Another over 40 year old here, I started thinking about this at 40 and just procrastinated. If I had of had a guided road map like this I would have finished by now and (maybe) be working in CS. Thank you very much for sharing this amazing information, you are a legend.
@@CyberChronicler Will do. Still on the lookout, atm I am following one I've cobbled together from various sources, but would be amazing to have an expert's input on this.
✨When I was 18 I watched this video at that time really don’t know from where to start ✅After watching this road map I start in Linux. …….. Today (21/03/2024 ) I passed eJPTv2 ✅and study for OSCE3 💯….. 😊How far I come…… Even I have to learn lot lot lot of things. I know But it hits different when I look back……❤❤
Wow, I dont think this could have came at a better time. TODAY I passed my Security + exam, I know you say certs arent all that. However this was a goal of mine, recently beating cancer a few months ago I realized that I had to kick my ass into gear before something comes I cant beat lol. I just graduated from my local CC with a AAS for Information Tech - Cyber Security and looking for a position in Cyber, Im 21 so my prio jobs are lacking lmao. This video is a blessing, THANK YOU.
@@OneManCanStopTheMotorOfWorld Yeah definitely trying to get a job right now, not the easiest lol. I’m looking all around the country for SOC tier one. I may have to start at a help desk, but it would have to be local, I don’t think it would be worth moving for a help desk job. What’s your opinion
@@SkyThoughtss I know a lot for guys who start out doing help desk nothing wrong with that. How’s your programming and scripting skills? I would try and up some assembly and try to get involved with some CTF’s I know that’s not for everyone but I do have some close friends who were offered 6 figure jobs just by way of competing so there’s that, if the help desk job is going to lead to something better or give you “IT experience” I would say don’t knock it. You don’t have to put so much pressure to get there over night, but yeah man just keep adding to your skill base and learn the material that some of these certs want you to learn but instead of just memorizing test questions really go in depth on the concepts within networking and cloud and a little automation is only going to help. Keep at it man, and you’ll get where your trying to go, I would say help desk is never bad though especially if it’s going to give you experience you need. Also I would recommend working with some physical equipment and try and build some projects you are interested in that will help you learn and teach at the same time. Another thing you can do I start a RUclips channel talking about some of these concepts as side income which could also end up helping you land a job simultaneously while also being a cheat code because when you teach others you are secretly reinforcing your knowledge and level of understanding way more than just going through the motions, but no more cert rabbit hole it really angers me the amount of bad advice out there telling everyone they need a ccna. Yeah I have it but unless I’m gonna go to work for Cisco it’s borderline useless lol
@@OneManCanStopTheMotorOfWorld Yeah, it’s just the salary for help desk that is unnerving, like I’m not going to move for equal too or less than 20$ an hour, i don’t think that’s smart. However I am top 4% on try hack me, and have set up IDS, SIEM’s, and a Active Directory domain as home labs. Since I have limited job experience I just put these on my resume.
@@SkyThoughtss I hear you man just keep learning you’ll get there eventually I didn’t learn all this overnight, I’ve been at it for 7-8 years and it’s only just starting to all make sense at first it all felt like mandarin. Just be consistent and you’ll get where you wanna be man
Fascinating. Many Thanks for sharing your knowledge. I'm a 65 year old hobbyist studying this stuff just because it interests me. No pro ambitions. Learned to code FORTRAN in the late 1970s as a Math undergrad, when it was all done with punch cards. I remember Life Before Internet. (Must have been about 15 when pocket calculators first appeared.:-)) Blows me away just what it's possible to learn online these days. To those looking to build a career in this field, I wish you the very best of everything. Just remember, the fact that it's not easy, that it requires some grit and determination, is your opportunity. Most can't or won't apply themselves.
Thank you, i got my cyber security cert a year and half ago, ive been uaing conputers since age one. The amount of information is insane. This road map is very useful for me and will be very useful for every person who wants to get into cybersecurity, especially nowadays when we all know it is the future. Thank you for this!
I couldn't have arrived at a better time. I am just beginning my IT career. There's a lot of information out there and often time it's overwhelming, However, this practical presentation gives me a clear cut explanation of how to proceed by working a plan over a specific amount of time. Thank you! I am now subscribed!
As a computer science student looking forward to get into cybersecurity, this is the most informative video I have seen on how to get started in the field, awesome video. Thank you so much.
Thank you for this valuable information, Alexis. I'm making the switch to CS after being in the restaurant industry for the last 20 years. My last work in IT was as a web developer when CSS was new. Quite a long time ago. While I am in school I am also watching your content and learning something new every single time. Your web application pen tester series is fantastic!
Thank you so much for this! I am currently getting my CCNA(finally) after 4 years of thinking about it. I have been following you for a long time (before the hackersploit academy) and you have always been a motivating factor for me to pursue a career in Cyber Security. You have always had a huge positive impact on me, and I strive to be like you. Thank you for sharing your knowledge, I will make the best of it.
