This roadmap combines structured curriculum (week-by-week) and milestone checkpoints so you can track progress whether you study part-time or full-time.
Goal: Build computer, networking, and programming basics.
- Weeks 1β4: Computer basics + Linux CLI (OverTheWire: Bandit, Linux Journey).
- Weeks 5β10: Networking (CCNA-level subnetting, Packet Tracer labs).
- Weeks 11β18: Python programming (Automate the Boring Stuff, Black Hat Python).
- Weeks 19β26: C/C++ basics + Assembly intro (CS50, PC Assembly Language).
- Can subnet a network.
- Write Python scripts.
- Compile/debug C programs.
- Navigate Linux & Windows command line.
Goal: Understand offensive & defensive fundamentals.
- Weeks 27β40: Windows/Linux internals.
- Weeks 41β52: Networking security tools (Wireshark, Nmap, Metasploit).
- Weeks 53β70: Binary exploitation basics (pwn.college, Exploit-Exercises).
- Weeks 71β85: Web app pentesting (PortSwigger, DVWA, Juice Shop).
- Weeks 86β100: Defensive security (Splunk, ELK, incident response labs).
- Run scans, interpret results.
- Hack simple web apps (SQLi, XSS).
- Escalate privileges in Windows/Linux VMs.
- Write a basic buffer overflow exploit.
Goal: Operate as a pentester, SOC analyst, or security engineer.
- Weeks 101β120: Advanced exploitation (ROP Emporium, heap exploitation).
- Weeks 121β140: Active Directory exploitation (HackTheBox, BloodHound).
- Weeks 141β160: Blue team threat hunting (CyberDefenders, malware labs).
- Weeks 161β180: Cloud security (AWS/GCP IAM misconfigs, container escapes).
- Weeks 181β200: CTF competitions (DEFCON quals, picoCTF, HTB Pro Labs).
- Lead a pentest with reporting.
- Analyze malware with Ghidra.
- Defend against phishing, malware, insider threats.
- Deploy & tune SIEMs.
- Secure cloud environments.
Goal: Specialize, lead, and earn top-tier roles.
- Specialize in Binary Exploitation, Cloud Security, Network Architecture, or Red/Blue Team Leadership.
- Study compliance & risk frameworks (ISO 27001, PCI-DSS, SOC 2).
- Earn advanced certs: OSCP β OSEP/OSEE β CISSP β CCNP/CCIE Security.
- Contribute to open-source, publish research, or lead teams.
- Design & audit enterprise networks.
- Lead red team engagements.
- Build APT-level detection rules.
- Write advanced exploits bypassing mitigations.
- Advise executives on compliance & strategy.
- Junior Analyst (0β2 yrs): $60kβ90k
- Mid-Level (2β4 yrs): $90kβ150k
- Senior Red/Blue Team (5+ yrs): $150kβ300k
- Specialist/Architect (6+ yrs): $250kβ500k
- Top 1% Expert (7+ yrs): $500kβ1M+
- Follow structured weeks if you want accountability.
- Use milestones to measure skill mastery.
- Expect ~6β8 years part-time or ~3β4 years full-time for senior expertise.
- Continuously learn: security evolves fast.
β With this roadmap, you can pace yourself week by week or milestone by milestoneβand still know exactly where you stand on the journey to becoming a high-paid expert in network security.