Skills and Career Roadmap for Cybersecurity Professionals.

Either you are planning or already into this domain, you can use this as your reference for various skill sets, job details, security concepts and general guidance. We will cover what are the skill sets, learning resources, job titles available, JDs etc. for cybersecurity folks. Cybersecurity covers all the security branches at present, so I would mention cybersecurity or security in this repo time to time.

Always remember no one is perfect and learning and unlearning every single day is the key for the success. Although in security domain what you need more is the patience and never give up attitude.

This github repo will cover below items:

1. Security concepts one should be aware
2. Common Technical skills one should learn
3. Career roadmaps per domain — what roles, skills, and paths each domain opens up:
   • Web Security Career Roadmap
   • API Security Career Roadmap
   • Network Security Career Roadmap
   • Software Security Career Roadmap
   • Cloud Security Career Roadmap
   • Container & Kubernetes Security Career Roadmap
   • DevSecOps Career Roadmap
   • Mobile Security Career Roadmap
   • IoT / ICS-OT Security Career Roadmap
   • SOC / Blue Team Career Roadmap
   • GRC & Privacy Career Roadmap
   • AI / ML Security Career Roadmap
   • Identity & Access Management (IAM) Career Roadmap
   • Cryptography Engineering Career Roadmap
   • Security Architecture & Leadership Career Roadmap
4. Cybersecurity Job Roles & Career Progression (central hub)
5. Cybersecurity Certifications
6. Cybersecurity Abbreviations
7. Cybersecurity Terminologies
8. Security Interview Questions — sister repo
9. Real-world JDs — see what employers actually ask for:
   • Application Security
   • Cloud Security
   • DevSecOps
   • AI / ML Security
   • GRC & Privacy
   • SOC / Blue Team
   • Network Security
   • Mobile Security
   • Penetration Testing / Red Team
   • IoT / ICS-OT Security
   • Security Architect

This repo focuses on what to learn and why — the sister repo jassics/security-study-plan gives you ticking-off study plans you can clone and grind through. Each domain page links to its matching plan.

Note: Blockchain / Web3, Automotive Security, and Hardware / Embedded Security deep pages are still pending. Contributions are welcome — see Contribute.md.

1. Read security-concepts.md and common-skills.md.
2. Open security-job-roles.md — it's the map of every domain and how they connect.
3. Pick one domain that excites you the most, and open that domain's roadmap (Web / Cloud / DevSecOps / etc.).
4. Match the skills/certs/tools listed in that roadmap to your current level (Entry / Mid / Senior).
5. Cross-check with real JDs — that tells you what employers want today.

If you think there's something that should be improved here, please create an issue.

1. Ask: The simplest way to excel in the security domain is ask for guidance whenever you have any doubt(s), but do your homework well before asking and don't encourage spoon feeding please.
2. Learn, make important notes and share: Learning is as important as brisk walking to your health. Keep yourself always updated, keep learning, make notes online/offline. And don't forget to share your learnings to make others also learn from people like you through blog, video, social media share whatever is easy for you.
3. Join security community newsletter: You cannot learn everything from every corner, so better subscribe to weekly/monthly security newsletter and be updated in that specific security topic/domain
4. Try to teach: If you want to understand something with clear mind, then try to teach that topic. You would learn a lot while preparing for that topic and would get good exposure in security community too. Present the topic in various security talks/conferences etc. Null chapter is the good place to start with.
5. Don't hesitate to buy books, it's the best investment: I still see people look for fre materials. I am not saying its bad, but would you work for free even for an hour? No right? So, if someone has spent time to author the book or tutorials, try to appreciate their efforts by buying it whenever possible for you. I would suggest to buy some important printed books which you would feel to refer now and then. Like Threat Modeling by Adam Shostack, WAHH by Stuttard Pinto, Secure Code, Real-World Cryptography by Davind Wong
6. Github can be one way to be updated and share your learnings: I have observed that majority of security professionals like to share their thoughts or collaborate with other like-minded people through a version control system and github is the most popular one for that. If you are not aware of git and got commands try My Github Basics course on Udemy (Ask for discount)
7. Be humble and help others: With my personal experience I am saying when you are humble and ready to help other you will get help from unknown faces too.That's Karma ;)
8. Don't look for shortcuts: Straight no to dumps, proxy interview, proxy certs etc.
9. Spend some bucks to upgrade your skills: Update yourself and learn the security concepts, subject etc from various online free or paid sources like youtube, coursera, udacity, acloud.guru, pluralsight, Linkedin Learn
10. Give credits to the author: If you learn something. Say thanks, like, share, comment subscribe whatever can be the way for gratitude.
11. Get yours hands dirty: This determines how much technical and in-depth understanding you have for your expertise area. Something new comes up, explore it, dig it further and practice in your local machine or in your personal cloud instance.
12. At last, Never Give up: Believe me you will need it the most to succeed in this domain. There would be time when you would be frustrated and would feel depressed even after giving too much in security. Learn not to give up, no matter whatever happens. Because you have chosen it out of your interest or passion, stick to it.

• Update README Page for final version
• Update Content to Common Skills page
• Cybersecurity Abbreviations
• Cybersecurity Certifications
• Cybersecurity Terminologies
• Add Content to Web Security page (career roadmap)
• Add Content to API Security page (career roadmap)
• Add Content to Cloud Security page (career roadmap)
• Add Content to Network Security page (career roadmap)
• Add Content to Software Security page (career roadmap)
• Add Content to DevSecOps page (career roadmap)
• Add Content to Container Security page (career roadmap)
• Add Content to AI Security career roadmap
• Expand Security Job Roles page into a career progression hub
• Add Content to Security Concepts page (deeper write-ups per concept)
• Add Cloud Security JDs
• Add DevSecOps JDs
• Mobile Security career roadmap
• IoT / ICS-OT Security career roadmap
• GRC / Privacy career roadmap (deep page)
• SOC / Blue Team career roadmap (deep page)
• Security Architect / Architecture career roadmap (domain-agnostic)
• Add JDs for AI Security, GRC, SOC, Network, Mobile, Pentest, Security Architect
• Add AI-augmented skills sections across domain roadmaps
• Add references to the security-study-plan repo
• Add Cryptography Engineering career roadmap
• Add Identity & Access Management (IAM) deep page
• Add JDs for IoT / ICS-OT roles
• Add Blockchain / Web3 Security career roadmap
• Add Automotive Security career roadmap
• Add Hardware / Embedded Security career roadmap
• Add JDs for IAM and Cryptography Engineering roles

Please refer the guidelines at contribute.md for details.

Thanks to the following folks who made contributions to this project.

Get your name listed here

List of Contributors