Track 1: Foundations (Weeks 1-3)
Master the essential concepts every security professional must know. Build understanding of security principles, system architecture, and networking.
1. Introduction to Cybersecurity
Cybersecurity is the practice of protecting systems, networks, and data from theft or unauthorized access. Learn why cybersecurity matters, explore career paths in security, and understand the security landscape.
Key Concepts:
Confidentiality, Integrity, Availability (CIA) principles
Types of threats (malware, viruses, hackers, insiders)
Cybersecurity roles and career paths (Analyst, Engineer, Architect)
Security domains and specializations
Lab Exercise: Security Incident Analysis
Objective: Analyze a real security breach case study and identify vulnerabilities, impact, and lessons learned.
Scenario: Review the 2022 LastPass breach. Document what went wrong and what controls could prevent it.
Deliverable: 2-page incident report identifying attack vectors and mitigation strategies.
2. CIA Triad & Security Principles
The CIA Triad—Confidentiality, Integrity, Availability—is the foundation of information security. Every security measure you implement protects one or more of these pillars.
Key Concepts:
Confidentiality: protecting sensitive data from unauthorized access
Integrity: ensuring data hasn't been modified or tampered with
Availability: ensuring systems and data are accessible when needed
Non-repudiation, authenticity, and accountability principles
Trade-offs between security and usability
Lab Exercise: CIA Triad Mapping
Task 1: Map CIA violations to common attacks (SQL injection, DDoS, ransomware)
Task 2: Design security controls for healthcare system protecting patient records
Task 3: Identify conflicts between CIA pillars
3. Hardware & Operating Systems
Understanding computer hardware and OS architecture is critical to securing systems. Learn how systems work and where attackers target vulnerabilities in CPUs, memory, and OS kernels.
Hardware Topics:
CPU, RAM, storage, and peripheral security
BIOS/UEFI firmware security and Trusted Platform Module (TPM)
Hardware-based attacks (cold boot, DMA attacks)
Operating System Topics:
Windows, Linux, and macOS security models
User vs. kernel mode and privilege escalation
Access control lists (ACLs) and permissions
File system security and encryption
Lab Exercise: OS Hardening & Access Control
Lab 1: Set up Windows and Linux VMs. Configure users, groups, and file permissions.
Lab 2: Simulate privilege escalation attacks and implement mitigations.
Lab 3: Enable BitLocker/LUKS encryption and test system boot security.
4. Networking Fundamentals
Networks are everywhere. Master TCP/IP, OSI model, DNS, DHCP, and protocols. Essential knowledge for understanding network attacks and defenses.
Core Topics:
OSI Model (7 layers) and TCP/IP model
IP addressing (IPv4, IPv6, subnetting, CIDR)
DNS, DHCP, and ARP protocols
TCP and UDP protocols, ports, and sockets
HTTP/HTTPS, FTP, SSH, Telnet protocols
Network troubleshooting tools (ping, tracert, netstat)
Lab Exercise: Network Analysis & Packet Capture
Lab 1: Use Wireshark to capture and analyze network traffic. Identify protocols and packets.
Lab 2: Set up home lab network with multiple subnets. Practice subnetting calculations.
Lab 3: Analyze DNS queries and responses. Understand DNS tunneling attacks.
5. Network Devices & Architecture
Learn how networks are built using switches, routers, firewalls, proxies, and load balancers. Understanding infrastructure is crucial for implementing security controls.
Network Devices:
Switches (Layer 2) and VLAN configuration
Routers (Layer 3) and routing protocols
Firewalls (stateful, next-gen) and proxies
Load balancers and WAF (Web Application Firewalls)
DMZ design and network segmentation
Lab Exercise: Network Design & Segmentation
Challenge: Design a secure network for a company with 500 employees and public web server.
Requirements: Segment using VLANs, implement DMZ, configure firewall rules.
Tools: Use Cisco Packet Tracer or GNS3 for simulation.
6. Network Security Fundamentals
Protect networks from attacks. Learn firewalls, intrusion detection/prevention, network monitoring, and defense strategies. Connect to advanced defensive topics.
Key Topics:
Stateful vs. stateless firewalls
Firewall rules, ACLs, and policy implementation
Network segmentation and zero-trust principles
Intrusion Detection Systems (IDS) basics
Network monitoring and common network attacks
Lab Exercise: Firewall Configuration & Packet Filtering
Lab 1: Configure Windows Firewall / Linux iptables for port and protocol filtering.
