23 domains, 7 job-ready paths, and a curated reading list of courses, labs, certifications, and weekly practice — set in plain English, kept honest.
For absolute beginners before choosing a job track.
Certs. Security+, ISC2 CC, SC-900
Portfolio. Home lab diagram, Linux notes, 5 beginner lab writeups
For learners targeting SOC, monitoring, and detection jobs.
Certs. CySA+, SC-200, BTL1
Portfolio. 3 incident reports, 5 detection rules, SIEM dashboard screenshots
For ethical hacking, web testing, and pentest preparation.
Certs. eJPT, PNPT, OSCP
Portfolio. 10 machine/lab writeups, 3 web vuln reports, tooling notes
For AWS, Azure, GCP, IAM, containers, and cloud detection.
Certs. AWS Security Specialty, SC-200, CCSP
Portfolio. Cloud threat model, IAM review, logging pipeline, hardening checklist
For governance, risk, policy, audits, and security program work.
Certs. Security+, CRISC, CISA, CISSP later
Portfolio. Risk register, policy sample, control map, audit evidence checklist
For incident response, forensics, malware triage, and hunting.
Certs. GCIH, GCIA, GREM, SC-200
Portfolio. 2 forensic timelines, PCAP analysis, YARA rule, IR report
For securing LLM apps, AI agents, and machine-learning pipelines.
Certs. Security+ base, AppSec fundamentals, vendor AI security badges
Portfolio. LLM app threat model, prompt-injection writeups, guardrail/eval demo
Computer basics, networking, Linux, Windows, web, and safe lab habits.
Secure web apps, APIs, client-side code, and auth flows.
Understand packets, segmentation, firewalls, VPNs, and monitoring.
Protect AWS, Azure, GCP, containers, identity, and cloud workloads.
Investigate incidents, collect evidence, and rebuild attack timelines.
Governance, risk, compliance, policies, audits, and security programs.
Track adversaries, TTPs, campaigns, and intelligence requirements.
Analyze malicious code, behavior, packers, and exploit artifacts.
Find and weaponize memory corruption bugs in controlled lab environments.
Plan authorized attack simulations that test detection, response, and resilience.
Build secure systems, detection pipelines, automation, and guardrails.
Scale AppSec inside engineering teams with design reviews, code review, and paved roads.
Manage identity, access, privileges, federation, and zero trust.
Assess Android and iOS apps, mobile APIs, storage, auth, and reverse engineering risks.
Understand privacy engineering, applied cryptography, data protection, and secure protocols.
Secure LLM apps, AI agents, and ML systems against prompt injection, data poisoning, and model abuse.
Use AI, LLMs, and machine learning to detect threats, triage alerts, hunt, and automate the SOC.
Attack and defend embedded devices, firmware, and IoT: extraction, hardware interfaces, and device pentests.
Audit smart contracts and DeFi: reentrancy, oracle and flash-loan attacks, and on-chain security.
Secure the build pipeline and dependencies: SBOMs, artifact signing, provenance, and SLSA.
Build, test, and tune detections as code: Sigma rules, ATT&CK coverage, and false-positive management.
Secure industrial systems, safety-critical networks, and control environments.
Discover, reproduce, root-cause, and responsibly report vulnerabilities.
