/security-study-plan

Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

Security Study Plan

A Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps, and so on with free/paid resources, tools, and concepts to excel.

It will cover but not limited to:

Done

  1. Common Skills for Security Study Plan
  2. AWS Security Study Plan
  3. GCP Security Study Plan
  4. Web Penetration Testing Study Plan
  5. Application Security Testing Plan
  6. API Security Study Plan
  7. Threat Modeling Study Plan
  8. GRC Study Plan

ToDo

  1. Azure Security Study Plan
  2. DevSecOps Study Plan
  3. Docker Security Study Plan
  4. Kubernetes Security Study Plan
  5. Network Security Study Plan
  6. Cryptography Study Plan
  7. Software Supply Chain Security Study Plan
  8. Secure Code Review Study Plan
  9. Secure Software Development Lifecycle Study Plan
  10. Security Architecture Study Plan

I created this repo after seeing coding-interview-security, which echoes my journey to getting into the full-time security role.

I created this study plan to help people looking for guidance and help to plan and prepare for a job-specific skill set. If you study 3-4 hours per day for the next 6 months, you can get high-paying jobs, provided you do lots of hands-on work, go through each necessary topic/concept more than thrice, and come from a tech background. This worked in my case.

Tip

Please note that some topics would be common for any listed security roles. Check common-skills-study-plan

Note

I will add study references from the beginners' perspective and cover advanced-level topics. All the best for your security journey!

What is it?

This is to give a study plan to prepare for a specific role. It is of course multiple months of hard work and dedication which need a proper roadmap. Hence, this repo would be a point source for all your study plans.

Prerequisites:

  • Ready to devote time daily
  • from a tech background, it can take a little more time but still possible to make a career in cybersecurity.
  • Never give up attitude
  • Hacker Mindset
  • Ready to explore on your own

Please note that there are many job titles under each of these study plans, but I am keeping a generic study plan so that you can tick out whichever you already know. This way you would know how much you know and how much you still need to learn to grow up the ladder.

Check out the YouTube video on "Cybersecurity Roadmap for Beginners" and "How to make a career in Cybersecurity". Then, you will have a better idea of why to use it and how to use this study plan for your preparation.

Why use it?

If you want to work as a security engineer, these are the skills/topics/concepts you need to know and learn thoroughly..

When I started learning security concepts, everything was new to me, and I wasted lots of time on Google searches, YouTube videos, articles, etc. to figure out what was required and what was not. I am still learning as cybersecurity is evolving, so we must. My target is to keep this repo up to date, of course, with the help of excellent learners like you.

It takes time to be confident in some skills, treat it as a long plan. It may take months or sometimes a year too, but keep yourself motivated and don't stop learning. However, If you are familiar with a lot of topics already, it will take less time for you.

How to use it?

Everything below is like an outline, and you can tick out the items that you have already covered or know in order from top to bottom.

I'm using GitHub's special markdown flavor, including task lists to track progress. As a Cybersecurity professional, I would recommend you to learn git and clone this repo for your learning purposes.

Update your resume

Before updating or creating a resume for a job, please check:

  1. What job title are you trying for?
  2. Do you fall in that experience range?
  3. Check what skills it is looking for.
  4. Check for job location or is it remote(work from home/anywhere)?

Prepare your resume based on the above information and your skill sets. Could you try to be honest here? See if you can finish your resume in 1-2 pages. Check the 1-page resume below links:

  1. One page resume template from zety.com
  2. Easy Resume
  3. Various Security Resume sample from qwikresume.com
  4. How To Write a Security Engineer Resume (With Example)
  5. Network Security Engineer Sample
  6. Cloud Security Engineer Resume
  7. AWS Security Engineer Resume
  8. Lead DevSecOps Resume Example
  9. Sr. DevSecOps Engineer Resume Example
  10. Penetration Tester Consultant Resume Sample

Finding the right job

You might see hundreds of job openings, some of which may be from your dream company. But once you look closely, they don't match your skills. The job title was a little misleading and more of a generic description. Security researchers or security analysts are just a few examples. So, finetune and narrow down the job search with the below websites but not limited to:

  1. Which job title you are targeting?
  2. What skills do you have vs what skills JD requires?
  3. Are years of experience (range) matching?

Now search or subscribe to the job portal below:

  1. Linkedin. Yes, nowadays, the job alert setting does a better job in finding the right job for you.
  2. Naukri.com (Mostly in Asian countries)
  3. indeed.com
  4. monster.com
  5. instahyre.com
  6. cutshort.io
  7. Null Jobs Community
  8. Cybersecurity Jobs
  9. Interactive way to find jobs, skills, salary, etc.

Interview Preparation

You can start preparing for the job interview once you have solid knowledge according to the checklist for the given role(s). There are a few common security questions that you should have a look at:

  1. All possible security interview questions at one place
  2. Cybersecurity Interview Questions and Answers - Youtube
  3. Cybersecurity Questions and Answers by Springboard
  4. Cybersecurity Questions and Answers form indeed
  5. 100+ Q&A for Cybersecurity domain from guru99

Common Interview Questions

  • How do you keep updated yourself in the security domain?
  • What would you do typically on the first day of your job?
  • What personal achievement are you most proud of?
  • What was your last tough vulnerability that you found?
  • Why should we hire you?
  • What did you learn in the last six months, and how was it relevant to your career/project?
  • Where do you see after five years of working with this organization?

You can check some common answers from here

Let's contribute and grow this repo together

Want to contribute? Please fork the repo and send PR for review