Lab 2: Set up pfSense or Sophos XG firewall and create ACL rules.
Lab 3: Simulate ARP spoofing attack and detect it using Wireshark.
Related Entry-Level Roles:
Security Analyst (NOC/SOC)
Network Security Technician
Junior Penetration Tester
Track 2: Threats & Attacks (Weeks 4-6)
Learn how attackers operate. Understanding threats, attack vectors, and exploitation is essential for building effective defenses. Analyze malware, social engineering, and web attacks.
1. Malware Types & Analysis
Malware is malicious software designed to harm systems. Learn to identify, classify, and analyze different malware families including viruses, worms, trojans, ransomware, and spyware.
Malware Categories:
Viruses, Worms, Trojans, Ransomware, Rootkits, Spyware, Botnets
Static analysis (file signatures, hashing)
Dynamic analysis (sandbox execution)
Reverse engineering basics
Lab Exercise: Malware Analysis Lab
Lab 1: Use VirusTotal and hybrid-analysis.com to analyze suspicious files safely.
Lab 2: Set up isolated sandbox (Cuckoo) and execute controlled malware samples.
Lab 3: Write malware detection script using hash signatures and heuristics.
WARNING: Only analyze in isolated environments!
2. Social Engineering & Human Attacks
Humans are often the weakest link in security. Social engineering exploits human psychology to bypass technical controls. Learn tactics and build organizational resilience.
Attack Techniques:
Phishing, Spear phishing, Whaling attacks
Pretexting, Baiting, Tailgating/Piggybacking
Business email compromise (BEC)
Defense Strategies:
User awareness training and education
Email filtering and authentication (SPF, DKIM, DMARC)
Multi-factor authentication (MFA)
Lab Exercise: Social Engineering Simulation
Lab 1: Create phishing emails and test organization's awareness (with permission).
Lab 2: Document test results and develop training recommendations.
Lab 3: Analyze real phishing emails and identify red flags for users.
3. Password Attacks & Credential Theft
Passwords are the primary authentication method. Learn how attackers crack passwords and steal credentials. Master password security best practices.
Attack Methods:
Brute force, Dictionary attacks, Rainbow tables
Credential stuffing, Keylogging, Default credentials
Defense Mechanisms:
Password hashing (bcrypt, Argon2, scrypt)
Salting and pepper techniques
Password policies, MFA, Password managers
Lab Exercise: Password Cracking & Hardening
Lab 1: Use Hashcat or John the Ripper to crack weak password hashes.
Lab 2: Implement proper password hashing in web application using bcrypt.
Lab 3: Use Have I Been Pwned API to check if accounts are in breaches.
4. Web Application Security
Web applications are frequent attack targets. Learn OWASP Top 10 vulnerabilities, identify them, and code securely. Crucial for developers and security testers.
OWASP Top 10 Vulnerabilities:
Injection (SQL, Command, LDAP)
Broken Authentication, Cross-Site Scripting (XSS)
Insecure Direct Object References (IDOR), Misconfiguration
Sensitive Data Exposure, Broken Access Control, CSRF
Using Components with Known Vulnerabilities, Insufficient Logging
Lab Exercise: Web Application Penetration Testing
Lab 1: Complete OWASP WebGoat - interactive tutorials for vulnerabilities.
Lab 2: Hack DVWA (Damn Vulnerable Web Application) - exploit vulnerabilities.
Lab 3: Write secure code examples fixing vulnerabilities in Python/PHP.
Lab 4: Use Burp Suite Community to test practice web app.
5. Security Tools & Technologies
Learn the security tools used in real SOCs and security operations. Understand antivirus, endpoint protection, email security, web gateways, and defensive technologies.
Defensive Tools:
Antivirus and anti-malware solutions
Endpoint Detection & Response (EDR)
Email security gateways and DLP
Web security gateways, SIEM, Network IPS
Vulnerability scanning tools
Lab Exercise: Security Tools Setup
Lab 1: Install and configure open-source tools (Snort, Suricata) for intrusion detection.
Lab 2: Set up Splunk/ELK Stack for log aggregation and analysis.
Lab 3: Practice identifying anomalies in security logs and tool outputs.
