Complete Cybersecurity Beginner's Learning Path

A step-by-step guide from absolute beginner to ethical hacker

📌 Stage 1: Foundations (Weeks 1-2)

Goal: Build your cybersecurity mindset and set up a safe learning environment.

Lesson 1: Understanding Cybersecurity

What you'll learn:

📚 Learning Resources:
✅ Hands-on Activity:
  1. Write down 3 examples of cybersecurity threats you've encountered in daily life
  2. Research one major cyber attack (like the 2017 Equifax breach) and summarize what happened

Lesson 2: Setting Up Your Hacking Lab

Why this matters: You need a safe, legal environment to practice hacking skills.

Step-by-Step Guide:

  1. Install VirtualBox: Free virtualization software to run other operating systems
    Note: Download from virtualbox.org
  2. Get Kali Linux: The most popular security/hacking OS
    Download the pre-built VM from kali.org
  3. Basic Linux Commands: Start with these essential commands:
    ls # List files in current directory
    cd # Change directory (cd /path/to/folder)
    pwd # Show your current directory path
    mkdir # Create new folder (mkdir new_folder)
    cat # View file contents (cat filename.txt)
✅ Daily Practice:
  • Spend 15 minutes daily practicing Linux commands
  • Create a folder structure with 3 nested folders and 2 text files
  • Watch: "Linux Basics for Hackers" (15 min)

📌 Stage 2: Network Fundamentals (Weeks 3-4)

Goal: Understand how networks work and perform basic scanning.

Lesson 3: How the Internet Works

Key Concepts:

📚 Learning Resources:
✅ Hands-on Activities:
  1. Find your computer's IP address:
    # On Linux/Mac:
    ifconfig

    # On Windows:
    ipconfig
  2. Ping different websites:
    ping google.com
    ping facebook.com

Lesson 4: Network Scanning with Nmap

What is Nmap? The most powerful network scanning tool used by professionals.

Basic Nmap Commands:

# Scan a single IP
nmap 192.168.1.1

# Scan a website (LEGAL targets only!)
nmap scanme.nmap.org

# More detailed scan
nmap -sV -A scanme.nmap.org
⚠️ Important: Only scan systems you own or have permission to scan. Scanning without permission is illegal.
✅ Practice Exercises:
  1. Scan your home router (find its IP with ifconfig/ipconfig)
  2. Complete TryHackMe's Nmap Room
  3. Discover what services are running on scanme.nmap.org

📌 Stage 3: Web Application Security (Weeks 5-6)

Goal: Learn how websites get hacked and practice on safe targets.

Lesson 5: OWASP Top 10 Vulnerabilities

The Open Web Application Security Project lists the most critical web vulnerabilities:

  1. Injection (SQLi, command injection)
  2. Broken Authentication (Weak login systems)
  3. Sensitive Data Exposure (Unprotected data)
  4. XML External Entities (XXE)
  5. Broken Access Control
  6. Security Misconfigurations
  7. Cross-Site Scripting (XSS)
  8. Insecure Deserialization
  9. Using Components with Known Vulnerabilities
  10. Insufficient Logging & Monitoring
📚 Learning Resources:

Lesson 6: Hacking a Practice Website (DVWA)

DVWA (Damn Vulnerable Web App) is a deliberately vulnerable website for learning.

Setup Instructions:

  1. Download DVWA: https://dvwa.co.uk/
  2. Install on your Kali Linux VM (follow setup guide)
  3. Login with admin/password

First Hack: SQL Injection

  1. Go to the "SQL Injection" section
  2. Try entering: ' OR '1'='1
  3. You should see all user records!
✅ Practice Challenges:
  • Complete all DVWA security levels (Low to Impossible)
  • Try the SQL Injection labs at PortSwigger
  • Document your findings in a text file

📌 Stage 4: Getting Certified (Weeks 7-8+)

Goal: Earn your first cybersecurity certification.

Lesson 7: eJPT Certification

Why eJPT? Perfect first certification because:

Preparation Path:

  1. Take the free INE Penetration Testing Student course
  2. Practice on Hack The Box easy machines
  3. Review Nmap, web attacks, and basic networking
✅ Study Plan:
  • Week 1: Complete INE's Network Security module
  • Week 2: Master Web Application attacks
  • Week 3: Practice on 5+ HTB machines
  • Week 4: Take the exam!

📌 Stage 5: Advanced Path (3+ Months)

Next steps after mastering the basics:

Path Options:

  1. Web Application Security:
    • Advanced Burp Suite usage
    • OWASP ZAP
    • PortSwigger Academy
  2. Network Penetration Testing:
    • Active Directory attacks
    • Privilege escalation
    • Metasploit Framework
  3. Red Teaming:
    • Advanced attack simulations
    • C2 frameworks (Cobalt Strike)
    • OSCP certification

🎯 Weekly Study Plan Template

Day Focus Area Activities Time
Monday Linux Skills Practice commands, file system navigation 1 hr
Tuesday Networking Nmap scanning, Wireshark analysis 1 hr
Wednesday Web Security DVWA challenges, Burp Suite 1 hr
Thursday Learning Watch tutorials, read articles 30 min
Friday Review Practice weak areas, take notes 30 min
Saturday Hands-on HTB/TryHackMe machines 2 hrs
Sunday Rest Optional light review -

💡 Expert Tips for Success

  1. Build a learning journal - Document every new concept and command you learn
  2. Join communities - The Hack The Box and TryHackMe Discord servers are goldmines
  3. Break things - Don't be afraid to mess up in your lab environment
  4. Specialize gradually - Master fundamentals before diving deep into one area
  5. Stay ethical - Never practice on systems without explicit permission

What Do You Want to Learn Next?

"The expert in anything was once a beginner." — Helen Hayes