← Back to Paths
EXPERT ROADMAP
Become a Cybersecurity Engineer
Become a Cybersecurity Engineer
Design, operate, and harden enterprise security infrastructure to stop real-world adversaries.
CREATED BY
D
Dev R. ★ 4.8
Senior Data Engineer at StreamBase | 10+ years of experience
About this Path
For experienced engineers, DevOps practitioners, and security analysts ready to move into senior security engineering roles. You will operate SOC tooling, perform threat modeling on cloud architectures, conduct red-team exercises, and build security automation pipelines. This roadmap targets CISSP, AWS Security Specialty, or OSCP depending on your track and prepares you to own security posture for a product or platform team.
Path Overview
Advanced LevelCertificate of CompletionAbout 72 hours to completeEnglish language24+ curated videosLearn online at your own pace6 modules with resourcesGamified & interactive
Path Curriculum
Zero trust architecture: BeyondCorp principles in AWS and GCP
Replace VPN-perimeter models with identity-aware proxies and device trust assertions.
Network microsegmentation with Calico and AWS Security Groups
Define east-west traffic policy in Kubernetes clusters to contain lateral movement.
TLS inspection, certificate pinning, and PKI operations
Operate an internal CA, rotate certificates automatically, and detect rogue certificate issuance.
DNS security: DNSSEC, DNS-over-HTTPS, and exfiltration detection
Block DNS tunneling and data exfiltration using RPZ and behavioral anomaly baselines.
STRIDE threat modeling on microservices and API gateways
Walk a real e-commerce architecture through STRIDE to surface auth and injection threats.
PASTA process for attacker-centric risk analysis
Use PASTA stages to prioritize mitigations by business impact rather than CVSS alone.
Secure design patterns: OAuth 2.0 PKCE, mTLS, and secret rotation
Implement the right auth pattern for each trust boundary without over-engineering.
Supply chain security: SBOM generation and dependency scanning
Generate SBOMs with Syft and feed them into Grype to detect vulnerable transitive deps.
Web application penetration testing with Burp Suite Pro
Chain IDOR, SSRF, and JWT weaknesses into a full account-takeover demonstration.
Infrastructure exploitation with Metasploit and custom modules
Write Metasploit auxiliary modules to scan and exploit specific CVEs in lab environments.
Active Directory attack paths: Kerberoasting, Pass-the-Hash, DCSync
Enumerate and exploit AD misconfigurations using BloodHound and Impacket toolchain.
Red team reporting: MITRE ATT&CK mapping and executive findings
Map findings to ATT&CK techniques and write remediation briefs for engineering teams.
Splunk SPL: writing detection queries for ATT&CK technique coverage
Build correlation rules that detect persistence and privilege escalation with low false positives.
Elastic SIEM: EQL threat hunting and detection-as-code with Sigma
Convert Sigma rules to Elastic queries and manage them in a Git detection pipeline.
Log source normalization: CEF, LEEF, and ECS schema mapping
Normalize firewall, EDR, and cloud audit logs into a unified schema for detection reuse.
Threat intel enrichment with MISP and VirusTotal API
Automate IOC lookup and triage to reduce analyst time per alert from 20 minutes to 2.
AWS Security Hub and GCP Security Command Center for CSPM
Centralize findings, set remediation SLAs, and track security posture over time.
Infrastructure-as-code security with Checkov and tfsec in CI
Gate Terraform PRs on policy violations before cloud resources are ever provisioned.
Container and Kubernetes security: Falco runtime detection
Write Falco rules to alert on container escapes, privileged exec, and unexpected syscalls.
Secrets management with HashiCorp Vault: dynamic credentials
Eliminate long-lived credentials by issuing time-bound database and cloud IAM credentials.
NIST SP 800-61 IR lifecycle: preparation through lessons learned
Build and test a runbook that takes an alert from detection to eradication in under 4 hours.
Digital forensics: memory acquisition with Volatility and disk triage
Acquire and analyze a compromised host image to reconstruct attacker timeline and IOCs.
Tabletop exercises: ransomware and cloud-breach scenarios
Facilitate a 2-hour tabletop that stress-tests your IR runbook with a realistic breach scenario.
OSCP / CISSP / AWS Security Specialty exam-track preparation
Choose your certification track and review high-weight domains with timed practice exams.
What you'll learn
- ✓Design zero-trust network architectures with identity-aware proxies and microsegmentation.
- ✓Perform threat modeling using STRIDE and PASTA frameworks on real cloud-native applications.
- ✓Conduct red-team engagements using Metasploit, Burp Suite, and custom Python exploit tooling.
- ✓Build SIEM detection rules in Splunk and Elastic to identify MITRE ATT&CK TTPs at scale.
- ✓Automate cloud security posture management across AWS and GCP using native services and Terraform.
- ✓Respond to and contain incidents using a structured IR playbook aligned to NIST SP 800-61.