Это просто невероятное изобретение! У меня скопилась груда софта и скриптов который я собирал и с трудом находил информацию по ним и описани в поисковых системах. Благодаря этому чату за сегодня я узнал очень много интересного для себя. Не нужно сидеть и искать, вычитывать информацию в статьях. Все кратко, но по факту без лишней воды! Если появились вопросы, то чат почти на все отвечает. Ставлю 9,5 из 10 баллов. Конечно еще есть к чему стремиться, но это правда поражает воображение. С какой легкостью можно получать информацию.
I remember when I made a career change from traditional IT to IT security and then later to cybersecurity ten years ago. I walked a very lonely road with no one to guide or mentor me sure I reached out to folks who were already experienced in the field and got all different types of advice to the point where I was completely overwhelmed. Looking back on back on that journey I now realize how important this video is for beginners in the wonderful, challenging, and exciting world of cybersecurity. Excellent content and looking forward to the blue team guide.
Thank you, I am a network tech/engineer on my 1st year. I'm so excited for my cyber sec journey! This video has cleared up a lot of things for me looking forward.
As always thank you for your videos!! As a contractor switching into the field i really appreciated hearing your bit in the video about us doing well ;) I am hopeful to start a business in the field within 5 years. Would like to talk more on the topic later when i know more. Thank you again!
Thank you. This is a good list. People often forget that to be good at cybersecurity you pretty much need to have a full picture view of computing. And be able to zoom into any part of it to get into the details.
Thank you for making this Alexis. It looks to me like the initial foundation layer (year 1) is: Windows (including active directory), Linux, Networking, Scripting and Security fundamentals. That maps across fairly closely to TCM’s 2023 video on becoming an ethical hacker (cover the material in A+, Network+, Security+, learn Linux, Scripting). The major exception being more focus on Windows in yours, but that makes sense to me. I like many others use Windows in my current office job, and I know we use Active Directory. Learning that will certainly demystify a big piece of I.T. for me, I think. Even though it’s worded differently and there may be more depth in your guide in some areas, it’s nice as a learner to see general alignment between two great content creators!
Thanks for including that part at the end about setting realistic timeframes and taking breaks for other things. I'm currently unemployed and just recently got really into all this cybersecurity stuff, and I'm not getting any younger (mid 30s), so there's a strong temptation to just spend all day every day learning as much as possible as quickly as possible, especially when I see so many people younger than me that are already way ahead. But the burn out factor is real, and hearing you say that spending more than 4-6 hours at a time learning isn't going to do me any favors makes me feel reassured about tempering my enthusiasm a little bit before I spread myself too thin.
Liked the way you explained about the road map for the cyber security but you should have also told about specific books or the courses from where students would have learned everything. like for example about the windows learning course specifically to learn windows keeping in mind cyber security as everyone uses windows operating system now a days but keeping in mind cyber security. make a video and give reference to books and videos courses related to this video roadmap guide
This really gave me the guts to go forward in this direction. I am in my mid 30s, come from a completely different industry (carpentry) but always sat in front of a computer in my freetime being productive on it. Made my first webpages when I was 13/14 but I thought html(it is, so I was right) was lame so I just sticked to the design, let it slice by photoshop and manipulated the html how I needed it. But also that was too boring, I started networking with friends, but none of them seemed too interested except lan-party gaming and from that on I somehow lost the way since other things in life were more interesting (also back than we didnt have internet at home, I couldnt feed on my interests).20 years later, lots of wasted time and bad decisions I started programming to a degree where it was not healthy anymore (approx 10-12hrs a day), started a CS degree but quit it because it was way too easy on the one hand, and on the other hand it was way too stressful for me to do next to a job (also I hate economics and 1/3 of that degree was some economics stuff, for me a complete waste of time, which I didnt have) and also I was not liking the degree because a lot of people just want it to make money and because its hyped. I always hated this attitude. I missed a lack of interest and modernity in the university structure itself, there was no hands-on creative culture, just study, eat, sleep, write down, forget everything again, make a degree on which you forgot 90% due to stress and die. Its for me the best direct path to very hard depressions since I get bored very easily (carpentry was a good choice, because it was always a thrill to work on a roof). Now I am working as a webapp dev, but also this is way too boring. People get crazy about code but I just look at it, understand it and there is no mystery or elegance in it. I miss the lack of good engineering in this realm too. No pride in being an engineer developing complex webapps will just lead to really bad complex webapps with many flaws. I cant fight it in my company, because its so big and everything is very stiff and nobody in capitalism seems to find security important("but the customer!!!"). So I really got depressed with this work now. Its just a pain in the butt working on a bad product and play nice even though you know that it is bs. I was always looking at security as something I was interested in, but never would be good enough because you know..."hackers are always geniuses" which I am completely not. But reality is different and this really gave me the guts to go in this direction. The things I miss rn at my work as webapp dev is analyzing this system to a point of understanding, that one can actually design it a lot better...or break it which is way more fun since its thrilling. Also the lack of interest in technical depths (but not technical debts ;( ) is something that buggers me hardcore. Its even in front-end or wherever an ENGINEERING profession, and people at work talk sometimes about it like they know everything and just simply dont care about doing good work. Thanks for this video Alexis! It helps me a lot going into this profession.