| Course | Domain | Level | Provider | Format | Price | Actions |
|---|---|---|---|---|---|---|
| Pre SecurityNo-prior-experience path covering computers, networking, web basics, and cyber concepts. | Foundations | Beginner | TryHackMe | Learning path | Free + Paid | |
| Web Security AcademyInteractive web vulnerability labs from the creators of Burp Suite. | Web / AppSec | Beginner | PortSwigger | Labs | Free | |
| Introduction to CybersecurityEntry-level overview of threats, career areas, and core security concepts. | Foundations | Beginner | Cisco Networking Academy | Course | Free | |
| Certified in Cybersecurity TrainingFoundational security training connected to the ISC2 CC credential. | Foundations | Beginner | ISC2 | Certification prep | Free + Paid | |
| Google Cybersecurity CertificateCareer-oriented program with Linux, SQL, SIEM, Python, and incident response basics. | Foundations | Beginner | Coursera / Google | Course | Paid | |
| Security Learning PlanAWS security curriculum covering IAM, governance, compliance, and workload protection. | Cloud Security | Intermediate | AWS Skill Builder | Learning path | Free + Paid | |
| Security Operations AnalystDefender, Sentinel, incident response, and threat mitigation modules. | DFIR | Intermediate | Microsoft Learn | Learning path | Free | |
| Hack The Box AcademyHands-on modules for penetration testing, infrastructure, web, and blue-team skills. | Web / AppSec | Intermediate | Hack The Box | Labs | Free + Paid | |
| Blue Team Labs OnlineDefensive investigations, logs, SOC workflows, and incident-response challenges. | DFIR | Intermediate | BTLO | Labs | Free + Paid | |
| LetsDefend SOC TrainingSOC analyst simulations with alerts, cases, investigation, and escalation workflows. | DFIR | Intermediate | LetsDefend | Labs | Free + Paid | |
| OpenSecurityTraining2Free low-level security, x86, exploitation, and reverse engineering courses. | Malware / Reverse Engineering | Professional | OST2 | Course | Free | |
| SANS Cybersecurity CoursesPremium practitioner training across DFIR, cloud, ICS, leadership, and offense. | Professional | Professional | SANS Institute | Course | Paid | |
| PEN-200 / OSCP PrepAdvanced penetration testing preparation connected to the OSCP certification. | Web / AppSec | Professional | OffSec | Certification prep | Paid | |
| Practical Ethical HackingPractical pentesting methodology, Active Directory basics, web attacks, and reporting. | Red Team / Adversary Emulation | Beginner | TCM Security Academy | Course | Paid | |
| Learn Ethical Hacking From ScratchBeginner-friendly Udemy course covering lab setup, network attacks, web attacks, and common tools. | Web / AppSec | Beginner | Udemy / z Security | Course | Paid | |
| Complete Introduction to Cybersecurity 2026Broad beginner introduction to IT, cybersecurity concepts, attacks, defenses, and next-step planning. | Foundations | Beginner | Udemy / Grant Collins | Course | Paid | |
| Exploit Development for Linux (x86)Linux x86 assembly, stack overflows, shellcode, NX, ASLR, and basic ROP practice. | Exploit Development | Intermediate | Udemy | Course | Paid | |
| Hands-on Fuzzing and Exploit DevelopmentShort practical introduction to fuzzing and stack-based buffer overflow workflow. | Exploit Development | Intermediate | Udemy | Course | Free | |
| EXP-301 / OSEDAdvanced Windows user-mode exploit development and OSED preparation. | Exploit Development | Professional | OffSec | Certification prep | Paid | |
| Malware Unicorn WorkshopsReverse engineering and malware analysis workshops with practical exercises. | Malware / Reverse Engineering | Intermediate | Malware Unicorn | Course | Free | |
| Web LLM AttacksInteractive labs on prompt injection and attacking LLM APIs, integrations, and tool use. | AI / LLM Security | Beginner | PortSwigger | Labs | Free | |
| AI Security FundamentalsCore concepts for securing AI systems: AI risks, controls, governance, and responsible AI. | AI / LLM Security | Beginner | Microsoft Learn | Learning path | Free | |
| Enhance Security Operations with Security CopilotUse generative-AI prompts and agents (SC-5006) to triage incidents, hunt, and respond at machine speed. | AI-Augmented Defense | Intermediate | Microsoft Learn | Learning path | Free | |
