⚡ Personal Bootcamp
Cybersecurity
Learning Roadmap
// From Zero → Security+ Ready · Self-Paced
👩💻 Saira Ghazi · HND Nutrition → CyberSec
0
Completed
0
Total Tasks
0%
Progress
0
Certs Earned
// Overall Progress
Phase 1: Foundation
0% complete
CC
🏆 ISC2 CC — Do This First! (Free Certification)
0%
🚀 Register & Setup — Do TODAY
Go to isc2.org → Create a free account → Register for “Certified in Cybersecurity (CC)” free exam offer
Enroll in ISC2’s free self-paced CC training course on their website (included with registration)
📖 Domain 1 — Security Principles (26% of exam · Most Important)
Learn CIA Triad — Confidentiality, Integrity, Availability with real life examples (same as Security+ Obj 1.2)
Understand Authentication methods and Multi-Factor Authentication (MFA) — what they are and why they matter
Learn Non-repudiation and Privacy concepts — Obj 1.1
Study Risk Management basics: risk identification, risk assessment, risk treatment — Obj 1.2
Learn 3 security control types: Technical, Administrative, Physical — Obj 1.3
Read ISC2 Code of Ethics — understand the professional code of conduct — Obj 1.4
Learn Governance: difference between Policies, Procedures, Standards, Regulations and Laws — Obj 1.5
🔄 Domain 2 — Business Continuity, DR & Incident Response (10%)
Understand Business Continuity (BC) — purpose, importance and key components — Obj 2.1
Learn Disaster Recovery (DR) — difference between DR and BC, RTO and RPO concepts — Obj 2.2
Study Incident Response basics — the 6 step process: Prepare→Detect→Analyze→Contain→Eradicate→Recover — Obj 2.3
🔑 Domain 3 — Access Controls Concepts (22%)
Learn Physical Access Controls — badge systems, CCTV, security guards, alarm systems — Obj 3.1
Study Logical Access Controls — Least Privilege, DAC, MAC, RBAC, Segregation of Duties — Obj 3.2
🌐 Domain 4 — Network Security (24%)
Learn OSI Model (7 layers) and TCP/IP Model — understand what happens at each layer — Obj 4.1
Understand IPv4, IPv6, WiFi and common ports — Obj 4.1
Learn network threats — DDoS, virus, worm, trojan, man-in-the-middle attacks — Obj 4.2
Study IDS vs IPS — what they detect, how they prevent attacks — Obj 4.2
Learn network design concepts — DMZ, VLAN, VPN, network segmentation, defense in depth — Obj 4.3
Understand Cloud basics for security — SaaS, IaaS, PaaS, MSP, SLA — Obj 4.3
⚙️ Domain 5 — Security Operations (18%)
Learn encryption types — symmetric vs asymmetric vs hashing — and when each is used — Obj 5.1
Understand data handling — classification, labeling, retention, destruction — Obj 5.1
Learn system hardening — baselines, patch management, configuration management — Obj 5.2
Study security policies — AUP, Password Policy, BYOD, Change Management, Privacy Policy — Obj 5.3
Understand security awareness training — social engineering, password protection, why training matters — Obj 5.4
✅ CC Exam Preparation
Do ISC2’s official CC practice questions on their website — free with your account
Search YouTube for “ISC2 CC practice exam” — Thor Teaches and Inside Cloud and Security have great free videos
Score 75%+ consistently on practice questions — exam passing score is 700/1000
🎉 Book and pass your ISC2 CC exam at Pearson VUE — available online proctored from Pakistan!
P1
Phase 1 — Foundation & Networking Basics
0%
🌐 Understand How the Internet Works
Watch: “How the Internet Works” — NetworkChuck YouTube (free playlist)
Learn what IP addresses, DNS, and ports are — watch Professor Messer’s “Networking Basics” videos
Understand TCP vs UDP — why both exist and when each is used
Learn about firewalls and routers — what they actually do
🖥️ Operating System Basics
Get comfortable with Windows: file system, task manager, user accounts, Event Viewer
Learn basic Linux commands (ls, cd, pwd, cat, grep) — use TryHackMe “Linux Fundamentals” free room
Complete TryHackMe “Pre-Security” learning path (free)
✅ Phase 1 Checkpoint
Can you explain to someone: what happens when you type google.com in a browser? If yes, move to Phase 2!