Man thank u so much, personnaly I had a very big problem organizing my learning resources cause I'm very new to the field... so thank u so much 🌹🌹 و الله يبارك فيك و يوفقك جزاك الله عنا كل خير 🌹🌹🌹🌹
This is great! Thank you for putting this together! I just completed a cybersecurity boot camp and want to work on building my experience to eventually become a pen tester/red teamer! For me the boot camp was very helpful because it has provided the fundamentals platform that I needed. I am transitioning careers from sales and operations. My goal is to become a pen tester/ red team within the next 5 yrs or sooner. This roadmap is excellent and provides so much clarity as to what I need to hone in on. Thank you!
Just starting into year two activities after having completed a cybersecurity bootcamp last year, now studying on my own this was a great reassurance to know im learning and have learned all relevant information
Thank you very much for being realistic. A perfect guide that builds self-awareness that we should avoid the ''how to" tutorials that somehow doesn't turn out to be a successful game changer.
Wow! Thank you so much for this. This is so valuable because I haven't seen anything like this anywhere yet. Like many other commenters I am 40 and kind of switching careers from elsewhere in technology. My old career I knew well. This side of the house I feel pretty lost. I know what I like to do. I had no idea how to get there and have been trying to figure that out. Now I have a reference to guide me somewhat. I will develop my own path I'm sure but this will help get me there. Thanks again!
3 Year Cybersecurity Roadmap ----------------- YEAR 1 WINDOWS Learn how to install, configure and administer Windows. How Windows works and the various components that make up the operating system. Learn how to secure and harden Windows. (CIS Benchmarks) Get an understanding of how Windows passwords are hashes and stored. Become comfortable with the Windows command line. Learn how to setup and configure and Active Directory environment. LINUX Learn how to install, configure and administer Linux. Learn how Linux works Learn how to secure and harden Linux. Become comfortable with the terminal. Learn how to install and utilize various Linux distributions. Vim, sed, awk and regex! Please learn Git SCRIPTING Learn how to utilize PowerShell and write PS scripts. Learn how to automate tasks on Linux by leveraging shell scripts. Python! - Start simple and move on to developing what interests you. Programming is about solving problems. You cannot watch tutorials all the time, get a bit of knowledge and analyze the codes, try to do your own project and solve problems. NETWORKING Understand the OSI model Understand the common ports used by various services. Learn how common protocols like HTTP, SSH, FTP, SMB etc work. Learn how to analyze traffic, more specifically, how to analyze packets with tools like TCPDump and Wireshark. Get some gear (routers, switches etc) and setup your own home network! Learn how firewalls work. (Pfsense) SECURITY FUNDAMENTALS Security Concepts Attacks, threats, vulnerabilities, risk etc. CIA Triad GRC Infosec Terminology Security Standards CIS NIST ----------------- ----------------- YEAR 2 PENTESTING METHODOLOGIES & FRAMEWORKS PTES (Penetration Testing Execution Standard) MITRE ATT&CK Cyber Kill Chain OWASP Top 10 OWASP Security Testing Guide Understand the industry standard methodologies used for pentests. Analyze open source pentesting reports. HOME LAB Virtualization: VirtualBox & VMWare DevOps: Docker & Kubernetes Setup your own hacking lab: Kali/Parrot Box. VulnHub, HackTheBox - Get your hands dirty with CTF challenges. PENTESTING FUNDAMENTALS Kali Linux Essentials - Kali Linux Revealed. Netcat, SOCAT etc. File transfers with Linux & Windows. Passive Information Gathering & OSINT. Active Information Gathering Network & Port Scanning. Enumeration. Vulnerability Scanning. EXPLOITATION & POST-EXPLOITATION Metasploit, PowerShell-Empire. Searching for and modifying exploits. Develop your own Metasploit modules. Client-side attacks. Buffer Overflows. Windows & Linux Exploitation (Services & CVEs). Post-Exploitation Techniques. Privilege Escalation. Password cracking. PRACTICE LIKE HELL! CTFs Research - Videos, books, blogs and writeups. Identify your weak spots and level up! Write your own pentesting reports for the CTF/boxes you pwn. Start your own blog/channel. Document and keep notes. (Build a personal knowledge base) WEB APP PENTESTING & BUG BOUNTIES Pwn vulnerable web apps. Develop your own web app. Watch everything from Jason Haddix & Nahamsec. Web proxies (OWASP ZAP & Burp Suite). Recon! OWASP Top 10 Get started with Bug Bounties. Read reports and blogs. ----------------- ----------------- Year 3 PENTESTING & RED TEAMING AV & EDR Evasion. AD Penetration Testing. Red Teaming TTPs. Port Forwarding & Pivoting. C2 Frameworks. Phishing & Initial Access TTPs. Resource Development. ADVERSARY EMULATION Analyze APT/Threat Group Ops. Learn how to use EDRs and SIEMs to detect your attacks and understand the defender's perspective. Manually & Automatically emulate APTs/Threat Groups. REVERSE ENGINEERING Assembly - x86 & x64 C, C++ & C#. Binary Exploitation. Debugging (IDA, Immunity, GDB) -----------------
Hi Alexis. Thank you so much for this great video. I'm 50+ and looking to pivot into Cyber and I've been learning a lot but with no direction. After watching your video I now have a direction to go in and hopefully put things together finally. Please do create a Blue team video or bootcamp. I'm very interested in SOC and DFIR. Thanks for all your hard work.
