Security Study Plan

A Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on with free/paid resources, tools and concepts to excel.

It will cover but not limited to:

I got the idea of creating this repo after seeing coding-interview-security as it echoes the journey that I went through to get into the full-time security role.

I created this study plan to help people who are looking for guidance and help to plan and prepare for a job specific skill sets. If you study 3-4 hours per day for next 6 months, you can literally clear high rewarding jobs provided you do lots of hands-on and go through each necessary topic/concept more than thrice and you are from tech background. This actually worked in my case.

Please note that there are some topics that would be common for any listed security roles. Check common-skills-study-plan

I will try my level best to add study references from the beginners perspective but will have even advanced level coverage too.

All the best for your security journey!

What is it?

This is to give a study plan to prepare for a specific role. It is of course multi months hard work and dedication which needs a proper roadmap. Hence, this repo would be one point source for all your study plan.

Prerequisites:

Ready to devote time on daily basis
from tech background, else it can take little more time but still possible to make a career in cybersecurity.
Never give up attitude
Hacker Mindset
Ready to explore on your own

Please note that there are many job titles under each of these study plans, but I am keeping a generic study plan, so that you can tick out whichever you already know. This way you would know how much you know and how much you still need to learn to grow up the ladder.

Check out the YouTube video on "Cybersecurity Roadmap for Beginners" and "How to make a career in Cybersecurity". Then, you will have a better idea on why to use it and how to use this study plan for your preparation.

Why use it?

If you want to work as a security engineer, these are the skills/topics/concepts you need to know and learn thoroughly..

When I started learning security concepts, everything was new to me, and I wasted lots of time on google search, youtube videos, articles etc. to figure out what's required and what not. I am still learning as cybersecurity is evolving, so we must. My target is to keep this repo up to date, of course with the help of wonderful learners like you.

It takes time to be confident on some skills, treat it as a long plan. It may take months or sometimes a year too, but keep yourself motivated and don't stop learning. However, If you are familiar with a lot of topics already it will definitely take less time for you.

How to use it?

Everything below is like an outline, and you can tick out the items that you have already covered or know in order from top to bottom.

I'm using GitHub's special markdown flavor, including tasks lists to track progress. As a Cybersecurity professional, I would recommend you to learn git and clone this repo for your personal learning purpose.

Update your resume

Before updating or creating a resume for job, please check:

What job title you are trying for?
Do you fall in that experience range?
Check what skills it is looking for?
Check for job location or is it remote(work from home/anywhere)?

Now, prepare the resume based on above info and your skill sets. Try to be honest here. See, if you can finish your resume in 1-2 pages. Check 1 page resume from below links:

One page resume template from zety.com
Easy Resume
Various Security Resume sample from qwikresume.com
[How To Write a Security Engineer Resume (With Example)](How To Write a Security Engineer Resume (With Example))
Network Security Engineer Sample
Cloud Security Engineer Resume
AWS Security Engineer Resume
Lead DevSecOps Resume Example
Sr. DevSecOps Engineer Resume Example
Penetration Tester Consultant Resume Sample

Finding the right job

You might see hundreds of job openings, some may be from your dream company. But, once you closely look it doesn't match with your skills. It seems job title was little misleading and more of a generic description. Like security researcher or security analyst are just few examples. So, finetune and narrow down the job search with below websites but not limited to:

Which job title you are targeting?
What skills you have vs what skills JD requires?
Years of experience (range) is matching?

Now search or subscribe to below job portal:

Linkedin. Yes, now a days it's job alert setting does a better job in finding the right job for you.
Naukri.com (Mostly in Asian countries)
indeed.com
monster.com
instahyre.com
cutshort.io
Null Jobs Community
Cybersecurity Jobs
Interactive way to find jobs, skills, salary etc.

Interview Preparation

You can start preparing for the job interview once you have solid knowledge as per the checklist for given role(s). There are few common security questions which you should have a look at it:

Common Interview Questions

How you keep updated yourself in the security domain?
What would you do typically at the first day of your job?
What personal achievement are you most proud of?
What was your last tough vulnerability that you found?
Why should we hire you?
What did you learn in last 6 months and how was it relevant to your career/project?
Where do you see after 5 years working with this organization?

ToDo Updates

You can check some common answers from here

Let's contribute and grow this repo together

Want to contribute? Please fork the repo and send PR for review

jassics/security-study-plan

jassics

Reviews

Repository Details