Building cybersec curriculum from scratch

---

Hello,

i am trying to build manually a list of courses to study, that will lead to a successful cybersec/pentesting career in a year or two.
I will be as objective as possible and put the courses that will help me learn properly and build a solid foundation, even if it is going to take some time and hard work.
so here is the plan, along with some questions.

1) Networking:
Network+ OR CCNA ?? which course should i pick bearing in mind that i am not interested in working as a network engineer, but interested in the networking skills and knowledge that will be beneficial to me in future security/pentesting courses (or maybe is ccent enought?! )

2) Programming:
will go with programming with python course along with bash scripting.

3) Servers:
i think understanding how servers work is important, both on windows and linux.
so i found a course here, windows server 101: is it enough for understanding WS and active directory? or should i go further and take MCSA courses?!
As for linux servers, i have found several courses introducing linux + servers or linux. so it should be fine. (eg: linux essentials / linux+ / etc...)
should i learn both, linux and MS? or one is enough? and which one?!

4) Databses:
i don't know what to pick and where to start with this one. but i believe understanding something like ms sql for example is important for networking pen testing and web app security as well. any advice would be appreciated.

5) JS/php/sql:
I dont really know if it's possible to do web app pen testing without having JS, PHP and sql knowledge (how to do all those types of injections and web attacks without these languages?!)
i found intro to php course. should be a good start.

6) Computer architecture:
i need to find a course that explains stuff about memory, assembly language, Operating systems architecture, etc...

The above is what i can think of regarding the basics of understanding how things work, in order to be able to break them at a later stage.
Security courses will be taken at a later stage.
Am i taking it too far?! should my approach be simpler?!
any advice/input/recommendation/adjustment would be highly appreciated.

Thank you in advance for your feedback.

First: I am new in Cyber Security, so my opinion is maybe not the best choice.
I have Network+, this is a very basic cert. It took me 2 - 3 weeks to get it. I learned full time and I have a lot of experiance. CCNA is much more valuable but you will need much more time to get the certification. I am not 100% sure but there is no CCENT anymore, Cisco combined the two exams in one difficult exam.

F or pentesting, you need at least a basic network knowledge but some pentest courses like PTS will give you this as well.
Python is useful, there is not much to add.

Servers: Yes it is very useful to have a good understanding about it. A MCSA will help you a lot but I don’t think it is necessary. On the other hand, Windows certs are “cheap” and you don’t need to recertify them.
I think it is a very good idea to design a pathway to get a good pentester.
Some pen testers recommend eLearnsecurity because the material is very good. The certs are NOT recognized by companies but you will learn a lot hands on experience. The PTS will give you a solid network knowledge and other basic things. The PTP is much more difficult but I will take it.

I looked over both course materials... very good, much, much better than, e.g. CEH. After PTP you may can go to OSCP...
Pen testing is hard to learn. I heard that PTP will cost me at least 150-200 hours, OSCP much more... 300 to 400.

I am not a native speaker; I am sorry for my bad English.

@Stefan-Waldvogel Thank you for your input.
elearnsecurity are good, no doubt, but i believe there is some work to do first.
I checked their curriculum and i have the PTS free edition, they do explain things briefly and give you a quick/general overview of the topics they cover, but that's not enough if you are looking for a healthy path towards expertise. (what they give is a nice introduction, and maybe enough to pass their exams).
you MUST understand how things work in order to be able to hack or break them later on.
the amount of knowledge and details/depth in ITPRO TV courses is a huge asset to us.
so that's why im trying to build the foundations here first, and then will tackle security courses at a later stage.

@EA89 said in Building cybersec curriculum from scratch:

you MUST understand how things work in order to be able to hack or break them later on.

That is the big point. Cybersecurity is a big field I will start with the basics and then I try to add more. Step by step.

A beginner pentester should be good in at least one thing to get hired. Applications, web applications, server ... there are so many things. You can't be very good in all areas, at least not in the first 5 years.

The defensive side is also big.

@EA89 said in Building cybersec curriculum from scratch:

knowledge and details/depth in ITPRO TV courses is a huge asset to us.

That is true.

@EA89 said in Building cybersec curriculum from scratch:

i believe there is some work to do first.

I agree with that. My prof said you have to start little by little. I worked over 10 years as Systems / DB Admin, so I have more than the basics. You are different and you need a solid bedrock as well. Maybe I saw your schedule and realized the time behind it.

• Network+ needs everything between 2 weeks and 6 months.

• CCNA is 10 months if you take a course at your Community College (8h/per week + homework) but you can decrease the time if you study full time

• Python basics: 1 - 3 weeks

• MCSA cert (retired?) at least 1 week bootcamp, You can pass the exam (with brain dumps ??), but I am not sure if you learn something. I wouldn't be able to do it and keep the knowledge. My admin course, 15 years ago, was >320h and I learnd the basics.

• Database. I did the Oracle path in 2-3 months (fulltime), SQL included. There are 3 to 4 modules for the basics. Community College: 9-10 months 6h/week.

@EA89 said in Building cybersec curriculum from scratch:

(what they give is a nice introduction, and maybe enough to pass their exams).

At least the PTP is more than that. You can't pass if you only study the material, The material shows you one path but it is up to you to find the other options. You need the other options tp pass the PTP exam. PTS is different.

@EA89 .. Great question and a great thought process...

Let me walk back a few steps in the dialogue that has developed so far, and offer some additional observations and thoughts to help clarify what will make sense for you to consider as you start your journey:

1. Networking - a good, solid foundation is CRITICAL for any kind of career path in I.T., regardless of the focus. If you are just starting out, then I would suggest the following path:

CompTIA Network+ ---> Cisco CCNA

1. Programming - you are spot on there...

2. Servers - You are correct that this is also a vital area of focus and knowledge, but it depends on what you are ultimately looking to do. Building a good general knowledge base on both Microsoft and Linux is a smart idea. You probably do not want to go too deep on the Microsoft side until you decide what area(s) you might wnat to specialize in, as it is very likely that you may choose to do things that do not require in depth knowledge of the Microsoft Server ecosystem. For Linux, you need to go deep and wide, as almost all of the pentesting tools you will use and learn about are Linux based. GET AS MUCH LINUX KNOWLEDGE AS YOU CAN HANDLE... AND THEN GET MORE !!!

3. Databases - kind of right, kind of not on this one... what you need is an understanding of query languages, not databases as much.

4. Scripting and Querying - on the right track here... the more the better in this area...

5. Computer architecture - believe it or not, CompTIA A+ is the one to go for here... Wes does a GREAT JOB explaining everything you would want to know as a baseline...

Now, having answered all of your basic questions... there are many additional things to consider, but as you pointed out that will come over time.

My direct e-mail is adam@itpro.tv feel free to keep in touch as you progress through your plan/journey, and let me know how it is going. If I can be of any additional help along the way... just ask.

Good Luck !!

Cheers,

Adam

Thank you Adam :),
You are the expert and your thoughts are very helpful for me as well.

@Adam-Gordon Thanks a lot for your feedback!! will keep in touch during my long journey that's for sure!
thank you again!