Home/Roadmaps/Cybersecurity Analyst

🛡️

Cybersecurity Analyst Roadmap

Learn to defend systems, detect threats, and respond to incidents. Cybersecurity is one of the fastest-growing fields in India with massive demand and premium salaries.

6-9 months4-8 LPA → 25-50 LPA expected9 steps • 31 free resources

Networking Fundamentals

3-4 weeks

Security starts with understanding how networks work. Learn TCP/IP, OSI model, DNS, HTTP/S, subnets, and how data flows across the internet.

By the end, you'll be able to

Explain the OSI model and TCP/IP stack in depth
Analyze network traffic with Wireshark
Configure basic network setups and troubleshoot issues

🛠️

Mini-project

Capture and analyze network traffic with Wireshark for 1 hour. Identify all protocols, DNS queries, and any unencrypted data. Write a report.

Recommended Resources

Introduction to Linux - Linux Foundation

Linux Foundation (via edX)

free

HashiCorp Vault - Secrets Management

HashiCorp

free

Grafana Tutorials - Official

Grafana Labs

free

Linux Upskill Challenge - Free Course

Linux Upskill Challenge

free

Linux & System Administration

2-3 weeks

Most servers run Linux. Master the command line, file permissions, services, firewall configuration, and system hardening.

By the end, you'll be able to

Administer Linux servers: users, permissions, services, logs
Harden a Linux system following CIS benchmarks
Write scripts to automate security tasks

🛠️

Mini-project

Set up a Linux VM, harden it (disable root login, configure firewall, set up fail2ban, audit permissions), and document your hardening checklist.

Recommended Resources

Awesome Docker - Curated Resources

Awesome Docker / GitHub

free

Codeforces EDU - Algorithm Courses

Codeforces

free

Rancher - Kubernetes Management

Rancher / SUSE

free

Security Fundamentals & Frameworks

2-3 weeks

Learn core security concepts: CIA triad, authentication, encryption, risk assessment, and frameworks like NIST, OWASP, and ISO 27001.

By the end, you'll be able to

Explain CIA triad, authentication methods, and encryption types
Apply security frameworks to assess organizational risk
Identify and classify common vulnerabilities

🛠️

Mini-project

Conduct a security assessment of a small website: check for OWASP Top 10 vulnerabilities, SSL configuration, and security headers. Write a report.

Recommended Resources

HackTheBox Academy - Free Modules

HackTheBox Academy

free

abuse.ch - Threat Intelligence

abuse.ch

free

Offensive Security Blog

Offensive Security

free

Red Team Handbook - Atomic Red Team

Atomic Red Team

free

Ethical Hacking & Penetration Testing

4-5 weeks

Think like an attacker to defend like a pro. Learn reconnaissance, scanning, exploitation, and how to write professional penetration test reports.

By the end, you'll be able to

Perform reconnaissance and vulnerability scanning
Exploit common vulnerabilities in web apps and networks
Write professional penetration testing reports

🛠️

Mini-project

Complete 10 rooms on TryHackMe or 5 boxes on HackTheBox. Document your methodology for each one.

Recommended Resources

The Hacker News - Cybersecurity News

The Hacker News

free

Hacksplaining - Security Training for Developers

Hacksplaining

free

Introduction to Cybersecurity - Cisco

Cisco Networking Academy

free

TryHackMe - Beginner Learning Paths

TryHackMe

free

Web Application Security

3-4 weeks

Web apps are the #1 attack surface. Master SQL injection, XSS, CSRF, SSRF, authentication bypasses, and how to prevent them.

By the end, you'll be able to

Find and exploit OWASP Top 10 vulnerabilities
Secure web applications against common attacks
Use tools like Burp Suite for web app testing

🛠️

Mini-project

Practice on OWASP WebGoat or DVWA: exploit every vulnerability, then patch each one. Document the attack and fix for each.

Recommended Resources

Awesome Hacking - Ethical Hacking Resources

Awesome Hacking / GitHub

free

Ethical Hacking Full Course - edureka!

edureka! (YouTube)

free

OWASP Web Security Testing Guide

OWASP

free

SIEM & Incident Response

2-3 weeks

Learn how SOCs operate. Set up SIEM tools, write detection rules, and practice incident response: identification, containment, eradication, recovery.

By the end, you'll be able to

Set up and use SIEM tools for threat detection
Write detection rules and investigate security alerts
Follow incident response procedures: contain, eradicate, recover

🛠️

Mini-project

Set up a basic SIEM (ELK or Splunk Free) and create detection rules for 5 common attack patterns. Practice investigating sample incidents.

Recommended Resources

Security BSides - Free Conference Talks

Security BSides (YouTube)

free

Offensive Security Blog

Offensive Security

free

Shodan - Search Engine for IoT

Shodan

free

Cloud Security

2-3 weeks

Cloud is where everything runs now. Learn AWS/Azure security: IAM, security groups, encryption, compliance, and cloud-specific threats.

By the end, you'll be able to

Secure AWS/Azure environments with proper IAM and networking
Identify cloud-specific vulnerabilities and misconfigurations
Audit cloud environments for compliance

🛠️

Mini-project

Audit a sample AWS environment: check IAM policies, security groups, S3 bucket permissions, and encryption. Write a findings report.

Recommended Resources

AWS Solutions Library

AWS

free

AWS Cloud Practitioner Essentials

AWS (Amazon)

free

Security, Compliance, and Identity Fundamentals (SC-900) - Microsoft

Microsoft Learn

free

Certifications & Portfolio

4-5 weeks

Cybersecurity values certifications more than most fields. Prepare for CompTIA Security+, CEH, or similar while building a portfolio of security projects.

By the end, you'll be able to