6. Vulnerability Scanning & Assessment
Vulnerability scanning identifies weaknesses before attackers do. Learn to use scanning tools, interpret results, and prioritize remediation. Core daily task for security professionals.
Key Concepts:
Authenticated vs. unauthenticated scanning
Network and web application scanning
Configuration auditing, CVSS scoring system
Remediation prioritization, False positives and tuning
Lab Exercise: Vulnerability Scanning Workflow
Lab 1: Use Nessus or Qualys (free trials) to scan vulnerable test system.
Lab 2: Analyze results: prioritize by CVSS, identify false positives, create remediation plan.
Lab 3: Document findings in professional vulnerability assessment report.
Lab 4: Re-scan after patching to verify remediation.
Related Roles:
Vulnerability Analyst
Security Assessment Engineer
Incident Response Analyst
Track 3: Defense & Cryptography (Weeks 7-9)
Build the defensive systems that protect against attacks. Learn system hardening, cryptography, incident response, and forensics. Critical for security engineers and incident responders.
1. System Hardening
Hardening reduces attack surface by disabling unnecessary services, applying configurations, and enforcing baselines. Master Windows, Linux, and application hardening.
Hardening Methods:
Disabling unnecessary services and ports
Removing unnecessary software and drivers
Applying security patches and updates
Configuring local firewalls
Enforcing strong authentication
Disabling default accounts, Security baselines (CIS Benchmarks)
Lab Exercise: Windows and Linux Hardening
Lab 1: Harden Windows Server using CIS Benchmarks and Group Policy.
Lab 2: Harden Linux server - disable SSH password auth, configure firewall.
Lab 3: Use Lynis to audit Linux security and implement recommendations.
2. Firewalls & Intrusion Detection
Firewalls enforce security policies at network boundaries. IDS detects malicious activity. Learn both technologies and how they work together in modern defense.
Firewall & IDS/IPS:
Stateful inspection firewalls
Next-gen firewalls (NGF) with application awareness
Host-based firewalls (Windows Defender, iptables)
Signature-based and Anomaly-based detection
Snort and Suricata rules, False positive tuning
Lab Exercise: Firewall & IDS Lab
Lab 1: Deploy Snort or Suricata IDS and tune detection rules.
Lab 2: Create firewall rules for three-tier application architecture.
Lab 3: Test IDS effectiveness by simulating attacks and verifying detection.
3. Cryptography & Encryption
Cryptography protects data confidentiality and integrity. Understand symmetric and asymmetric encryption, hash functions, digital signatures, and certificates. Critical for secure communications.
Core Concepts:
Symmetric encryption (AES, DES, 3DES)
Asymmetric encryption (RSA, ECC)
Hash functions (MD5, SHA-1, SHA-256)
Digital signatures and certificates
Public Key Infrastructure (PKI), TLS/SSL protocols
End-to-end encryption and key exchange
Lab Exercise: Cryptography Implementation
Lab 1: Encrypt and decrypt data using OpenSSL with AES and RSA.
Lab 2: Generate CSRs, create self-signed certificates, set up TLS on web server.
Lab 3: Write Python scripts using cryptography library for encryption/decryption.
Lab 4: Analyze SSL/TLS handshakes using Wireshark.
4. VPN & Secure Communications
Virtual Private Networks create secure tunnels over untrusted networks. Learn VPN protocols, remote access solutions, and site-to-site connectivity for hybrid work environments.
VPN Technologies:
IPSec protocol and configuration
SSL/TLS VPN
OpenVPN setup and management
VPN authentication and encryption
Site-to-site and remote access VPNs
Lab Exercise: VPN Configuration
Lab 1: Set up OpenVPN server and client, establish encrypted connection.
Lab 2: Configure IPSec VPN between networks using Strongswan or pfSense.
Lab 3: Test VPN performance, encryption strength, split tunneling configurations.
5. Incident Response
When attacks happen, incident response teams act. Learn the lifecycle: preparation, detection, analysis, containment, eradication, and recovery.
IR Phases:
Preparation - tools, playbooks, team training
Detection & Analysis - identifying incidents
Containment - stopping the attack
Eradication - removing the threat
Recovery - restoring systems
Post-incident review - lessons learned
Lab Exercise: Incident Response Simulation
Scenario: Ransomware detected on file server - develop response plan.
