Entry Point
Foundational Theory & Basic Logic
In security, you will inevitably break things, and you need to understand exactly how they broke. Before you can ever spot a real attacker, you must learn the basic ground you stand on. This starts with the hardware, the operating system, and the networks that connect them.
The entire internet essentially runs on Linux. If you cannot navigate a terminal comfortably, you are effectively operating with a blindfold on in any security role. It is the clear difference between clicking a shiny button on a dashboard and genuinely understanding the command that just executed across your entire fleet of cloud resources.
You also cannot defend what you do not understand. Networking is effectively the physics of the digital world. If you do not know how a normal packet moves from point A to point B, you will never be able to spot the packet that should not be there. This level slowly turns scary technical jargon into concepts you can actually explain to a friend over coffee.
Certifications
Google Cybersecurity Certificate
Coursera / Google
What it teaches
A broad and accessible start to security. It guides you from the absolute basics of networking and the Linux command line through to fundamental threat detection and simple Python scripting.
Why at this level
This is the best generalist starting point because it doesn't bog you down with overly dense engineering details. More importantly, finishing it proves to employers that you have the discipline to finish a multi-month course. HR departments universally recognize the Google brand, which helps with your initial resume screening.
TCM Practical Security Fundamentals
TCM Security Academy
What it teaches
A hands-on course that focuses on real-world demonstrations rather than dry slide decks. It shows you exactly how the modern digital world works and then logically takes it apart.
Why at this level
This is for learners who prefer doing over watching. If you want to see how networks and operating systems actually break from day one, this is your best choice. It focuses on the fundamental how of security rather than just the academic theory.
Skills & Labs
Networking (TCP/IP)
Core Knowledge
What it is
The fundamental language of how data moves across a network, including DNS, DHCP, and subnetting.
Why you need it here
You can't defend what you don't understand. If you don't know how a DNS request is supposed to look, you'll never spot a malicious server hiding in plain sight. This is the physics of the digital world.
Resources
Free
The gold standard for clear, free networking education with zero fluff.
A high-energy, visual way to learn complex networking concepts.
Paid / Professional
The best exam prep if you plan on actually taking the Network+ certification.
OS Fundamentals
Operating Systems
What it is
Deep knowledge of how operating systems manage files, processes, and users across Windows and Linux environments.
Why you need it here
You need to know what normal looks like to identify abnormal. Attackers hide in system folders or create hidden users. If you don't know your way around the Linux filesystem, you are a blind defender.
Resources
Free
A free book that is widely considered the bible for terminal beginners.
Hands-on labs to get you over the fear of the black command prompt.
Paid / Professional
Practical, video-led instructions from people who use Linux every day.
Scripting Basics
Automation
What it is
Using code like Python or Bash to automate repetitive tasks and process large datasets.
Why you need it here
Speed is your greatest weapon. You don't want to manually check 500 logs. You want to write a 10-line script to do it in 5 seconds. Automating the boring stuff leaves you time for actual hunting.
Resources
Free
The most practical Python guide ever written for non-programmers.
A world-class introduction to Python from Harvard University.
Paid / Professional
Python explained specifically through the lens of a security professional.
Cloud Security Analyst
First Certs, First Cloud Footprint, First Alerts
The cloud is disorienting at first. Hundreds of services, thousands of config options, alerts that never stop. Your job is to build a mental model of what normal looks like · because spotting the abnormal is all that matters.
In a traditional network, attackers need to reach a machine. In the cloud, a misconfigured IAM role IS the machine. A leaked credential with the wrong permissions can expose an entire company. Learn to read policy documents and spot what's dangerous before anything else.
GuardDuty fires. CloudTrail has a record of every API call ever made. Your job: correlate those events, decide if something real happened, close or escalate. Speed and accuracy here are what get you promoted.
Certifications
CCSK · Certificate of Cloud Security Knowledge
Cloud Security Alliance
What it teaches
Vendor-neutral cloud security fundamentals · shared responsibility, IAM, data security, architecture, and incident response across all major providers.
Why at this level
Get this before you commit to a single cloud provider. It's the only cert that treats cloud security as its own discipline rather than a bolt-on. It teaches you to think about cloud risk, not just configure vendor tools.
