2026 Edition

The complete path — no shortcuts

Cyber
Security
Engineer

From networking basics to ethical hacking and cloud security in 2026. Networking, Linux, penetration testing, SOC, threat intelligence — everything you need with free YouTube resources for every phase.

"Cybercrime costs the world $10.5 trillion annually. The engineer who can find vulnerabilities before attackers do — and defend systems at scale — is the most critical hire in any organization."

— The Boring Education Team

10–14

Months to job-ready

10

Phases to master

40+

Free YT resources

3.5M

Unfilled jobs globally

Foundation Layer

Start Here — Networking, Linux & Core Concepts

1

Weeks 1–4

Phase 01 · Networking Fundamentals

The Network Every Security Engineer Must Understand

Security lives on the network. You must deeply understand how data moves. Study the OSI & TCP/IP models: all 7 layers and what happens at each. Learn IP addressing: subnetting, CIDR, NAT, private vs public IPs. Understand core protocols: DNS, DHCP, HTTP/S, FTP, SSH, SMTP. Study routing & switching: VLANs, ARP, routing tables. Learn Wireshark to inspect packets live. Without networking, you cannot understand attacks.

Non-negotiable OSI Model TCP/IP DNS / DHCP Subnetting HTTP/S Wireshark Protocols

Computer Networking Full Course – freeCodeCamp OSI Model Explained – NetworkChuck Subnetting Mastery – Professor Messer Wireshark Tutorial – David Bombal

2

Weeks 2–6

Phase 02 · Linux for Security

Linux — The Operating System of Hackers & Defenders

90% of security tools run on Linux. Master it. Learn Kali Linux — the standard security distribution. Understand the filesystem hierarchy, permissions, and user management. Get fluent in the command line: grep, awk, sed, netstat, ps, find, chmod, cron. Learn Bash scripting to automate tasks and write simple exploits. Set up a home lab with VirtualBox or VMware. Practice daily — security engineers live in terminals.

Core OS Kali Linux Bash scripting File permissions Cron / Systemd grep / awk / sed VirtualBox lab SSH

Linux Full Course – freeCodeCamp Kali Linux for Beginners – NetworkChuck Bash Scripting – freeCodeCamp Home Lab Setup – John Hammond

3

Weeks 5–10

Phase 03 · Security Fundamentals & Cryptography

Core Security Principles — CIA Triad, Encryption & PKI

Every security decision flows from first principles. Master the CIA Triad: Confidentiality, Integrity, Availability. Understand cryptography: symmetric (AES), asymmetric (RSA, ECC), hashing (SHA-256, MD5), digital signatures. Study PKI: certificates, CAs, TLS/SSL handshake. Learn authentication models: MFA, OAuth, SAML, zero-trust. Study common vulnerabilities: OWASP Top 10, CVE system, attack surface analysis. These are the building blocks every certification tests.

Core concepts CIA Triad AES / RSA / ECC TLS/SSL PKI OWASP Top 10 OAuth / SAML Zero-trust

Cryptography Full Course – freeCodeCamp OWASP Top 10 Explained – David Bombal TLS & PKI Explained – Professor Messer Zero Trust Security – NetworkChuck

🔐

Build a home lab from day one. Cybersecurity is 100% hands-on. Install VirtualBox, spin up Kali Linux and a vulnerable target (Metasploitable, DVWA). Practice packet capture with Wireshark. Every concept you learn must be tested in a real environment — reading about attacks without executing them in a lab is nearly worthless.

Offensive & Defensive Skills

Ethical Hacking & SOC / Incident Response

4

Weeks 8–18

Phase 04 · Ethical Hacking & Penetration Testing

Nmap, Metasploit, Burp Suite & the Hacker Toolkit

Ethical hacking means thinking like an attacker to defend systems. Master the pentest methodology: Reconnaissance → Scanning → Exploitation → Post-exploitation → Reporting. Learn Nmap for network scanning and service enumeration. Use Metasploit Framework to exploit known CVEs. Master Burp Suite for web application attacks: SQLi, XSS, IDOR, SSRF. Practice on HackTheBox & TryHackMe legally. Learn privilege escalation on Linux & Windows. This is the most exciting and employable skill set.