I am a student had a Bachelor in Computer Science and now I'm attending the Master in which I'll make some project about this topic. So, I would like to became an expert in this industry and your roadmap is very good. Thank you for sharing this knowledge with us!
I have been in the IT field for over ten years, and I have purchased books, installed VMs, and earned certs. I still struggle but that comes from being impatient, but I enjoy the journey. I will say frustration is the companion of this study.
You can contact ⤴️🔝🔝 phoebe_hacker for being there with me when I was not able to access my wallet , I was having sleepless night, but all thanks to #Phoebe_hacker he's is such a genius
Why haven’t you posted for the last 9 months? Thanks for the video though, and for your time for putting this together. Had my own advantage from this one.
A very straight forward video sir but I am 2 years late for this video .. hope you have uploaded it 2 years before. But thank you so much sir it's a very helpful content like your all other videos
I totally agree about not being bias with Linux, Windows and OSX, I use all three, although right now I'm reading windows internals, it's a very good book. I'm also reading about patch guard and hypervision.
You can contact ⤴️🔝🔝 phoebe_hacker for being there with me when I was not able to access my wallet , I was having sleepless night, but all thanks to #Phoebe_hacker he's is such a genius
I developed few exploits and someone from high school workshop made by company which invited some of the students where i was one of them, they stealed me exploit and got money from it, so i then on another workshop did backdoor exploit for their linux machines and i literally got into their base syscall systems inside of a root user and encrypted the whole company even their saves... By me it was positive pressure for them :) Them as a company failed to cover backups so the company crashed.
thank you very much for the great content, i have one question. you said that it's gonna take 3 years. how many learning hours you think i should put in daily to finish this programe in 3 years ?.
I liked your video for how detailed it was and how many great tips on discipline and mindset towards learning new skills you gave. However I'd love it, if you provided some resources to the topics. Like for example where can I get the knowledge presented in the slides for Y1 Windows, Linux and Networking etc. To anyone reading: Do you guys have some good resources for each step or is it on us to find good learning sources?
Thank you for this plan explaination in cybersecurity descpline. And Could you please provide video to express how can I build the cyber security department and what is the division must be in this department with task and job description for each section that can apply in any organization small , medium and enterprise.
![KSI - Thick Of It (feat. Trippie Redd) [Official Music Video]](http://i.ytimg.com/vi/At8v_Yc044Y/mqdefault.jpg)
Another over 40 year old here, I started thinking about this at 40 and just procrastinated. If I had of had a guided road map like this I would have finished by now and (maybe) be working in CS.
Thank you very much for sharing this amazing information, you are a legend.
👨💻
sad to hear man, Im on the same point but thanks to your comment. It helped me to realize not to waste time anymore :)
REALLY grateful for this, a Blue Team/Defense version would be equally amazing whenever you have the chance!
This is exactly what i'm looking for, if you find one, please let me know
@@CyberChronicler Will do. Still on the lookout, atm I am following one I've cobbled together from various sources, but would be amazing to have an expert's input on this.
@@gitgudsec wow can you please share that with me
✨When I was 18 I watched this video at that time really don’t know from where to start
✅After watching this road map I start in Linux. ……..
Today (21/03/2024 ) I passed eJPTv2 ✅and study for OSCE3 💯…..
😊How far I come……
Even I have to learn lot lot lot of things. I know
But it hits different when I look back……❤❤
miss you, Alexis!
your channel is one of the best!
what are you doing now? I wish there were new videos from you
🙏
Wow, I dont think this could have came at a better time. TODAY I passed my Security + exam, I know you say certs arent all that. However this was a goal of mine, recently beating cancer a few months ago I realized that I had to kick my ass into gear before something comes I cant beat lol. I just graduated from my local CC with a AAS for Information Tech - Cyber Security and looking for a position in Cyber, Im 21 so my prio jobs are lacking lmao. This video is a blessing, THANK YOU.
great job man; that sec+ is required by alot of places for being a sys admin.