AWS Solutions Architect Associate · Google Associate Cloud Engineer
Amazon Web Services / Google Cloud
What it teaches
AWS SAA covers how AWS services fit together · compute, storage, networking, identity. Google ACE does the same for GCP. Both give you the architectural foundation before you touch security-specific exams.
Why at this level
If your environment is AWS or GCP, start here instead of CCSK. You can't secure services you don't understand architecturally. Pick the one that matches where you work.
Skills & Labs
Cloud Platform Fundamentals
Cloud Architecture
What it is
Core cloud services · compute, storage, networking, and identity · well enough to navigate the console and understand how things connect.
Why you need it here
You can't spot a misconfigured S3 bucket if you don't know what S3 does. Platform knowledge comes before platform security.
Resources
Free
Structured cloud security learning paths built for practitioners.
Practical labs covering real cloud security scenarios.
Hands-on sandbox labs with real cloud resources, no account needed.
Official free tutorials for every core AWS service.
Paid / Professional
Best AWS course available. Builds real understanding, not just exam prep.
Identity and Access Management
Access Control
What it is
Reading and auditing the policies that control who can do what across a cloud environment.
Why you need it here
IAM is the perimeter in the cloud. The most common breach is an over-permissioned role or a leaked key. This is the most important skill at this level.
Resources
Free
Hands-on labs covering cloud IAM misconfigurations in a safe environment.
Official reference for how IAM policies are evaluated · read it, bookmark it.
Paid / Professional
Intentionally vulnerable AWS environment. Attack misconfigured IAM to see exactly how it's exploited.
Log Analysis
Threat Detection
What it is
Reading and correlating cloud logs · API calls, auth events, config changes · to confirm or rule out security incidents.
Why you need it here
The cloud records everything. How fast you can extract a clear picture from logs determines your value as an analyst.
Resources
Free
Free SIEM, good docs, great for learning log analysis hands-on.
Run it against a test AWS account and read the output. That's the job in miniature.
Paid / Professional
Covers GuardDuty, CloudTrail, and Security Hub with real detection scenarios.
Cloud Security Engineer
Platform Mastery, Architecture & Real Controls
You stop reacting to alerts and start building the systems that generate them. You're the engineer who designed the detection logic, integrated it with the SIEM, and wrote the runbook the analyst follows.
Most cloud environments are built with Terraform or CloudFormation, not dashboards. If those templates aren't scanned before deployment, security mistakes ship to production automatically. Your job is to put the check in the pipeline.
The AWS Security Specialty is the right cert at this level · it maps directly to what you're doing day to day and proves you can secure AWS services, not just use them.
Certifications
AWS Certified Security – Specialty
Amazon Web Services
What it teaches
IAM architecture, detective controls, infrastructure protection, data protection, and incident response within AWS · the full security picture for a production environment.
Why at this level
Natural progression after the AWS SAA. The SAA teaches how services work; this teaches how to secure them. Most recognized AWS security credential and maps directly to what engineers do day to day.
AZ-500 Microsoft Azure Security Technologies · Google Professional Cloud Security Engineer
Microsoft / Google Cloud
What it teaches
AZ-500 covers Azure security · Entra ID, Defender for Cloud, Sentinel, network protection. GCP Security Engineer covers the same depth for Google Cloud.
Why at this level
Pick based on where you work. AZ-500 for Azure shops, GCP Security Engineer for Google Cloud. No reason to take both unless you're genuinely multi-cloud.
Skills & Labs
Cloud Security Architecture
Design & Implementation
What it is
Designing layered security controls · IAM boundaries, network segmentation, encryption, logging, detection · across multi-account cloud environments.
Why you need it here
An analyst finds problems. An engineer builds the system that finds problems. You're making design decisions that affect the whole org, not just configuring tools.
Resources
Free
Practical labs covering real cloud security scenarios.
Best free cloud security training available · architecture, misconfigs, real attack paths.
Official reference for every AWS security service and how they connect.
Paid / Professional
Purpose-built course for the AWS Security Specialty exam.
Covers detection, architecture, and response across the AWS security suite.
