Security Roadmaps
Visual, clickable learning paths for various cybersecurity domains. Click any node below to jump straight to that topic's guide on this site.
How to Use Roadmaps
- Identify your goal - Choose the security domain you want to master
- Follow the path - Progress through topics in the recommended order
- Click to learn - Each node links directly to the relevant guide
- Practice - Pair each stage with hands-on labs and the interview-question sets linked at the bottom of each domain
Application Security Roadmap
Complete path from beginner to job-ready AppSec engineer. Click any box to open that topic.
flowchart TD
A[Secure Coding Fundamentals] --> B[Secure Code Review]
A --> C[Cryptography]
B --> D[Threat Modeling / STRIDE]
C --> D
D --> E[SAST - Static Analysis]
D --> F[SCA - Dependency Scanning]
E --> G[API Security]
F --> G
G --> H[Interview Ready]
click A "../../product-security/application-security/secure-coding/" "Secure Coding"
click B "../../product-security/application-security/secure-code-review/" "Secure Code Review"
click C "../../product-security/application-security/cryptography/" "Cryptography"
click D "../../product-security/application-security/threat-modeling/" "Threat Modeling"
click E "../../product-security/application-security/sast/" "SAST"
click F "../../product-security/application-security/sca/" "SCA"
click G "../../product-security/application-security/api-security/" "API Security"
click H "https://github.com/jassics/security-interview-questions" "Interview Questions Repo" _blank Topics Covered:
- Secure Coding - injection, auth, XSS, access control fundamentals
- Secure Code Review - manual review methodology and checklists
- Cryptography - encryption, hashing, key management, TLS
- Threat Modeling - STRIDE, DFDs, trust boundaries
- SAST - static analysis tooling and CI/CD gating
- SCA - dependency/CVE scanning and SBOMs
- API Security - OWASP API Top 10
Practice next: jassics/security-interview-questions for domain-wise Q&A, and jassics/security-study-plan for a structured study schedule.
Cloud Security Roadmap
Coming soon - AWS, GCP, Azure security learning paths
DevSecOps Roadmap
Coming soon - CI/CD security and automation skills
Penetration Testing Roadmap
Coming soon - Web, network, and mobile pentesting paths
Security Architecture Roadmap
Coming soon - Enterprise security design and implementation
GRC Roadmap
Coming soon - Governance, Risk, and Compliance career path
Adding New Roadmaps
To add a new roadmap, follow the pattern used above for Application Security:
- Sketch the learning path as a Mermaid
flowchart TD(see the AppSec roadmap source for syntax) - Add a
click NodeId "relative/path/"line per node, pointing at the matching docs page - List the topics covered underneath, with links, plus a "Practice next" line pointing at the relevant jassics repo
- Submit a Pull Request
Roadmap Template
## [Domain] Roadmap
\`\`\`mermaid
flowchart TD
A[Topic 1] --> B[Topic 2] --> C[Topic 3]
click A "../../path/to/topic-1/" "Topic 1"
click B "../../path/to/topic-2/" "Topic 2"
click C "../../path/to/topic-3/" "Topic 3"
\`\`\`
**Topics Covered:**
- [Topic 1](../path/to/topic-1.md)
- [Topic 2](../path/to/topic-2.md)
- [Topic 3](../path/to/topic-3.md)
**Practice next:** [relevant jassics repo](https://github.com/jassics/...)