General Cybersecurity Learning Path (Common to All Roles)
Phase 1 – Absolute Fundamentals (for non-technical beginners):
- Basic computer literacy (Windows/Linux, files, processes, CLI)
- Basic networking: OSI model, TCP/IP, IP, DNS, DHCP, NAT
- Core concepts: ports, protocols, client-server, browser basics, firewalls
- Digital hygiene and personal cybersecurity
Phase 2 – Technical Foundations:
- Operating Systems: Linux CLI (Debian/Ubuntu + Kali), Windows administration
- Practical Networking: ping, traceroute, netstat, Wireshark, nmap, ARP, VLANs
- Basic Programming: Python (scripts), bash/powershell, loops, logic
- Virtualization & Labs: VMware, VirtualBox, HyperV, NAT/bridged networks, home labs
Phase 3 – Cybersecurity Essentials:
- Threat models, attack types, incident lifecycle
- Social engineering, password attacks, phishing, MFA
- Applied cryptography (hashing, symmetric/asymmetric encryption, TLS)
- CVEs, vulnerabilities, exploits, patching concepts
- Log basics, intro to SIEM (Graylog, Wazuh, Splunk starter)
Phase 4 – Tools & Standards Intro:
- Tools: Nmap, Nessus/OpenVAS, Burp Suite, Wireshark, OSINT basics
- Frameworks: ISO 27001 (basic), NIST CSF, MITRE ATT&CK (overview only)
- Intro to cloud security (AWS/Azure fundamentals)
- Intro to GRC concepts: risk, control, policy, CIA triad
- Beginner CTFs: TryHackMe, HackTheBox (easy), picoCTF
Recommended Certifications (ordered by difficulty):
- CompTIA IT Fundamentals (ITF+)
- CompTIA A+
- CompTIA Network+
- CompTIA Security+ (or Google Cybersecurity Certificate)
Red Team Path – Offensive Security (Ethical Hacking & Exploitation)
Beginner Level:
- Ethical hacking basics
- OWASP Top 10 vulnerabilities
- Recon & enumeration (whois, dig, subfinder, amass, nmap)
- Basic web exploitation (XSS, SQLi, LFI/RFI)
- Linux/Windows privilege escalation
- Tools: Metasploit, Burp Suite, gobuster, Hydra
- Practice labs: TryHackMe, HackTheBox (easy/medium)
Intermediate Level:
- Pivoting, tunneling, lateral movement
- Active Directory attacks (kerberoasting, golden ticket, bloodhound)
- EDR/AV evasion basics
- Basic buffer overflows
- Post-exploitation techniques
- Malware and payload basics
- Intro to Cobalt Strike, Empire
Advanced Level:
- Exploit development (stack overflow, shellcode, ROP)
- Full-scope red team operations
- APT simulation, MITRE ATT&CK mapping
- EDR bypass techniques
- Custom C2 frameworks
- OPSEC and stealth
Key Certifications:
- eJPT (INE)
- PNPT (TCM Security)
- eCPPTv2 (INE)
- OSCP (Offensive Security Certified Professional)
- CRTO / CRTP (Active Directory focus)
- OSEP (Advanced Red Teaming)
- SLAE / OSED (Exploit Dev)
Blue Team Path – Defensive Security (Detection, Response, Hardening)
Beginner Level:
- Endpoint security: AV, EDR, local logs
- Basic logging: syslog, sysmon, journald
- IDS/IPS tools: Wazuh, Suricata, Snort
- Basic SIEM usage (rules, alerts)
- Basic triage and log review
- Packet analysis with Wireshark
Intermediate Level:
- Threat hunting: IOCs, YARA, Sigma rules
- Real-world SIEM management (Splunk, Sentinel, ELK)
- Disk & memory forensics (Autopsy, Volatility)
- Static/dynamic malware analysis
- Incident response workflows
- Hardening with CIS Benchmarks
Advanced Level:
- Defensive architecture (EDR, honeypots, deception)
- Threat intelligence integration
- Machine learning for anomaly detection
- APT campaign investigation
- MITRE D3FEND mapping and advanced detection engineering
Key Certifications:
- CompTIA CySA+
- Blue Team Level 1 (BTLO)
- GCIA / GCIH (SANS)
- GREM (Malware Analysis)
- Splunk Core Certified / Sentinel Fundamentals
- CHFI (Computer Forensics)
Purple Team Path – Hybrid (Simulation & Collaboration)
Beginner Level:
- Broad understanding of both Red and Blue techniques
- Familiarity with MITRE ATT&CK and D3FEND
- Adversary simulation basics (Atomic Red Team, Caldera)
- Correlating attacker behavior with logs
Intermediate Level:
- True purple teaming: controlled attacks + detection testing
- Automating TTPs (scripts, simulators, mini-C2)
- Measuring control effectiveness
- Validating SIEM rules using real attacks
- Bridging technical insights to GRC decisions
Advanced Level:
- Designing internal adversary simulations
- Tools: SCYTHE, Prelude, AttackIQ
- Purple team ranges & red/blue coordination
- Metrics, detection gaps, and reporting
Key Certifications:
- CRTP + BTLO
- CARTP (Adversary Simulation)
- SCYTHE Purple Team Exercise Framework
- MITRE ATT&CK Defender (MAD)
- SANS SEC599 (Purple Ops)
GRC Path – Governance, Risk & Compliance
Beginner Level:
- Basics of information security (ISO 27001)
- Policy vs procedure vs control
- Intro to risk assessment (assets, threats, impact)
- Data privacy (GDPR, confidentiality)
- SGSI lifecycle
- Audit fundamentals
Intermediate Level:
- Implementing ISO 27002 controls
- Internal & external audits
- Multi-framework compliance (TISAX, NIST, ENS)
- Third-party management, SLAs, legal clauses
- Business continuity & DRP basics
- IAM governance
Advanced Level:
- Leading corporate security programs
- Cross-framework compliance leadership
- Cybersecurity strategy & governance
- Incident/crisis management from the board level
- Security awareness programs & risk communication
Key Certifications:
- ISO 27001 Lead Implementer / Auditor
- CISM (InfoSec Management)
- CISA (InfoSys Auditor)
- CRISC (Risk and Information Systems Control)
- DPO (Data Protection Officer / GDPR)
- TISAX Practitioner / ISA-SP