| Machine Learning & Emerging Technologies in CybersecurityApply ML to intrusion detection and anomaly detection with hands-on labs in Security Onion and RapidMiner. | AI-Augmented Defense | Intermediate | Coursera / Johns Hopkins | Course | Free + Paid | |
| SEC595: Applied Data Science and AI/MLBuild custom AI-driven detection: neural networks for malware, phishing, and behavioral analysis (70%+ labs). | AI-Augmented Defense | Professional | SANS Institute | Course | Paid | |
| Beginner’s Guide to IoT and Hardware HackingFoundational hardware and IoT hacking: UART, SPI, firmware extraction, and device security research. | Hardware / IoT | Beginner | TCM Security | Course | Paid | |
| SEC556: IoT Penetration TestingAssess the full IoT ecosystem: hardware, firmware, radio, and network attack surfaces. | Hardware / IoT | Professional | SANS Institute | Course | Paid | |
| Secureum BootcampSmart-contract security and audit bootcamp covering Solidity, the EVM, and DeFi vulnerability classes. | Blockchain / Web3 | Intermediate | Secureum | Learning path | Free | |
| Securing Your Software Supply Chain with Sigstore (LFS182)Free course on signing, verifying, and proving provenance of artifacts with Sigstore (Cosign, Fulcio, Rekor). | Supply Chain Security | Beginner | Linux Foundation | Course | Free | |
| Detection Engineering with SigmaWrite and operationalize Sigma detections using real logs (Sysmon, Zeek, CloudTrail) with a detection-as-code workflow. | Detection Engineering | Intermediate | Applied Network Defense | Course | Paid |
Courses are one lane. The directory also covers YouTube educators, practice labs, official documentation, tools, research blogs, podcasts, communities, and books.
No-prior-experience path covering computers, networking, web basics, and cyber concepts.
Entry-level overview of threats, career areas, and core security concepts.
Foundational security training connected to the ISC2 CC credential.
Career-oriented program with Linux, SQL, SIEM, Python, and incident response basics.
AWS security curriculum covering IAM, governance, compliance, and workload protection.
Defender, Sentinel, incident response, and threat mitigation modules.
Hands-on modules for penetration testing, infrastructure, web, and blue-team skills.
Defensive investigations, logs, SOC workflows, and incident-response challenges.
SOC analyst simulations with alerts, cases, investigation, and escalation workflows.
Free low-level security, x86, exploitation, and reverse engineering courses.
Premium practitioner training across DFIR, cloud, ICS, leadership, and offense.
Advanced penetration testing preparation connected to the OSCP certification.
Practical pentesting methodology, Active Directory basics, web attacks, and reporting.
Beginner-friendly Udemy course covering lab setup, network attacks, web attacks, and common tools.
Broad beginner introduction to IT, cybersecurity concepts, attacks, defenses, and next-step planning.
Linux x86 assembly, stack overflows, shellcode, NX, ASLR, and basic ROP practice.
Short practical introduction to fuzzing and stack-based buffer overflow workflow.
Advanced Windows user-mode exploit development and OSED preparation.
Reverse engineering and malware analysis workshops with practical exercises.
Interactive labs on prompt injection and attacking LLM APIs, integrations, and tool use.
Core concepts for securing AI systems: AI risks, controls, governance, and responsible AI.
Use generative-AI prompts and agents (SC-5006) to triage incidents, hunt, and respond at machine speed.
Apply ML to intrusion detection and anomaly detection with hands-on labs in Security Onion and RapidMiner.
Build custom AI-driven detection: neural networks for malware, phishing, and behavioral analysis (70%+ labs).
Foundational hardware and IoT hacking: UART, SPI, firmware extraction, and device security research.
Assess the full IoT ecosystem: hardware, firmware, radio, and network attack surfaces.
Smart-contract security and audit bootcamp covering Solidity, the EVM, and DeFi vulnerability classes.
Free course on signing, verifying, and proving provenance of artifacts with Sigstore (Cosign, Fulcio, Rekor).
Write and operationalize Sigma detections using real logs (Sysmon, Zeek, CloudTrail) with a detection-as-code workflow.
