Your First Cybersecurity Roadmap

Goal

The goal isn’t to learn “everything”. The goal is to build a stack: fundamentals → practice → projects → repeat. This roadmap keeps you moving without getting lost.

Phase 1: Foundations (1–2 weeks)

• Linux basics: folders, permissions, processes, networking commands
• Networking basics: IP, DNS, HTTP/HTTPS, ports, TCP vs UDP
• Web basics: requests, cookies, sessions, headers, simple HTML forms

Phase 2: Web security essentials (2–4 weeks)

• OWASP Top 10 overview (don’t memorize, understand patterns)
• SQL Injection (how it happens, how to prevent)
• XSS basics (reflected vs stored, output encoding)
• Auth mistakes (weak passwords, missing rate limits, bad session handling)

Phase 3: Practice (ongoing)

Practice is where it sticks. Do labs, write notes, and track what you learned. Start with guided platforms and slowly move to harder challenges.

A clean weekly routine

Mon: Learn concept (30–60 min) + short notes
Tue: Lab practice (60–90 min)
Wed: Lab + writeup draft (30–60 min)
Thu: Review + fix gaps (30–60 min)
Fri: One challenge end-to-end + publish writeup

What to avoid (seriously)

• Tool-hopping without understanding basics
• Only watching videos (no practice)
• Copy-pasting payloads without knowing why they work
• Trying “advanced hacking” before learning HTTP + Linux permissions

Suggested first tools

Keep it simple at the beginning: Firefox/Chrome DevTools, Burp Suite, nmap, and Wireshark. Learn what each tool measures and why.

Next step

If you haven’t yet, read the SQLi post and then do 2–3 beginner web labs. The fastest progress happens when you’re consistent, not when you binge.