P2
Phase 2 — Core Security Concepts
0%
🔐 Domain 1 — General Security Concepts (12%)
Watch Professor Messer: Security Controls (Technical, Managerial, Operational, Physical) — Obj 1.1
Learn CIA Triad (Confidentiality, Integrity, Availability) — understand with real-life examples
Study AAA (Authentication, Authorization, Accounting) and Zero Trust model — Obj 1.2
Learn Cryptography basics: symmetric vs asymmetric, hashing, PKI, certificates — Obj 1.4
⚠️ Domain 2 — Threats, Vulnerabilities & Mitigations (22%)
Learn all threat actor types (nation-state, insider, hacktivist, etc.) and their motivations — Obj 2.1
Study all social engineering attacks: phishing, vishing, smishing, pretexting — Obj 2.2
Learn malware types: ransomware, trojan, worm, rootkit, keylogger, spyware — Obj 2.4
Study vulnerability types: SQLi, XSS, buffer overflow, zero-day — Obj 2.3
Complete TryHackMe “Jr Penetration Tester” intro rooms (free tier)
✅ Phase 2 Checkpoint
Take a free practice quiz on Domains 1 & 2 — aim for 60%+ before moving on
P3
Phase 3 — Architecture & Operations
0%
🏗️ Domain 3 — Security Architecture (18%)
Learn cloud concepts: IaaS, PaaS, SaaS, shared responsibility model — Obj 3.1
Understand network segmentation, VPNs, firewalls, IDS/IPS placement — Obj 3.2
Study data protection methods: encryption at rest/transit/use, tokenization, masking — Obj 3.3
Learn resilience concepts: backups, RTO/RPO, hot/cold/warm sites, high availability — Obj 3.4
⚙️ Domain 4 — Security Operations (28%) — MOST IMPORTANT
Study hardening techniques for mobile, workstations, servers, IoT — Obj 4.1
Learn vulnerability management lifecycle: scan → analyze → patch → verify — Obj 4.3
Study SIEM, DLP, EDR/XDR, monitoring tools — Obj 4.4
Learn Identity & Access Management: MFA, SSO, LDAP, SAML, OAuth, PAM — Obj 4.6
Study incident response process: Preparation→Detection→Analysis→Containment→Eradication→Recovery — Obj 4.8
Practice on TryHackMe “SOC Level 1” path — hands-on SIEM and log analysis
✅ Phase 3 Checkpoint
Practice quiz on Domains 3 & 4 — aim for 65%+ score before continuing
P4
Phase 4 — Governance, Risk & Compliance
0%
📋 Domain 5 — Security Program Management (20%)
Learn security governance: policies, standards, procedures, guidelines — Obj 5.1
Study risk management: SLE, ALE, ARO, risk appetite, risk register — Obj 5.2
Learn third-party risk: vendor assessments, SLAs, NDAs, due diligence — Obj 5.3
Understand compliance frameworks: GDPR, PCI-DSS, privacy laws — Obj 5.4
Study penetration testing types: black/white/grey box, passive vs active recon — Obj 5.5
Learn security awareness training concepts: phishing campaigns, insider threats — Obj 5.6
Memorize the full acronym list from the objectives PDF (AAA, SIEM, EDR, PKI etc.)