Networking, Linux, cloud, home labs, and security basics with approachable projects.
CompTIA A+, Network+, and Security+ video courses and study sessions.
CTFs, malware analysis, threat breakdowns, tooling, and security career videos.
Hack The Box walkthroughs focused on methodology, enumeration, and exploitation.
Binary exploitation, reverse engineering, web hacking, and CTF fundamentals.
Practical ethical hacking, pentesting, career guidance, and training previews.
Networking, hacking, Python, Linux, interviews, and practical lab demos.
Ethical hacking tutorials, Linux, tools, web testing, and red-team basics.
Bug bounty, web security, recon, live hacking, and AppSec interviews.
Bug bounty methodology, interviews, web hacking workflows, and recon ideas.
Bug bounty learning paths, web testing basics, and beginner-friendly methodology.
Windows forensics, memory analysis, event logs, and DFIR technique breakdowns.
Webcasts, purple-team content, detection, pentesting, and defensive tradecraft.
Security research talks across hardware, policy, privacy, exploitation, and defense.
Conference briefings and technical research from Black Hat events.
Accessible explanations of crypto, passwords, protocols, privacy, and computing concepts.
Long-form free courses on security, Linux, networking, Python, and cloud basics.
Wargames for Linux, command line, web, crypto, and exploitation fundamentals.
Beginner-friendly CTF challenges built for students and self-learners.
Machines, Sherlocks, tracks, Academy modules, and competitive labs.
Guided rooms, learning paths, and browser-based labs for red and blue team.
Free interactive web vulnerability labs and topic explanations.
Modern intentionally vulnerable web app covering OWASP Top Ten style issues.
Downloadable vulnerable virtual machines for offline practice labs.
Calendar, teams, and ranking hub for public capture-the-flag competitions.
Blue-team labs for forensics, SIEM, malware, threat hunting, and incident response.
PCAP and malware traffic exercises for network forensics and detection practice.
Threat-informed defense, MITRE ATT&CK, and purple-team learning modules.
Workforce framework for cybersecurity roles, skills, tasks, and career mapping.
Cybersecurity risk management framework for governance and security programs.
Globally accessible knowledge base of adversary tactics and techniques.
Government guidance, alerts, advisories, ransomware resources, and security programs.
Known exploited vulnerabilities catalog for prioritizing remediation.
Prioritized security controls and safeguards for organizations.
Awareness document for common web application security risks.
Testing methodology for web application security assessments.
Practical secure development checklists for auth, crypto, APIs, logging, and more.
Application Security Verification Standard for requirements and assessments.
Security, identity, compliance, architecture, and service-specific AWS guidance.
Microsoft security, compliance, Defender, Sentinel, identity, and Azure guidance.
Google Cloud security foundations, IAM, architecture, and operations guidance.
Browser-based data transformation, decoding, hashing, compression, and analysis tool.
Packet analysis tool documentation, display filters, and protocol inspection.
Generic SIEM detection rule format and community rules.
Pattern matching rules for malware research and detection.
SIEM, detection rules, endpoint, and threat hunting documentation.
Security use cases, SPL examples, and detection content for Splunk environments.
Investigative security journalism on breaches, cybercrime, fraud, and threat actors.
Daily handlers diary, alerts, threat observations, and defensive analysis.
Vulnerability research, exploit analysis, root-cause work, and disclosure posts.
Threat intelligence, identity, cloud security, and Microsoft security product research.
Threat intelligence, incident response, malware, and adversary tracking research.
Threat research, vulnerability analysis, malware reports, and detection context.
Threat intelligence, malware analysis, cloud threats, and incident research.
Narrative stories about breaches, hackers, investigations, and security history.
Weekly security news, policy, vulnerability, vendor, and practitioner discussion.
Daily cybersecurity news briefings and interviews.
Security and privacy stories explained in a lighter weekly format.
