The roadmap is broken into different steps.
- STEP 1: Educational Qualification.
- STEP 2: Technical and soft skill required.
- STEP 3: Learning materials and practical skills experience.
- STEP 4: Relevant Certification.
- STEP 5: Job Application.
- STEP 6: Recommended Books.
- STEP 7: Topics not to Miss.
- A degree in Information Technology/computer science or any related field.
- Networking Basics and internet (Must have)
- Programming (Must have)
- Linux (Must have)
- Have the ability to work under pressure
- Good communication skill
- Problem-solving skill
- Cisco Networking Academy (Netcad)
- TryHackMe
- Hackthebox Academy
- Overthewire (master Linux)
- learnPython
- Read security news/policies on hackerRank
- CISSP (Certified Information Systems Security Professional)
- CEH (Certified Ethical Hacker)
- Cisco Certified Network Professional (CCNP) Security
- OSCP (Offensive Security Certified Professional)
- Good Resume: should highlight the steps mentioned above.
- Cisco Talent Bridge (provides easy ways to secure a Job in cybersecurity).
- LinkedIn searches.
- Connect with professional on linkedIn, Twitter and other social media sites.
- Attend Conferences or Virtual meetings.
-
B. Sullivan, V. Liu, and M. Howard, Web Application Security, A B Guide. New York: McGraw-Hill Education, 2011. (ISBN No.: 978-0-07-177616-5).
-
M. Shema and J. B. Alcover, Hacking Web Apps: Detecting and Preventing Web Application Security Problems. Washington, DC, United States: Syngress Publishing, 2014.(ISBN No. 978-1-59-749951-4)
-
W. Stallings, Cryptography and Network Security: Principles and Practice, 5th Ed. Boston: Prentice Hall, 2010. (ISBN No.: 978-0-13-609704-4).
-
M. Rhodes-Ousley, Network security the complete reference (complete reference), 2nd ed. New York, USA: McGraw-Hill Professional Publishing, 2013. (ISBN No. :978-1-59749-535-6)
-
Cyber Security, Understanding cyber crimes, computer forensics and legal perspectives, Nina Godbole,Sunit Belapure, Wiley Publications, Reprint 2016
-
Cybersecurity for Dummies, Brian Underdahl, Wiley, 2011
-
Mathematics You Need: Finite Fields and Number Theory: Modular arithmetic, Euclidian Algorithm, Primality Testing: Fermats and Eulers theorem, Chinese Reminder theorem, Discrete Logarithms
-
Symmetric key cryptographic techniques: Introduction to Stream cipher, Block cipher: DES, AES,IDEA Asymmetric key cryptographic techniques: principles,RSA,ElGamal,Elliptic Curve Cryptography, Key distribution and Key exchange protocols.
-
Integrity and Authentication: Hash functions,Secure Hash Algorithm (SHA)Message Authentication, Message Authentica- tion Code (MAC), Digital Signature Algorithm : RSA ElGamal based
-
Introduction to Networking for Security : Access Control and Site Security- Virtual Local Area Network (VLAN), Demilitarized zone (DMZ) ATTACKS, SERVICES MECHANISMS Attack Methods – TCP/IP Internetworking, Security problems in TCP/IP protocol suite, BGP security attacks, DNS Cache poisoning, Denial of Service (DoS) attacks, Distributed Denial of Service (DDoS) attacks, IP Trace back attacks.
-
REAL-TIME COMMUNICATION SECURITY: Introduction to TCP/IP protocol stack -Implementation layers for security protocols and implications - IPsec: AH and ESP- IPsec: IKE- SSL/TLS- Distribution lists-Establishing keys�Privacy, Source Authentication, Message Integrity, Non-Repudiation, Proof of Submission, Proof of Delivery, Message Flow Confidentiality, Anonymity – Packet filters-Application level gateways.
-
Network Defense: Firewall, VPNs, Intrusion Detection and Prevention filters, Covert channels and counter measures in communication protocols, Techniques for shielding applications from an untrusted environment, Client and Server Security tools and applications
-
Introduction: Web Application Security - Core Defence Mechanisms - Handling User Access - Handling User Input- Handling Attackers - Managing the Application - The OWASP Top Ten List
-
WEB APPLICATION TECHNOLOGIES: Web Functionality Encoding Schemes Mapping the Application - Enumerating the Content and Functionality Analysing the Application Bypassing Client Side Controls : Transmitting Data Via the Client Capturing User Data Handling Client Side Data Securely - Input Validation, Blacklist Validation - Whitelist Validation - The Defence-in-Depth Approach - Attack Surface Reduction Rules of Thumb
-
WEB APPLICATION AUTHENTICATION: Authentication Fundamentals- Two Factor and Three Factor Authentication - Password Based, Built-in HTTP, Single Sign-on Custom Authentication- Secured Password Based Authentication: Attacks against Password, Importance of Password Complexity - Design Flaws in Authentication Mechanisms - Implementation Flaws in Authentication Mechanisms - Securing Authentication
-
SESSION MANAGEMENT: Need for Session Management Weaknesses in Session Token Generation Weaknesses in Session Token Handling Securing Session Management; Access Control : Access Control Overview, Common Vulnerabilities Attacking Access Controls Securing Access Control.
-
WEB APPLICATION VULNERABILITY Understanding Vulnerabilities in Traditional Client Server Application and Web Applications, Client State Manipulation, Cookie based Attacks, SQL Injection, Cross Domain Attack (XSS/ XSRF/ XSSI), HTTP Header Injection, SSL Vulnerabilities And Testing - Proper Encryption use in Web Application - Session Vulnerabilities and Testing - Cross-Site Request Forgery
-
EXPLOITING SYSTEMS: Path Traversal - Finding and Exploiting Path Traversal Vulnerability Preventing Path Traversal Vulnerability Information Disclosure - Exploiting Error Messages Securing Compiled Applica�tions Buffer Overflow Vulnerability Integer Vulnerability Format String Vulnerability
Cyber Security is an ever-learning Journey so you have to always stay updated. Read books and never stop learning. Note: All skill highlighted above can be acquired with the amount of effort put in place. Practice is an inevitable skill needed to succeed in a Cybersecurity Career.