@@OneManCanStopTheMotorOfWorld Yeah definitely trying to get a job right now, not the easiest lol. I’m looking all around the country for SOC tier one. I may have to start at a help desk, but it would have to be local, I don’t think it would be worth moving for a help desk job. What’s your opinion
@@SkyThoughtss I know a lot for guys who start out doing help desk nothing wrong with that. How’s your programming and scripting skills? I would try and up some assembly and try to get involved with some CTF’s I know that’s not for everyone but I do have some close friends who were offered 6 figure jobs just by way of competing so there’s that, if the help desk job is going to lead to something better or give you “IT experience” I would say don’t knock it. You don’t have to put so much pressure to get there over night, but yeah man just keep adding to your skill base and learn the material that some of these certs want you to learn but instead of just memorizing test questions really go in depth on the concepts within networking and cloud and a little automation is only going to help. Keep at it man, and you’ll get where your trying to go, I would say help desk is never bad though especially if it’s going to give you experience you need. Also I would recommend working with some physical equipment and try and build some projects you are interested in that will help you learn and teach at the same time. Another thing you can do I start a RUclips channel talking about some of these concepts as side income which could also end up helping you land a job simultaneously while also being a cheat code because when you teach others you are secretly reinforcing your knowledge and level of understanding way more than just going through the motions, but no more cert rabbit hole it really angers me the amount of bad advice out there telling everyone they need a ccna. Yeah I have it but unless I’m gonna go to work for Cisco it’s borderline useless lol
@@OneManCanStopTheMotorOfWorld Yeah, it’s just the salary for help desk that is unnerving, like I’m not going to move for equal too or less than 20$ an hour, i don’t think that’s smart. However I am top 4% on try hack me, and have set up IDS, SIEM’s, and a Active Directory domain as home labs. Since I have limited job experience I just put these on my resume.
@@SkyThoughtss I hear you man just keep learning you’ll get there eventually I didn’t learn all this overnight, I’ve been at it for 7-8 years and it’s only just starting to all make sense at first it all felt like mandarin. Just be consistent and you’ll get where you wanna be man
Fascinating. Many Thanks for sharing your knowledge.
I'm a 65 year old hobbyist studying this stuff just because it interests me. No pro ambitions.
Learned to code FORTRAN in the late 1970s as a Math undergrad, when it was all done with punch cards.
I remember Life Before Internet. (Must have been about 15 when pocket calculators first appeared.:-))
Blows me away just what it's possible to learn online these days.
To those looking to build a career in this field, I wish you the very best of everything. Just remember, the fact that it's not easy, that it requires some grit and determination, is your opportunity. Most can't or won't apply themselves.
you are tooooo. excellent👍
Thank you, i got my cyber security cert a year and half ago, ive been uaing conputers since age one. The amount of information is insane. This road map is very useful for me and will be very useful for every person who wants to get into cybersecurity, especially nowadays when we all know it is the future.
Thank you for this!
I couldn't have arrived at a better time. I am just beginning my IT career. There's a lot of information out there and often time it's overwhelming, However, this practical presentation gives me a clear cut explanation of how to proceed by working a plan over a specific amount of time. Thank you! I am now subscribed!
ditto!
As a computer science student looking forward to get into cybersecurity, this is the most informative video I have seen on how to get started in the field, awesome video. Thank you so much.
Thank you for this valuable information, Alexis. I'm making the switch to CS after being in the restaurant industry for the last 20 years. My last work in IT was as a web developer when CSS was new. Quite a long time ago. While I am in school I am also watching your content and learning something new every single time. Your web application pen tester series is fantastic!
Thank you so much for this! I am currently getting my CCNA(finally) after 4 years of thinking about it. I have been following you for a long time (before the hackersploit academy) and you have always been a motivating factor for me to pursue a career in Cyber Security. You have always had a huge positive impact on me, and I strive to be like you. Thank you for sharing your knowledge, I will make the best of it.
Это просто невероятное изобретение! У меня скопилась груда софта и скриптов который я собирал и с трудом находил информацию по ним и описани в поисковых системах. Благодаря этому чату за сегодня я узнал очень много интересного для себя. Не нужно сидеть и искать, вычитывать информацию в статьях. Все кратко, но по факту без лишней воды! Если появились вопросы, то чат почти на все отвечает. Ставлю 9,5 из 10 баллов. Конечно еще есть к чему стремиться, но это правда поражает воображение. С какой легкостью можно получать информацию.
where are you, bro? you are missed 😥😥
I think the eLearn / iNE stuff is keeping him busy
I remember when I made a career change from traditional IT to IT security and then later to cybersecurity ten years ago. I walked a very lonely road with no one to guide or mentor me sure I reached out to folks who were already experienced in the field and got all different types of advice to the point where I was completely overwhelmed. Looking back on back on that journey I now realize how important this video is for beginners in the wonderful, challenging, and exciting world of cybersecurity. Excellent content and looking forward to the blue team guide.
Thanks for commenting. I appreciate it.
I printed it and hang on a wall , definitely best roadmap in the wild , no bs just straight to the point . thank you
Thank you, I am a network tech/engineer on my 1st year. I'm so excited for my cyber sec journey! This video has cleared up a lot of things for me looking forward.
As always thank you for your videos!! As a contractor switching into the field i really appreciated hearing your bit in the video about us doing well ;) I am hopeful to start a business in the field within 5 years. Would like to talk more on the topic later when i know more. Thank you again!
Great video. Thanks. Please do a BlueTeam one!
Thank you. This is a good list. People often forget that to be good at cybersecurity you pretty much need to have a full picture view of computing. And be able to zoom into any part of it to get into the details.
Thank you for making this Alexis. It looks to me like the initial foundation layer (year 1) is: Windows (including active directory), Linux, Networking, Scripting and Security fundamentals.
That maps across fairly closely to TCM’s 2023 video on becoming an ethical hacker (cover the material in A+, Network+, Security+, learn Linux, Scripting). The major exception being more focus on Windows in yours, but that makes sense to me. I like many others use Windows in my current office job, and I know we use Active Directory. Learning that will certainly demystify a big piece of I.T. for me, I think.