Offensive security Nmap Metasploit Burp Suite SQLi / XSS HackTheBox TryHackMe Privilege escalation

Ethical Hacking Full Course – freeCodeCamp Metasploit Tutorial – David Bombal Burp Suite Full Course – TCM Security HackTheBox Getting Started – IppSec Nmap for Hackers – NetworkChuck

5

Weeks 16–28

Phase 05 · SOC, SIEM & Incident Response

Defensive Security — Detect, Respond & Recover

Most entry-level jobs are in Security Operations Centers. Learn SOC workflows: log analysis, alert triage, escalation. Master SIEM tools: Splunk and Microsoft Sentinel — write detection rules, parse logs, build dashboards. Study incident response: the IR lifecycle (Prepare → Identify → Contain → Eradicate → Recover → Lessons Learned). Learn digital forensics basics: disk imaging, memory dumps, timeline analysis. Understand threat intelligence frameworks: MITRE ATT&CK, Cyber Kill Chain, Diamond Model.

Defensive security Splunk Microsoft Sentinel MITRE ATT&CK Incident response Log analysis Digital forensics Threat intelligence

Splunk Full Course – freeCodeCamp MITRE ATT&CK Framework – John Hammond Incident Response Tutorial – Gerald Auger SOC Analyst Full Course – TCM Security Digital Forensics – 13Cubed

🎯

Do TryHackMe before HackTheBox. TryHackMe is guided and beginner-friendly — guided rooms walk you through attacks step by step. Once you finish the Jr Penetration Tester path on TryHackMe, move to HackTheBox. Completing 20+ machines on HTB is more impressive on a resume than most certifications.

Cybersecurity Specialization Tracks — Pick Your Path

Track	Focus Area	Key Tools	Companies Hiring
Penetration Testing	Offensive security, red teaming, bug bounty	Metasploit, Burp Suite, Cobalt Strike	Consultancies, bug bounty programs
SOC / Blue Team	Detection, SIEM, threat hunting, IR	Splunk, Sentinel, Elastic SIEM	Every enterprise, MSSPs, government
AppSec / DevSecOps	Secure SDLC, code review, SAST/DAST	Snyk, SonarQube, OWASP ZAP	Tech companies, fintech, startups
Cloud Security	AWS/Azure/GCP security, IAM, compliance	AWS GuardDuty, Prisma Cloud, CSPM	Cloud-native companies, Big Tech

Cloud Security & DevSecOps

Cloud Security & Securing the Development Pipeline

6

Weeks 24–34

Phase 06 · Cloud Security

AWS / Azure / GCP Security, IAM & Misconfiguration Attacks

The majority of breaches in 2026 are cloud misconfigurations. Learn AWS security fundamentals: IAM roles, policies, least privilege, S3 bucket security, VPC security groups, CloudTrail logging. Understand cloud attack patterns: IAM privilege escalation, metadata service exploitation (SSRF), public S3 buckets, exposed keys. Study cloud security tools: AWS GuardDuty, Security Hub, CloudWatch. Learn Terraform to provision secure infrastructure as code. Practice with CloudGoat (intentionally vulnerable AWS) and flaws.cloud.

Most in-demand 2026 AWS IAM CloudTrail GuardDuty S3 security CloudGoat Terraform CSPM tools

AWS Security Full Course – freeCodeCamp Cloud Pentesting – HackerSploit AWS IAM Deep Dive – TechWorld with Nana Terraform for Security – freeCodeCamp Azure Security Center – John Savill

7

Weeks 28–38

Phase 07 · DevSecOps & Secure SDLC

Shift Left — Security in CI/CD, Docker & Kubernetes

Modern engineering teams ship daily — security must be embedded in the pipeline. Learn SAST & DAST: static code analysis with Snyk, SonarQube; dynamic scanning with OWASP ZAP. Master Docker security: image scanning, non-root containers, secrets management. Study Kubernetes security: RBAC, network policies, pod security standards, kube-bench. Build secure CI/CD pipelines with GitHub Actions: dependency scanning, secret detection (GitLeaks, truffleHog). Understand secrets management: HashiCorp Vault, AWS Secrets Manager.

