (AWS S3, open ports).
  3. Detection playbook and simple SIEM rules + dashboards.
• Decide next cert path: Security+ (entry), then OSCP if pentest track, or Cloud certs for cloud security.
  Deliverable: Public GitHub repo containing your project + a one-page resume bullet list.

Tools & commands cheat-sheet (practice these often)

• Nmap quick scan: nmap -sC -sV -oN scan.txt 10.0.2.5
• Basic netcat: nc -lvnp 4444 / nc target.com 80
• Burp Suite: configure browser proxy → intercept → repeater.
• Wireshark: use http and tls display filters.
• System hardening: ufw enable, ufw allow ssh, disable root login in /etc/ssh/sshd_config.

Learning resources (free & effective)

• TryHackMe (guided beginner rooms)
• Hack The Box (more advanced)
• OWASP Juice Shop (vulnerable web app)
• NIST Cybersecurity Framework (read overview)
• YouTube channels: look for practical labs and explainers (search responsibly)

Milestones & how I’d evaluate your progress

• End of Month 1: You can scan and fingerprint a VM, capture network traffic, and explain basic attacks.
• End of Month 2: You can find and exploit simple web/vulnerabilities in a lab and harden an endpoint.
• End of Month 3: You have at least one full writeup and a portfolio project on GitHub.

Next steps after 3 months

• Pick a specialization (pentest, SOC, cloud security).
• Start applying for junior roles or internships using your GitHub writeups.
• Consider certs: CompTIA Security+ (entry), then OSCP for offensive track or AWS/Azure security certs for cloud.
• Join local security communities and CTF teams