SecuritySecrets
Learning Paths

Structured routes into cybersecurity.

Three paths built from real experience — pick one and follow the milestones. No paid course required.

Which path is right for me?

New to cybersecurity? Start with Beginner. Want a security career and love puzzles, logs, and alerts? Aim for SOC Analyst. Curious about hacking, labs, and breaking things legally? Try Red Team. Honest note — you can switch, combine, and revisit. The paths are a compass, not a cage.

🟢

Beginner Path

Start Here: Your First Steps into Cybersecurity

For people with zero background. We start from the very beginning — no jargon, no gatekeeping.

What Cybersecurity Actually Is

Beginner

Demystify the field. What do security professionals really do day-to-day?

Key topics
The CIA TriadAttackers vs defendersWhy security matters
Recommended
  • Google Cybersecurity Certificate (intro module)
  • YouTube: Professor Messer intro videos

How the Internet Works

Beginner

You cannot defend what you do not understand. A gentle tour of networking.

Key topics
IP addresses & DNSHTTP vs HTTPSWhat a firewall does
Recommended
  • Cloudflare Learning Center
  • How DNS Works (comic)

The Big Four Threats

Beginner

Phishing, malware, social engineering, weak passwords — how most people actually get hacked.

Key topics
Phishing & smishingMalware familiesSocial engineeringCredential stuffing
Recommended
  • StopThinkConnect.org
  • Have I Been Pwned

Staying Safe Online — The Practical Kit

Beginner

Turn theory into habits. The tools everyone should use.

Key topics
Password managersMulti-factor authenticationAntivirus basicsVPN essentials
Recommended
  • Bitwarden
  • Authy / Aegis
  • Windows Defender basics

Your First Certification

Beginner

A roadmap to your first recognised credential — without spending a fortune.

Key topics
Google Cybersecurity CertificateCompTIA Security+ introFree labs on TryHackMe
Recommended
  • Coursera (Google)
  • CompTIA SY0-701
  • TryHackMe Pre-Security path
🔵

SOC Analyst Path

Level Up: Becoming a Security Operations Analyst

For those who want to break into — or grow inside — a Security Operations Center. Practical, experience-driven.

Understand the SOC Environment

Beginner

Shifts, tiers, escalation paths, and what a day in a SOC really looks like.

Key topics
L1/L2/L3 rolesIncident lifecycleRunbooks & SLAs
Recommended
  • Blue Team Handbook
  • SANS SOC Survey (latest)

Log Analysis & SIEM Tools

Intermediate

Live and breathe logs. Learn to query the tools used in real SOCs.

Key topics
Splunk SPLMicrosoft Sentinel (KQL)ELK StackWindows Event Logs
Recommended
  • Splunk Fundamentals 1 (free)
  • KC7 Cyber
  • BOTSv3 dataset

Alert Triage & Incident Response

Intermediate

Turn a noisy alert into a decision in under 10 minutes.

Key topics
Triage workflowEnrichment sourcesContainment basicsHandover notes
Recommended
  • LetsDefend.io
  • CyberDefenders labs

Threat Intelligence Basics

Intermediate

Know your adversary. Use intel to prioritise what matters.

Key topics
IOCs vs TTPsPyramid of PainOpen-source feeds
Recommended
  • MISP
  • AlienVault OTX
  • MITRE ATT&CK Navigator

MITRE ATT&CK Framework

Intermediate

The shared language of modern defence. Map detections and gaps like a pro.

Key topics
Tactics & techniquesATT&CK NavigatorDetection coverage mapping
Recommended
  • attack.mitre.org
  • ATT&CK Flow

Networking for Analysts

Intermediate

Enough networking to debug an alert, not enough to build a router.

Key topics
TCP/IP refresherDNS in depthProxy & TLS inspectionWireshark basics
Recommended
  • Practical Packet Analysis (book)
  • TryHackMe Networking

Certifications & Career Growth

Advanced

A realistic certification ladder for SOC roles — what helps and what does not.

Key topics
CompTIA CySA+BTL1 (Security Blue Team)Microsoft SC-200
Recommended
  • BTL1
  • CySA+ CS0-003
  • SC-200 learning path
🔴

Red Team Path

Go Offensive: Introduction to Red Teaming & Ethical Hacking

For those curious about the offensive side. Technical but honest — including how hard it really is.

Red Team vs Pentest vs Bug Bounty

Beginner

Clear the confusion. Each discipline has different goals, scopes, and skillsets.

Key topics
Engagement typesScope & rules of engagementCareer trade-offs
Recommended
  • Red Team Field Manual
  • Offensive Security blog

Build Your Lab

Beginner

Your playground. Break things legally and learn fast.

Key topics
Kali LinuxVirtualBox / VMwareVulnerable VMs (Metasploitable, DVWA)
Recommended
  • Kali Linux docs
  • VulnHub
  • HackTheBox Starting Point

Reconnaissance

Intermediate

Information is ammunition. Learn to map a target before touching it.

Key topics
Passive OSINTSubdomain enumerationPort & service discovery
Recommended
  • Amass
  • Subfinder
  • Shodan

Exploitation Basics

Intermediate

From "I see a service" to "I have a shell" — the fundamentals.

Key topics
Common web vulnsService exploitationPayload handling
Recommended
  • PortSwigger Web Academy
  • Metasploit Unleashed

The Core Toolkit

Intermediate

Tools you will use every single engagement.

Key topics
NmapMetasploitBurp SuiteImpacket
Recommended
  • Official docs
  • HackTricks
  • PayloadsAllTheThings

CTFs as Deliberate Practice

Intermediate

Apply, fail, learn, repeat. The fastest way to grow.

Key topics
HackTheBoxTryHackMeCTFtime events
Recommended
  • HackTheBox Academy
  • TryHackMe Offensive path

Certification Roadmap

Advanced

An honest take — eJPT is a great starting point, OSCP is no joke.

Key topics
eJPTCEH (practical)OSCP / PNPT
Recommended
  • INE / eLearnSecurity
  • Offensive Security
  • TCM Security