Production-grade Snyk / SonarQube OWASP ZAP Docker security Kubernetes RBAC HashiCorp Vault GitLeaks GitHub Actions

DevSecOps Pipeline – TechWorld with Nana Docker Security – HackerSploit Kubernetes Security – freeCodeCamp HashiCorp Vault Tutorial – NetworkChuck OWASP ZAP Tutorial – David Bombal

☁️

Get AWS Security Specialty certified. Cloud security is the #1 growth area in 2026. The AWS Certified Security Specialty is one of the most valued certs on any resume — it signals you can secure real production environments. Pair it with hands-on CloudGoat labs and flaws.cloud challenges. Employers hire for this immediately.

Top Security Certifications — Priority Order

Certification	Best For	Difficulty	Average Salary Boost
CompTIA Security+	Entry-level, foundational knowledge, DoD baseline	Beginner	Entry to $75K–$95K
eJPT (eLearnSecurity)	Hands-on pentest entry cert, practical focus	Beginner–Mid	Opens pentest roles
OSCP (OffSec)	Industry gold standard for penetration testing	Hard	$110K–$160K+
AWS Security Specialty	Cloud security, high ROI, fastest growing demand	Intermediate	$115K–$155K+

Specialization & Advanced Security

Malware Analysis, Red Teaming & AI Security

8

Month 7–10 (Specialization)

Phase 08 · Malware Analysis & Reverse Engineering

Understand Malware — Static, Dynamic & Code Analysis

Malware analysts are among the highest-paid specialists. Learn static analysis: examine malware without executing — strings, PE headers, imports, YARA rules with tools like PEstudio, Detect-It-Easy. Learn dynamic analysis: run malware in sandboxes (Cuckoo, AnyRun, VirusTotal) and observe behavior. Study reverse engineering basics: x86/x64 assembly, using Ghidra (free) and IDA Pro. Understand common malware families: ransomware, RATs, rootkits, botnets. Practice on MalwareBazaar samples in isolated VMs.

High-value specialization Ghidra YARA rules Cuckoo Sandbox x86 Assembly PEstudio MalwareBazaar AnyRun

Malware Analysis – OALabs Ghidra Full Course – HackTheBox Reverse Engineering – LiveOverflow YARA Rules Tutorial – 13Cubed Assembly for Hackers – OpenSecurityTraining

9

Month 9–12 (Cutting Edge)

Phase 09 · Red Teaming, AI Security & Threat Intelligence

Advanced Adversary Simulation & AI-Era Threats

In 2026, red teaming and AI threats are the frontier. Learn advanced red teaming: C2 frameworks (Cobalt Strike, Sliver, Havoc), Active Directory attacks (Kerberoasting, Pass-the-Hash, BloodHound), lateral movement. Study AI security: prompt injection attacks on LLMs, adversarial ML, securing AI APIs, model extraction threats. Learn threat intelligence: OSINT techniques, threat actor profiling, indicators of compromise (IOCs), intelligence platforms (MISP, OpenCTI). Study GRC: ISO 27001, NIST CSF, SOC 2, GDPR compliance basics.

Frontier skills Cobalt Strike / Sliver Active Directory attacks BloodHound AI / LLM security OSINT MISP / OpenCTI ISO 27001 / NIST

Active Directory Attacks – TCM Security BloodHound Tutorial – The Cyber Mentor OSINT Techniques – IntelTechniques AI Security & Prompt Injection – Simon Willison

Essential Security Lab Platforms

🎯 TryHackMe

Guided, browser-based learning paths. Complete "Jr Penetration Tester" and "SOC Level 1" paths. Ideal starting point — no setup required. Free tier is enough to get hired.

tryhackme.com

⚔️ HackTheBox

Industry-standard CTF platform for penetration testing. Completing 20+ machines on HTB Pro Labs rivals many certifications. The go-to signal for pentest employers.

hackthebox.com

🌩️ CloudGoat (Rhino Security)

Intentionally vulnerable AWS environment to practice cloud attacks and misconfigurations. The best free resource for learning AWS pentesting and cloud attack chains hands-on.

github.com/RhinoSecurityLabs/cloudgoat

🐛 DVWA / VulnHub

Damn Vulnerable Web Application for web security practice. VulnHub provides downloadable vulnerable VMs for offline practice. Essential for web app hacking fundamentals.