✅ Phase 4 Checkpoint
Practice quiz on Domain 5 — aim for 65%+ before moving to review phase
P5
Phase 5 — Review, Practice & Exam Ready
0%
🔁 Full Review
Re-watch all Professor Messer videos for topics you found confusing — make notes
Do Jason Dion’s Practice Exam set on Udemy (buy when on sale ~$10-15)
Use Professor Messer’s free practice questions on his website daily
Use ExamCompass.com for free Security+ practice questions
🛡️ Practical Skills
Complete at least 5 TryHackMe rooms in areas you feel weakest
Set up a free home lab: install VirtualBox + Kali Linux + a vulnerable VM (no cost)
🏁 Final Milestones
Score 80%+ consistently on full practice exams before considering the real exam
Apply for Google Cybersecurity Certificate on Coursera with financial aid (free!)
Create LinkedIn profile highlighting your learning journey and TryHackMe badges
🎉 Book your Security+ exam at Pearson VUE (online proctored from Pakistan!)
// Saira’s Daily Routine Suggestion
Mon/Wed/Fri: Watch ISC2 CC training + Professor Messer videos following the objectives PDF — 1 objective at a time.
Tue/Thu: Practice questions, Blue Team Labs Online, or Cisco NetAcad hands-on labs.
Weekend: Review your notes, do practice quiz questions, re-read anything confusing.
Remember: Even 1 hour/day consistently beats 5 hours once a week. You’re doing this from a nutrition background — that’s actually a strength because you already know how to study complex material systematically!
🏅
Certificate Tracker — Your LinkedIn Wall
0 earned
⚡ Priority Action — Do This Today!
The ISC2 CC free exam offer includes free training AND a free exam voucher. Go to isc2.org right now and register before this offer changes. It is a real proctored certification from the world’s top cybersecurity organization — completely free for you.
// Level 1 — Beginner · Start Here
Certified in Cybersecurity (CC)
ISC2 · isc2.org
✓ Earned — Add to LinkedIn!
Google Cybersecurity Certificate
Google / Coursera · coursera.org
✓ Earned — Add to LinkedIn!
Networking Basics
Cisco NetAcad · netacad.com
✓ Earned — Add to LinkedIn!
Network Defense Essentials (NDE)
Cisco NetAcad · netacad.com
✓ Earned — Add to LinkedIn!
Cyber Aces — OS, Networking & Security
SANS Institute · cyberaces.org
✓ Earned — Add to LinkedIn!
IBM Cybersecurity Analyst Certificate
IBM / Coursera · coursera.org
✓ Earned — Add to LinkedIn!
// Level 2 — Practical Skills · After Basics
Splunk Fundamentals 1
Splunk · education.splunk.com
✓ Earned — Add to LinkedIn!
Network Defense Essentials (NDE)
EC-Council · codered.eccouncil.org
✓ Earned — Add to LinkedIn!
Ethical Hacking Essentials (EHE)
EC-Council · codered.eccouncil.org
✓ Earned — Add to LinkedIn!
Digital Forensics Essentials (DFE)
EC-Council · codered.eccouncil.org
✓ Earned — Add to LinkedIn!
Vulnerability Management
Qualys · qualys.com/training
✓ Earned — Add to LinkedIn!
DigiSkills Courses
DigiSkills Pakistan · digiskills.pk
✓ Earned — Add to LinkedIn!
// Level 3 — Vendor Certifications · Boosts LinkedIn
Fortinet NSE 1 — Information Security Awareness
Fortinet · training.fortinet.com
✓ Earned — Add to LinkedIn!
Fortinet NSE 2 — The Evolution of Cybersecurity
Fortinet · training.fortinet.com
✓ Earned — Add to LinkedIn!
Fortinet NSE 3 — Fortinet Portfolio
Fortinet · training.fortinet.com
✓ Earned — Add to LinkedIn!
Palo Alto Cybersecurity Fundamentals
Palo Alto Networks · beacon.paloaltonetworks.com
✓ Earned — Add to LinkedIn!
Microsoft SC-900 Security Fundamentals
Microsoft · learn.microsoft.com
✓ Earned — Add to LinkedIn!
CompTIA Security+ SY0-701
CompTIA · comptia.org
✓ Earned — Congratulations! 🎉