Infrastructure as Code Security
DevSecOps Integration
What it is
Scanning Terraform, CloudFormation, and Kubernetes manifests for misconfigurations before they're deployed, and wiring those checks into CI/CD.
Why you need it here
Most cloud breaches aren't zero-days. They're a Terraform file that made S3 public or gave a role star permissions. Catch it in code review, not in an incident.
Resources
Free
Covers Terraform, CloudFormation, Kubernetes, and ARM templates. Run it locally first.
Shows you what your IaC missed when it hits a live environment.
Paid / Professional
Attack a deliberately misconfigured AWS environment to see bad IaC from the attacker's side.
Container and Kubernetes Security
Orchestration Security
What it is
RBAC design, pod security standards, network policies between services, and runtime detection with Falco.
Why you need it here
Most cloud workloads run in containers on Kubernetes. If you can't secure the cluster, you can't secure the apps on it.
Resources
Free
Official reference for pod security standards, RBAC, and network policies.
The open-source runtime detection engine. Read the docs, deploy it, write a rule.
Paid / Professional
Best hands-on Kubernetes security course available.
Cloud Security Architect
Kubernetes, Multi-Cloud Governance & Long-Term Specialisation
You're not finding misconfigurations anymore · you're building the systems that make them impossible to deploy. That means writing policies that enforce standards across every team, not just configuring individual controls.
The AWS SA Pro is the direct signal of architectural depth at this level. It's hard, broad, and forces you to think about how security decisions cascade across an entire organisation's infrastructure.
Multi-cloud governance is the operational reality of this role. You're not answering to a single provider's toolset · you're designing controls that work across AWS, Azure, and GCP simultaneously, and you're accountable when they don't.
Certifications
AWS Certified Solutions Architect – Professional
Amazon Web Services
What it teaches
Multi-account AWS architecture · Organizations, Control Tower, complex networking, DR patterns, and the security controls that govern infrastructure at enterprise scale.
Why at this level
Security and infrastructure decisions can't be separated at this level. The SA Pro forces systems-level thinking · where trust boundaries sit and how one design choice creates risk across the whole org. One of the hardest AWS exams, and one of the most respected.
CCSP · Certified Cloud Security Professional
ISC2
What it teaches
Six domains: cloud architecture, data security, platform security, application security, operations, and legal/compliance. The most rigorous vendor-neutral cloud security cert available.
Why at this level
Good alternative for multi-cloud architects or those moving toward a head-of-cloud-security role. Proves your thinking isn't locked to one platform.
Skills & Labs
Kubernetes Security
Container Orchestration
What it is
Admission control with OPA/Gatekeeper, runtime detection with Falco, RBAC at scale, image signing, and node hardening.
Why you need it here
A compromised Kubernetes workload can spread laterally and escalate privileges across the cluster. Architects who know this deeply are rare · that's reflected in what they're paid.
Resources
Free
Official path · CKA is a prerequisite, build progressively.
Open-source runtime detection used in production at major enterprises.
Paid / Professional
Best hands-on CKS course, scenario-based labs that mirror the actual exam.
Cloud Security Posture Management
Enterprise Defence
What it is
Running CSPM tools across multi-account, multi-cloud environments · correlating findings, prioritising by real exploitability, and building remediation workflows with engineering teams.
Why you need it here
You can't manually audit hundreds of accounts. CSPM is what makes scale manageable. Knowing how to configure, tune, and integrate these platforms is core to the architect role.
Resources
Free
Practitioner-level cloud security training from the team that built one of the leading CSPM platforms.
Real enterprise-scale detection and CSPM content from AWS engineers.
Paid / Professional
The most thorough course for cloud security governance at the architect level.
Governance and Compliance
Risk Management
What it is
Mapping cloud controls to compliance frameworks and building evidence collection processes that make audits survivable.
Why you need it here
Your decisions have legal consequences at this level. A wrong encryption policy in healthcare isn't a security gap · it's a HIPAA violation. Knowing how technical choices map to compliance makes you a strategic partner, not just an engineer.
Resources
Free
The US government cloud security framework. Free, authoritative, widely referenced.
Industry's most adopted cloud compliance framework · free access to all docs.
Paid / Professional
Best written resource for governance, compliance, and legal frameworks in cloud environments.
Navigate