Security Study Plans
A practical study plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps, and more.
Start Here
Begin with Common Skills Study Plan - essential skills needed for all security roles.
All study plans are maintained at github.com/jassics/security-study-plan
Application Security
| Study Plan | Description |
|---|---|
| Application Security | Complete AppSec engineer roadmap |
| API Security | REST, GraphQL, API security testing |
| Web Penetration Testing | Web app pentesting skills |
| Threat Modeling | STRIDE, PASTA, threat analysis |
| Secure Code Review | Manual and automated code review |
| Cryptography | Encryption, hashing, PKI |
Cloud Security
| Study Plan | Description |
|---|---|
| AWS Security | IAM, S3, CloudTrail, GuardDuty |
| GCP Security | GCP security services & best practices |
| Azure Security | Azure security fundamentals |
DevSecOps & Container Security
| Study Plan | Description |
|---|---|
| DevSecOps | CI/CD security, pipeline hardening |
| Docker Security | Container security fundamentals |
| Kubernetes Security | K8s security, RBAC, network policies |
| Software Supply Chain Security | SBOM, dependency security |
Security Architecture & SDLC
| Study Plan | Description |
|---|---|
| Security Architecture | Security design principles |
| Secure SDLC | Security in development lifecycle |
| Product Security | End-to-end product security |
| GRC | Governance, Risk & Compliance |
Specialized Security
| Study Plan | Description |
|---|---|
| Network Security | Network defense & monitoring |
| GenAI Security | LLM security, prompt injection |
| IAM Security | Identity & Access Management |
| Mobile Application Security | iOS & Android security |
| Blue Team & Detection | SOC, SIEM, incident response |
| Reverse Engineering & Malware | Malware analysis |
| OSINT & Social Engineering | Reconnaissance techniques |
How to Use These Study Plans
- Start with Common Skills - Build foundational knowledge
- Choose your path - Pick a role-specific study plan
- Study 3-4 hours daily - Consistency is key
- Hands-on practice - Labs and real-world scenarios
- Track your progress - Check off completed topics
Contribute
Help improve these study plans by contributing to security-study-plan