Technical security research links and discussion.
General cybersecurity careers, news, questions, and community discussion.
Local chapters, projects, events, and application security community work.
Public vulnerability reports useful for learning bug bounty patterns.
Bug bounty learning content, methodology, and vulnerability examples.
Classic book on browser and web platform security.
Hands-on malware analysis book covering static and dynamic analysis.
Modern applied cryptography for engineers and security practitioners.
Classic web testing reference; older but still useful for methodology.
The canonical list of the most critical security risks in LLM and generative-AI applications.
Adversarial threat landscape and ATT&CK-style technique matrix for AI and ML systems.
Voluntary framework for governing, mapping, measuring, and managing AI risk.
Gamified prompt-injection challenge that teaches how LLM guardrails fail, level by level.
Prompt-injection competition and playground for learning real-world LLM attack techniques.
Curated list of datasets, papers, tools, and courses for applying machine learning to security.
Reference for the AI security analysis tool: prompting, plugins, agents, and SOC use cases.
Practical guide to using data and algorithms for detection: spam, malware, anomalies, and clustering.
Curated list of tools, papers, and labs for embedded and IoT security research.
Deliberately insecure firmware (OpenWrt-based) for practicing IoT vulnerability discovery.
Interactive smart-contract hacking game: reentrancy, delegatecall, access control, and storage bugs.
Offensive DeFi wargame: flash-loan manipulation, price-oracle exploits, and governance attacks.
Curated Web3 security materials for pentesters, auditors, and bug hunters.
Supply-chain Levels for Software Artifacts: provenance and integrity guarantees against tampering.
Keyless artifact signing and verification: Cosign, Fulcio certificates, and the Rekor transparency log.
Open Source Security Foundation: guides, working groups, and best practices for securing the supply chain.
Library of small, portable tests mapped to MITRE ATT&CK for validating detections.
Weekly newsletter tracking detection-as-code, new rules, tooling, and threat research.
Official reference for host discovery, port scanning, version detection, and the Nmap Scripting Engine.
Clear, structured articles on how networks really work: routing, switching, NAT, TLS, and more.
Wireshark and packet-analysis tutorials, TCP/IP deep dives, and troubleshooting walkthroughs.
Hands-on guide to capturing and interpreting network traffic with Wireshark.
University-grade modules and challenges covering binary exploitation, reversing, and system security.
Phoenix and Nebula virtual machines for learning memory corruption and privilege escalation.
Focused challenges that teach return-oriented programming across multiple architectures.
Free intro-to-binary-exploitation course built from CTF challenges, from stack overflows to heap.
ARM assembly and exploitation tutorials aimed at mobile and embedded targets.
Massive practical hacking wiki covering pentest methodology, privilege escalation, and AD attacks.
Automated adversary-emulation platform built on the ATT&CK framework.
Reference of payloads and bypass techniques for web, Active Directory, and post-exploitation.
Comparison matrix of command-and-control frameworks to pick the right tool for an engagement.
Talks and workshops on offensive tradecraft, tooling, and adversary emulation.
Software Assurance Maturity Model for building and measuring a secure development program.
Security Development Lifecycle practices for building security into software from the start.
Free threat-modeling tool for drawing data-flow diagrams and recording threats.
Comprehensive practitioner guide to threat modeling software systems.
Building Security In Maturity Model: a data-driven view of what real software security programs do.
Authoritative hub for the OAuth 2.0 authorization framework, specifications, and security guidance.
How OpenID Connect adds an identity layer on top of OAuth 2.0 for authentication.
Federal guidelines for identity proofing, authentication, and federation assurance levels.
Reference for AWS identity, policies, roles, and least-privilege access design.
Mobile Application Security Verification Standard and Testing Guide for iOS and Android.
Automated static and dynamic analysis framework for Android and iOS applications.
Dynamic instrumentation toolkit for hooking and tracing apps at runtime.
Platform security model, app sandboxing, permissions, and secure-development guidance.