Tasks: Document findings, create remediation steps, prepare executive report.
Tools: Use YARA rules for malware detection, write incident summary report.
6. Digital Forensics
Digital forensics recovers and analyzes evidence from digital devices. Essential for incident investigation, legal proceedings, and understanding attacks. Maintain chain of custody.
Forensic Techniques:
Evidence acquisition and preservation
Memory forensics and dumps
Disk imaging and recovery
File system analysis
Log analysis and timeline reconstruction
Chain of custody documentation
Lab Exercise: Forensic Investigation
Lab 1: Use Autopsy to analyze disk image and recover deleted files.
Lab 2: Analyze memory dumps using Volatility for malware and artifacts.
Lab 3: Reconstruct user activity timeline from Windows/Linux logs.
Career Paths:
Incident Response Engineer
Forensics Analyst
SOC Analyst (Level 2-3)
Threat Hunter
Track 4: Governance, Cloud & Certifications (Weeks 10-12)
Master the business side of security. Learn compliance, risk management, cloud security, and advanced topics. Prepare for industry certifications to advance your career.
1. Cloud Security
Cloud platforms (AWS, Azure, GCP) require different security approaches. Learn cloud-specific threats, shared responsibility model, and secure cloud infrastructure and applications.
Cloud Concepts:
Shared responsibility model
Cloud service models (IaaS, PaaS, SaaS)
Cloud-specific threats (misconfiguration, data exposure)
Identity & access management (IAM) in cloud
Network security in cloud, Container security
Storage encryption and CloudTrail logging
2. Risk Management & Assessment
Organizations manage security risk through frameworks like NIST, ISO 27001, and COBIT. Learn to conduct risk assessments, quantify risk, and develop mitigation strategies aligned with business goals.
Core Concepts:
Risk identification and quantification
Threat modeling (STRIDE, PASTA)
Risk scoring and prioritization
Risk mitigation strategies
Security frameworks (NIST, ISO 27001, CIS Controls)
Compliance requirements (GDPR, HIPAA, PCI-DSS)
3. Penetration Testing
Penetration testers simulate real attacks to find vulnerabilities before attackers do. Advanced role combining technical skills from all tracks into comprehensive security assessments.
PT Phases:
Scoping and rules of engagement
Reconnaissance & footprinting
Scanning and enumeration
Vulnerability exploitation
Post-exploitation and lateral movement
Reporting and remediation guidance
4. Wireless & Physical Security
Wireless networks and physical infrastructure face unique threats. Learn WiFi security, RF attacks, and physical access controls. Essential for comprehensive security strategy.
Wireless & Physical Security:
WiFi standards (802.11 evolution)
WEP, WPA, WPA2, WPA3 encryption
WiFi cracking and attack tools
Rogue access points and MITM attacks
Access control systems, CCTV, Data center security
Facility hardening and perimeter security
5. Governance, Compliance & Legal
Security operates within legal and regulatory frameworks. Learn data protection laws, compliance requirements, incident notification, and align security with business and legal obligations.
Regulations & Governance:
GDPR (EU data protection)
CCPA (California privacy)
HIPAA (healthcare), PCI-DSS (payment card industry)
SOC 2 and SOC 3 compliance, ISO 27001 certification
Security policies and procedures
Incident notification, Data classification, Third-party risk management
6. Security+ Capstone Exam Prep
CompTIA Security+ certification validates skills across all domains. This capstone covers exam domains, practice questions, and strategies to ensure you pass and are truly job-ready.
Exam Domains (CompTIA Sec+):
Domain 1: Threats, Attacks & Vulnerabilities
Domain 2: Architecture & Design
Domain 3: Implementation
Domain 4: Operations & Incident Response
Domain 5: Governance, Risk & Compliance
Exam Prep Activities
Activity 1: Complete Security+ practice exams (80%+ to pass real exam).
Activity 2: Study Security+ flashcard sets (Quizlet, Anki).
Activity 3: Review weak areas with practice questions.
Activity 4: Take full-length practice test under exam conditions.
Activity 5: Get certification and list on LinkedIn/resume.
After Completing All Tracks:
Entry-level Security Analyst roles
SOC Analyst positions
Junior Penetration Tester
Systems Administrator with security focus
Security Technician, Compliance Analyst