Cybersecurity isn't one job — it's a dozen related disciplines with very different day-to-day work. This lesson maps the common roles, the certifications that signal competence in each, and how to build the hands-on skills that actually get you hired.
The Role Map
| Role | What you do | Background |
|---|---|---|
| SOC Analyst | Triage alerts, investigate incidents, work with SIEM/EDR | IT helpdesk, networking, fresh grad |
| Security Engineer | Build and operate detection, identity, network, and endpoint controls | Sysadmin, DevOps, SOC T2/T3 |
| Cloud Security Engineer | Secure AWS/Azure/GCP at scale; IaC guardrails; CSPM | DevOps, cloud engineer, security engineer |
| Application / Product Security | Threat-model designs, review code, run SAST/DAST, train developers | Software engineering background |
| Penetration Tester / Red Team | Simulate attackers; find and exploit vulnerabilities | Strong systems/networking + curiosity |
| Incident Responder / DFIR | Respond to active incidents; do digital forensics | SOC, sysadmin, law enforcement crossover |
| GRC Analyst | Policies, risk assessments, audits, compliance | Audit, IT compliance, business analysis |
| Security Architect | Design secure systems, set technical strategy | Senior engineering + breadth |
| CISO | Run the program; report to board; manage risk and budget | 15+ years across the field |
The Certification Ladder
Foundational (entry, no experience required)
- CompTIA Security+ — broad, vendor-neutral, the most common starting cert
- Microsoft SC-900 — security/compliance/identity fundamentals across Microsoft cloud
- AWS Certified Cloud Practitioner (CLF-C02) — cloud basics; pair with cloud-specific security later
- (ISC)² CC — Certified in Cybersecurity, free for the first year of testing
Mid-level (1–4 years)
- CompTIA CySA+ — analyst-focused
- AWS Security Specialty (SCS-C02) / Azure AZ-500 / Google PCSE — cloud security depth
- OSCP — offensive, hands-on, well respected; long lab + 24-hour exam
- CompTIA PenTest+ — vendor-neutral pentesting cert
- GIAC GCIH / GCFA — incident handling and forensics, expensive but premium
Senior / specialised
- CISSP — manager-track; broad domain coverage; requires 5 years of experience
- CCSP — cloud architecture and governance
- CISM / CRISC — management and risk
- OSEP, OSED, OSWE — Offensive Security advanced tracks
- SABSA — security architecture framework
Don't collect certs to collect them. Pick one foundational cert + one specialty cert that matches the job you want, and spend the rest of your time on hands-on practice.
Hands-On Practice
Beginner-friendly platforms
- TryHackMe — guided rooms, beginner to intermediate, gentle ramp
- LetsDefend — SOC-analyst simulations
- RangeForce — blue-team exercises
- Blue Team Labs Online — DFIR-focused labs
Intermediate to advanced
- HackTheBox — boxes ranging from easy to insane; subscribe to the Academy for structured paths
- PortSwigger Web Security Academy — best free resource for web AppSec
- PentesterLab — focused web exploitation exercises
- VulnHub — downloadable VMs with no time limits
Bug bounty
- HackerOne, Bugcrowd, Intigriti, YesWeHack — legal hunting on real targets
- Start with Vulnerability Disclosure Programs (VDPs) — no payout, but lower competition while you learn
Capture the Flag (CTF)
- CTFtime.org — calendar of upcoming events
- Beginner-friendly: picoCTF
- Top tier: DEF CON CTF, Google CTF, PlaidCTF
Build a Home Lab
Nothing teaches like running infrastructure yourself. Cheap options:
- A used mini-PC running Proxmox; spin up vulnerable VMs and run attacks against them
- A free-tier AWS / Azure / GCP account with Terraform — practise CSPM findings
- A Kubernetes cluster (kind, k3s) and run kube-bench, Falco, OPA Gatekeeper
- Splunk Free or the ELK stack ingesting Sysmon logs from a Windows VM
Document what you build in a public GitHub repo — it doubles as a portfolio.
Reading and Listening
- Newsletters: tl;dr sec, Risky Biz News, CloudSecList, OffensiveCon Newsletter
- Podcasts: Risky Business, Darknet Diaries, Hacking Humans, Smashing Security
- Blogs: Krebs on Security, Bleeping Computer, Mandiant, Project Zero, Trail of Bits
- Government feeds: CISA advisories, NCSC guidance — every advisory is a real-world case study
- Books: "The Web Application Hacker's Handbook", "Practical Malware Analysis", "Tribe of Hackers", "Defensive Security Handbook"
Communities
- Local BSides, OWASP, DEF CON Group, 2600, ISC2 / ISACA chapters
- Online: r/netsec, r/cybersecurity, the InfoSec Mastodon community, security-focused Discords (TCM, HTB)
- Conferences: BSides (cheap, local), DEF CON, Black Hat, SANS events, RSA Conference, regional events like Hack.lu, OffensiveCon, NDC Security
How This Course Maps Onto Certifications
| Cert | Lessons most relevant |
|---|---|
| CompTIA Security+ / SC-900 / (ISC)² CC | All ten lessons — this course is squarely the foundation level |
| AWS SCS-C02 / Azure AZ-500 / GCP PCSE | Identity, Cryptography, Network, AppSec, Cloud Security, Governance |
| CySA+ / GCIH | Threats, Network Security, AppSec, Security Operations |
| CISSP / CCSP | All ten — these certs reward breadth above all |
A Realistic First Year
- Months 0–2: pass Security+ or SC-900; read this course start to finish
- Months 2–4: TryHackMe complete-beginner path; set up a home SIEM lab
- Months 4–6: pick a specialisation (cloud / AppSec / SOC); start the matching specialty cert
- Months 6–9: contribute publicly — blog walkthroughs, open a GitHub portfolio, present at a local BSides
- Months 9–12: apply for entry roles; interview practice; keep building
Be patient with yourself. The field rewards consistent curiosity over a year more than any single cert ever will.