Hands-on challenges that teach attacks against real-world crypto by building them yourself.
Free introductory book on applied cryptography for programmers.
Free, rigorous textbook covering modern cryptographic primitives and proofs.
Practical guides to digital privacy, personal threat modeling, and protective tools.
Modern, practical introduction to cryptographic algorithms and how they are used.
Advisories, recommended practices, and training for securing industrial control systems.
ATT&CK knowledge base of adversary tactics and techniques targeting ICS environments.
ICS/OT security blog, whitepapers, webcasts, and community resources.
Graphical framework simulating an industrial process for safe ICS attack-and-defend practice.
State-of-the-art fuzzer for finding memory-safety bugs in native code.
Long-running ezine with deep technical articles on exploitation and system internals.
Foundational book on exploitation techniques, from C and assembly to shellcode.
Curated list of fuzzing tools, papers, and tutorials.
The ten most common IoT security weaknesses, from default passwords to insecure interfaces.
Firmware-analysis tool for extracting and inspecting embedded file systems and code.
Guide to attacking embedded systems with fault injection and side-channel analysis.
Preconfigured lab with logging and tooling to build and test detections quickly.
Detailed intrusion reports with timelines, TTPs, and concrete detection opportunities.
Curated resources on detection-as-code, methodologies, and rule repositories.
Software composition analysis tool that flags known-vulnerable dependencies.
Framework for cryptographically verifying the integrity of the software supply chain.
Annotated Solidity snippets including common vulnerabilities and on-chain hacks.
Game of smart-contract security challenges on Ethereum.
Post-mortems of major DeFi hacks and exploits with technical breakdowns.
LLM vulnerability scanner that probes for jailbreaks, prompt injection, and data leakage.
Ongoing analysis of prompt-injection attacks and why they remain hard to fix.
Python Risk Identification Toolkit for red-teaming generative-AI systems.
Library for defending and attacking ML models: evasion, poisoning, and extraction.
Free software reverse-engineering suite with a powerful decompiler.
Practical malware reverse-engineering streams, unpacking, and tooling tutorials.
Community malware-sample repository for research and detection.
Free Google SRE book on designing, implementing, and maintaining secure systems.
Broad curated list of security tools, references, and learning resources.
Guided AWS security challenge teaching common cloud misconfigurations step by step.
Vulnerable-by-design AWS deployment tool for practicing cloud attack scenarios.
Encyclopedia of offensive techniques and TTPs across AWS, Azure, and GCP.
Quantitative risk analysis model (Factor Analysis of Information Risk) and supporting resources.
Overview of the international standard for information security management systems.
Sell a small number of clearly labeled placements to security training, lab, newsletter, or tooling partners that fit the learning paths.
Use affiliate links only where the resource is genuinely useful. Keep the directory ranking editorial and disclose paid relationships.
Add display ads after the site has steady traffic, original notes, and enough trust pages for ad-network review.
CyberPath Atlas is a curated learning map for cybersecurity beginners, career switchers, and working professionals. It points to legitimate education, legal practice environments, certifications, and the portfolio work that actually moves a job application forward.
Resources are selected for learning value, practical relevance, job-path fit, and whether a learner can use them legally and systematically. Sponsored placements must be labeled and may not override editorial usefulness.
Some outbound links may become affiliate, sponsor, or partner links. If that happens, CyberPath Atlas may earn a commission or sponsorship fee at no extra cost to the reader, and paid placements should be marked near the relevant link.
This static site does not require an account. If analytics, ads, payment, or newsletter tools are added later, this section should list the provider names, cookie behavior, collected data, retention purpose, and opt-out choices.
Corrections, sponsorships, resource suggestions, partnerships — all welcome at the address below.
contact@mistan.devBreadth is comforting; skill comes from repeated, legal, hands-on work and clean writeups. One path, one platform, one notebook — for a month — beats five tabs open for a year.