Even though it’s worded differently and there may be more depth in your guide in some areas, it’s nice as a learner to see general alignment between two great content creators!
Thanks for including that part at the end about setting realistic timeframes and taking breaks for other things. I'm currently unemployed and just recently got really into all this cybersecurity stuff, and I'm not getting any younger (mid 30s), so there's a strong temptation to just spend all day every day learning as much as possible as quickly as possible, especially when I see so many people younger than me that are already way ahead. But the burn out factor is real, and hearing you say that spending more than 4-6 hours at a time learning isn't going to do me any favors makes me feel reassured about tempering my enthusiasm a little bit before I spread myself too thin.
Liked the way you explained about the road map for the cyber security but you should have also told about specific books or the courses from where students would have learned everything. like for example about the windows learning course specifically to learn windows keeping in mind cyber security as everyone uses windows operating system now a days but keeping in mind cyber security. make a video and give reference to books and videos courses related to this video roadmap guide
This video was amazing. I had been looking for something like this and popped up at the right time. Thank you for putting this info out there!
This is awesome, thank you for your humility and willingness to share.
Thank you for making an effort and let people start their paths. An excellent guide..
i have watched many videos...yours are clearing the fog.. great work! thank you
This really gave me the guts to go forward in this direction. I am in my mid 30s, come from a completely different industry (carpentry) but always sat in front of a computer in my freetime being productive on it. Made my first webpages when I was 13/14 but I thought html(it is, so I was right) was lame so I just sticked to the design, let it slice by photoshop and manipulated the html how I needed it. But also that was too boring, I started networking with friends, but none of them seemed too interested except lan-party gaming and from that on I somehow lost the way since other things in life were more interesting (also back than we didnt have internet at home, I couldnt feed on my interests).20 years later, lots of wasted time and bad decisions I started programming to a degree where it was not healthy anymore (approx 10-12hrs a day), started a CS degree but quit it because it was way too easy on the one hand, and on the other hand it was way too stressful for me to do next to a job (also I hate economics and 1/3 of that degree was some economics stuff, for me a complete waste of time, which I didnt have) and also I was not liking the degree because a lot of people just want it to make money and because its hyped. I always hated this attitude. I missed a lack of interest and modernity in the university structure itself, there was no hands-on creative culture, just study, eat, sleep, write down, forget everything again, make a degree on which you forgot 90% due to stress and die. Its for me the best direct path to very hard depressions since I get bored very easily (carpentry was a good choice, because it was always a thrill to work on a roof).
Now I am working as a webapp dev, but also this is way too boring. People get crazy about code but I just look at it, understand it and there is no mystery or elegance in it. I miss the lack of good engineering in this realm too. No pride in being an engineer developing complex webapps will just lead to really bad complex webapps with many flaws. I cant fight it in my company, because its so big and everything is very stiff and nobody in capitalism seems to find security important("but the customer!!!"). So I really got depressed with this work now. Its just a pain in the butt working on a bad product and play nice even though you know that it is bs. I was always looking at security as something I was interested in, but never would be good enough because you know..."hackers are always geniuses" which I am completely not. But reality is different and this really gave me the guts to go in this direction. The things I miss rn at my work as webapp dev is analyzing this system to a point of understanding, that one can actually design it a lot better...or break it which is way more fun since its thrilling. Also the lack of interest in technical depths (but not technical debts ;( ) is something that buggers me hardcore. Its even in front-end or wherever an ENGINEERING profession, and people at work talk sometimes about it like they know everything and just simply dont care about doing good work.
Thanks for this video Alexis! It helps me a lot going into this profession.
Man thank u so much, personnaly I had a very big problem organizing my learning resources cause I'm very new to the field... so thank u so much 🌹🌹
و الله يبارك فيك و يوفقك جزاك الله عنا كل خير 🌹🌹🌹🌹
This is great! Thank you for putting this together! I just completed a cybersecurity boot camp and want to work on building my experience to eventually become a pen tester/red teamer! For me the boot camp was very helpful because it has provided the fundamentals platform that I needed. I am transitioning careers from sales and operations. My goal is to become a pen tester/ red team within the next 5 yrs or sooner. This roadmap is excellent and provides so much clarity as to what I need to hone in on. Thank you!
Yo how is ur career now ?
Just starting into year two activities after having completed a cybersecurity bootcamp last year, now studying on my own this was a great reassurance to know im learning and have learned all relevant information
This was an awesome video. One of the best on the subject I've seen, probably the best. Thanks
Holy cow, this is the BEST roadmap video I have ever watched. And I watched alot lol
Thank you very much for being realistic. A perfect guide that builds self-awareness that we should avoid the
''how to" tutorials that somehow doesn't turn out to be a successful game changer.
Hey man, I hope you're doing well. Your videos have been of great help to me (:
Thank you very much for clearing things up. I am looking forward to get into pentesting
Thank You for this great information. The positive pressure is what I need.
Your the man! I appreciate your outlook on learning and your an amazing teacher!