dvwa.co.uk vulnhub.com

Endgame

Portfolio, Bug Bounty & Getting Hired

10

Month 10–14 (Interview Prep)

Phase 10 · Interview Ready

Bug Bounty + CTFs + Security Interviews

Security interviews test three things: technical knowledge (explain how a SQL injection works, describe the TLS handshake, what happens in a Pass-the-Hash attack), hands-on skills (solve a packet capture challenge, find a vulnerability in a given web app), and scenario-based thinking (walk me through how you'd respond to a ransomware attack). Build your portfolio: complete 3 TryHackMe learning paths, solve 10+ HackTheBox machines, submit at least one valid bug bounty report on HackerOne or Bugcrowd, and write technical writeups on each CTF. Host writeups on a personal blog or GitHub.

Job-ready Bug bounty (HackerOne) CTF writeups Security certs GitHub portfolio Technical blog IR scenario prep LinkedIn presence

Bug Bounty for Beginners – NahamSec Security Interview Prep – TCM Security How to Write CTF Writeups – John Hammond Landing Your First Cyber Job – Gerald Auger

Skill Map

What to Learn & When — Full Timeline

🟥 Month 1–4

Networking (OSI, TCP/IP)

Linux & Bash scripting

Cryptography & PKI

OWASP Top 10

Wireshark packet analysis

Kali Linux & home lab

CompTIA Security+ prep

🟧 Month 5–9

Nmap & Metasploit

Burp Suite & web attacks

TryHackMe / HackTheBox

Splunk / SIEM

Incident response lifecycle

AWS security & IAM

Docker & Kubernetes security

🟩 Month 10–14

Malware analysis & Ghidra

Active Directory attacks

Red teaming & C2 frameworks

AI & LLM security

Bug bounty submissions

OSCP / AWS Security cert

CTF writeups & blog

Daily Routine

The Boring Security Routine That Works

Read one security news item — Krebs on Security, The Hacker News, or SANS Internet Storm Center

1 hour of hands-on lab — TryHackMe room, HTB machine, or CTF challenge

Practice one tool or command in your home lab — Nmap scan, Wireshark analysis, Splunk query

Write down one attack technique you don't fully understand — research and test it tomorrow

Share one writeup, tool, or insight on LinkedIn or X to build your security brand

Master Resource List

Best Free YouTube Channels for Cybersecurity

📺 NetworkChuck

Chuck's high-energy style makes networking, Linux, Kali, and cloud security genuinely fun. His "hacking" series and certifications prep content is perfect for absolute beginners. Start here.

@NetworkChuck

📺 The Cyber Mentor (TCM Security)

Heath Adams is the gold standard for practical penetration testing education. His free "Practical Ethical Hacking" course on YouTube is better than many paid courses. Essential viewing.

@TCMSecurityAcademy

📺 John Hammond

CTF walkthroughs, malware analysis, and security challenges explained clearly. Exceptional for building hands-on skills and understanding real-world attack techniques used in competitions.

@_JohnHammond

📺 David Bombal

Networking, ethical hacking, Python for security, and Cisco content at an exceptional quality level. His Wireshark, Nmap, and network security tutorials are class-defining resources.

@davidbombal

📺 LiveOverflow

Deep technical content on binary exploitation, web security, CTF methodology, and how vulnerabilities actually work under the hood. Required watching for anyone going beyond surface-level hacking.

@LiveOverflow

📺 IppSec

The definitive HackTheBox walkthrough channel. Every retired machine explained methodically, showing exactly how professional pentesters think and enumerate. Watch alongside HTB practice.

@ippsec

Tools by TBE — Use These

DSA Yatra — Daily practice Prep Yatra — Interview tracker Tech Yatra — Learning roadmaps Resume Yatra — ATS-ready resume Shiksha — Free courses YouFocus — Distraction-free YT Interview Prep — Question banks Community — Peer learning

Your Cybersecurity Journey Starts Now 🔐

The people defending the world's systems started exactly where you are.
Consistency over 12 months beats raw talent every single time. Start today.

→ theboringeducation.com

Find Us Everywhere