Progressive Curriculum
Foundations (0 → 1 month)
- Basic computer and networking concepts (IP, DNS, HTTP/S).
- Intro to security principles: CIA triad, least privilege, attack surface.
- Basic Linux command line and Windows essentials.
- Safe online habits: phishing recognition, password hygiene, MFA.
Applied Basics (1 → 3 months)
- Intro to web security (OWASP Top 10) and simple vulnerability testing.
- Intro to packet inspection (Wireshark) and basic network scanning (Nmap).
- Hands-on: build a lab with a VM and intentionally vulnerable app (e.g., Juice Shop).
Intermediate (3 → 9 months)
- Secure coding basics and code review principles.
- Authentication, sessions, cookies, CORS, and API security.
- Intro to threat modelling and basic incident handling.
- Hands-on: CTF exercises, capture-the-flag platforms, bug bounties (beginner tracks).
Advanced / Career (9+ months)
- Network exploitation, reverse engineering basics, and forensics foundations.
- Cloud security, IAM, and infrastructure hardening (AWS/Azure/GCP basics).
- Red team vs blue team paths, certifications mapping (e.g., CompTIA Security+, OSCP, eJPT).
Pi