Wow! Thank you so much for this. This is so valuable because I haven't seen anything like this anywhere yet. Like many other commenters I am 40 and kind of switching careers from elsewhere in technology. My old career I knew well. This side of the house I feel pretty lost. I know what I like to do. I had no idea how to get there and have been trying to figure that out. Now I have a reference to guide me somewhat. I will develop my own path I'm sure but this will help get me there. Thanks again!
3 Year Cybersecurity Roadmap
-----------------
YEAR 1
WINDOWS
Learn how to install, configure and administer Windows.
How Windows works and the various components that make up the operating system.
Learn how to secure and harden Windows. (CIS Benchmarks)
Get an understanding of how Windows passwords are hashes and stored.
Become comfortable with the Windows command line.
Learn how to setup and configure and Active Directory environment.
LINUX
Learn how to install, configure and administer Linux.
Learn how Linux works
Learn how to secure and harden Linux.
Become comfortable with the terminal.
Learn how to install and utilize various Linux distributions.
Vim, sed, awk and regex!
Please learn Git
SCRIPTING
Learn how to utilize PowerShell and write PS scripts.
Learn how to automate tasks on Linux by leveraging shell scripts.
Python! - Start simple and move on to developing
what interests you. Programming is about solving problems.
You cannot watch tutorials all the time, get a bit of knowledge
and analyze the codes, try to do your own project and solve problems.
NETWORKING
Understand the OSI model
Understand the common ports used by various services.
Learn how common protocols like HTTP, SSH, FTP, SMB etc work.
Learn how to analyze traffic, more specifically, how to analyze packets with tools like TCPDump and Wireshark.
Get some gear (routers, switches etc) and setup your own home network!
Learn how firewalls work. (Pfsense)
SECURITY FUNDAMENTALS
Security Concepts
Attacks, threats, vulnerabilities, risk etc.
CIA Triad
GRC
Infosec Terminology
Security Standards
CIS
NIST
-----------------
-----------------
YEAR 2
PENTESTING METHODOLOGIES & FRAMEWORKS
PTES (Penetration Testing Execution Standard)
MITRE ATT&CK
Cyber Kill Chain
OWASP Top 10
OWASP Security Testing Guide
Understand the industry standard methodologies used for pentests.
Analyze open source pentesting reports.
HOME LAB
Virtualization: VirtualBox & VMWare
DevOps: Docker & Kubernetes
Setup your own hacking lab: Kali/Parrot Box.
VulnHub, HackTheBox - Get your hands dirty with CTF challenges.
PENTESTING FUNDAMENTALS
Kali Linux Essentials - Kali Linux Revealed.
Netcat, SOCAT etc.
File transfers with Linux & Windows.
Passive Information Gathering & OSINT.
Active Information Gathering
Network & Port Scanning.
Enumeration.
Vulnerability Scanning.
EXPLOITATION & POST-EXPLOITATION
Metasploit, PowerShell-Empire.
Searching for and modifying exploits.
Develop your own Metasploit modules.
Client-side attacks.
Buffer Overflows.
Windows & Linux Exploitation (Services & CVEs).
Post-Exploitation Techniques.
Privilege Escalation.
Password cracking.
PRACTICE LIKE HELL!
CTFs
Research - Videos, books, blogs and writeups.
Identify your weak spots and level up!
Write your own pentesting reports for the CTF/boxes you pwn.
Start your own blog/channel.
Document and keep notes. (Build a personal knowledge base)
WEB APP PENTESTING & BUG BOUNTIES
Pwn vulnerable web apps.
Develop your own web app.
Watch everything from Jason Haddix & Nahamsec.
Web proxies (OWASP ZAP & Burp Suite).
Recon!
OWASP Top 10
Get started with Bug Bounties.
Read reports and blogs.
-----------------
-----------------
Year 3
PENTESTING & RED TEAMING
AV & EDR Evasion.
AD Penetration Testing.
Red Teaming TTPs.
Port Forwarding & Pivoting.
C2 Frameworks.
Phishing & Initial Access TTPs.
Resource Development.
ADVERSARY EMULATION
Analyze APT/Threat Group Ops.
Learn how to use EDRs and SIEMs to detect your attacks and understand the defender's perspective.
Manually & Automatically emulate APTs/Threat Groups.
REVERSE ENGINEERING
Assembly - x86 & x64
C, C++ & C#.
Binary Exploitation.
Debugging (IDA, Immunity, GDB)
-----------------
After all these subjects and years, are we still Juniors?
Starting my career in CS. Thanks a lot for such a detailed roadmap.
Hi Alexis. Thank you so much for this great video. I'm 50+ and looking to pivot into Cyber and I've been learning a lot but with no direction. After watching your video I now have a direction to go in and hopefully put things together finally. Please do create a Blue team video or bootcamp. I'm very interested in SOC and DFIR. Thanks for all your hard work.
Why are you changing career so late in your life ? just curious.
Dawn, that looks like a big project. Lets goo. Thank you very much for such a great video!
Wow, amazing video. I actually find myself learning a bunch of things that seem unrelated to each other so this video is really helpful. Thanks!!
