Home/Roadmaps/Cybersecurity Expert
Roadmap · Updated May 2026

The Cybersecurity Expert trek

From networking fundamentals to red team operations. Offensive and defensive security, cloud threats, incident response, and the certifications that open doors.

Stages
13
Estimated time
10 months
Level
Beginner → Advanced
Maintained by
3 practitioners
01
Stage 01

Networking fundamentals

TCP/IP, DNS, HTTP/S, TLS, and the OSI model as a mental framework for understanding every protocol-level attack.

NetworkingTCP/IPBeginner
02
Stage 02

Linux & OS internals

The file system, process model, permissions, capabilities, and kernel concepts that underpin every exploit and every defense.

LinuxOS InternalsBeginner
03
Stage 03

Cryptography

Symmetric and asymmetric crypto, hashing, PKI, and the attacks on each. You don't need to implement crypto — you need to know when it's misused.

CryptographyPKITLS
04
Stage 04

Web application security

OWASP Top 10, SQL injection, XSS, CSRF, SSRF, authentication flaws — and how to find and fix them before attackers do.

WebOWASPBurp Suite
05
Stage 05

Network scanning & enumeration

Reconnaissance is the foundation of every engagement. Learn the tools, learn what they reveal, and learn how defenders see them.

NmapReconEnumeration
06
Stage 06

Penetration testing methodology

The structured approach to pentesting: scoping, rules of engagement, exploitation, post-exploitation, and professional reporting.

PentestingMetasploitExploitation
07
Stage 07

Exploit development basics

Buffer overflows, shellcode, and understanding memory corruption — the foundation for reading CVEs and understanding what actually got exploited.

Exploit DevBuffer Overflowx86
08
Stage 08

Malware analysis & reverse engineering

Static and dynamic analysis techniques for understanding what malicious code does — without running it blindly.

MalwareReverse EngineeringGhidra
09
Stage 09

Cloud security

AWS, GCP, and Azure attack surfaces. Misconfigured buckets, SSRF-to-metadata attacks, IAM privilege escalation, and cloud-native defenses.

Cloud SecurityAWSIAM
10
Stage 10

Defensive security & blue team

SIEM, EDR, detection engineering, and building the alerting pipelines that catch attackers before they achieve their objectives.

Blue TeamSIEMDetection
11
Stage 11

Incident response & forensics

When the breach happens: containment, evidence collection, timeline reconstruction, and the post-incident report that prevents recurrence.

Incident ResponseForensicsDFIR
12
Stage 12

Red team operations & threat modeling

Full-scope red team engagements, adversary simulation, MITRE ATT&CK-mapped TTPs, and the threat modeling skills that bridge offense and defense.

Red TeamMITRE ATT&CKC2
13
Stage 13

Certifications & capstone

Map your skills to industry certifications, build a public portfolio, and plan your career path across red team, blue team, cloud security, or AppSec.

CertificationsOSCPPortfolioAdvanced

Trek complete. What's next?

You've walked the full roadmap. Now ship the capstone, write about it, and share the path with the next engineer who needs it.

Read the blogExplore more roadmaps