Thank you for this. Looking forward to the Blue Team version.
Alexis, thank you so much for the video.
Really enjoyed this guide and I’m going to implement what I learned from here, specially because I’m trying to transition into cyber security.
Thank you so so much, am well guided. This is so helpful.
This is similar to the path i took, but in a different order. Valuable information
Awesome stuff!!! I'm starting cybersecurity degree this September and I'm already planning my time in the uni. Thx a lot 🔥🔥🔥
I am a student had a Bachelor in Computer Science and now I'm attending the Master in which I'll make some project about this topic. So, I would like to became an expert in this industry and your roadmap is very good. Thank you for sharing this knowledge with us!
Such a great video that gives much needed structure to this craft. Thank you for this content.
This vídeo is really fucc-k1ng good, congratulations bro
Thank you from Brazil
Why are you not adding video on RUclips 😢
you are the first person who see it! in the comment below no one else ask why he isn't making video anymore idk man
Looking forward for the Active Directory videos!!!! THANKS A LOT!
Hey Alex a long time without news
I have been in the IT field for over ten years, and I have purchased books, installed VMs, and earned certs. I still struggle but that comes from being impatient, but I enjoy the journey. I will say frustration is the companion of this study.
You can contact ⤴️🔝🔝 phoebe_hacker for being there with me when I was not able to access my wallet , I was having sleepless night, but all thanks to #Phoebe_hacker he's is such a genius
.
hi . I'm 45 year and I'll give this a shot.. your video motivated me
very thank full . & Awsome We get some screen shots from your video that i miss in my Study material so thank you for sharing.
Thanks brother for such a comprehensive roadmap.
Looking forward the blue team video thanks a lot man!!!
Hi Alexis , thank you soo much for this video, you always put your best efforts for cybersecurity enthusiasts like us. Thank you for everything ♥️
Thank you for this , this video is exactly what i needed .
Bro is been 9 months without uploading , you good?
You are amazing!... I am so impressed with you...subscribing.
Im 17 and you helping me to build my future ❤
hlww i am also of same age and wanna get into cyber security field can we get connected on linked???
Thank you very much for your lessons. Please continue the lessons. We learn very valuable information. 😊👏👏👏👏
As always very informative, great work
Where the hell is Alexis?
Thank you for the effort and the presentation.
Why haven’t you posted for the last 9 months?
Thanks for the video though, and for your time for putting this together. Had my own advantage from this one.
A very straight forward video sir but I am 2 years late for this video .. hope you have uploaded it 2 years before. But thank you so much sir it's a very helpful content like your all other videos
man im so gratefull to you thnx for all
I totally agree about not being bias with Linux, Windows and OSX, I use all three, although right now I'm reading windows internals, it's a very good book. I'm also reading about patch guard and hypervision.
You can contact ⤴️🔝🔝 phoebe_hacker for being there with me when I was not able to access my wallet , I was having sleepless night, but all thanks to #Phoebe_hacker he's is such a genius
Thanks a lot i was just being puzzled about this
First Viewed and liked video. Great video sir
The gold standard of info sec video makers
This was awesome, I can’t wait for the defense version. I am assuming that year 1 will be the same
I developed few exploits and someone from high school workshop made by company which invited some of the students where i was one of them, they stealed me exploit and got money from it, so i then on another workshop did backdoor exploit for their linux machines and i literally got into their base syscall systems inside of a root user and encrypted the whole company even their saves... By me it was positive pressure for them :)
Them as a company failed to cover backups so the company crashed.
Thanks a ton. Really valuable.
Great video, thank you!
Never give up! Never settle! Never quit!
yess I need a great guide like this one for blue teaming...also maybe suggest some certs and projects that we can put in our resume
thank you , you coverd everything
hey lexis i am watching this in 2024 and it is good I will take this to add in my roadmap and analysis to start a career in cyber security
😜😜🤪
Just in time, big thx🤝
Thank you so much for this video
Still waiting for the Blue Team version Alexis! 😍🤩😳🥺🥺
Where are you bro? Do not give up on your channel!
To learn this stuff, do you recommend books? Videos? Forums? Just Exploring?
I first tought of books.
Very useful advice thank you
Please can you do a video for Blue Team/Defence roadmap? Would really help a lot of us!
Looking forward to the Blue team series
thank you very much for the great content, i have one question. you said that it's gonna take 3 years. how many learning hours you think i should put in daily to finish this programe in 3 years ?.
Tysm . I wished you had talked about certifications. Which to focus etc.
I liked your video for how detailed it was and how many great tips on discipline and mindset towards learning new skills you gave. However I'd love it, if you provided some resources to the topics. Like for example where can I get the knowledge presented in the slides for Y1 Windows, Linux and Networking etc. To anyone reading: Do you guys have some good resources for each step or is it on us to find good learning sources?
This is a great guide!
this was exactly what i was looking for
Where are you man we need you come back 😐
Great roadmap !
Thank you for this plan explaination in cybersecurity descpline. And Could you please provide video to express how can I build the cyber security department and what is the division must be in this department with task and job description for each section that can apply in any organization small , medium and enterprise.