Where Should I Start with Cybersecurity? My Roadmap and Recommendations

“Cybersecurity is not merely about code. It is a journey shaped by curiosity, patience, and the passion for discovery.”

– Oğuzhan Yetimhellaç

Why Am I Writing This Article?

On the first day I stepped into cybersecurity, I faced a forest but did not know which tree to climb. YouTube videos, forums, Telegram groups… everyone said something different, and finding accurate information took time.

I am writing this article for friends like me who have started on this path but do not know where to begin. My goal is to provide a simple, clear, and practical roadmap based on my own experiences.

Foundational Computing and Operating System Knowledge

The foundation of cybersecurity lies in truly understanding computers. Basic knowledge such as how a computer works, what RAM is for, and how an operating system is installed is far more important than you might think.

Why Linux?

Linux is the key to the world of cybersecurity. Most security tools run on Linux, and the majority of servers are Linux-based.

Resources I used:

• The Linux Command Line book
• TryHackMe – Introduction to Linux
• Turkish YouTube content (Barış Bıçakçı, TeknoHall)

Network and Protocol Knowledge

Cyber attacks and defenses occur over networks. It is impossible to understand attacks without learning concepts such as TCP/IP, DNS, and Subnetting.

Recommended tools:

• Cisco Packet Tracer
• Wireshark
• Hack The Box Academy: Network Fundamentals

Know Your Field: Cybersecurity Is a Vast Ocean

When people hear “cybersecurity,” they often think only of “hacking.” In reality, this field is divided into Red Team (offensive) and Blue Team (defensive), each with numerous specialized subfields.

Some example areas:

• Penetration Testing
• Malware Analysis
• Threat Intelligence
• Digital Forensics
• SOC Analyst

While it is good to have basic knowledge in all areas, specializing deeply in one is far more effective.

Practical Training Is Essential: Theory Gets You Only So Far

Cybersecurity cannot be learned solely by reading books at a desk. You must get your hands dirty and spend time in the terminal.

Platforms I actively use:

• TryHackMe
• Hack The Box
• OverTheWire
• Root-Me

Participating in CTFs (Capture The Flag) allows you to test what you have learned and become part of the community.

Don’t Avoid Coding: Writing Scripts Can Save Your Life

Coding enables a cybersecurity professional to build both offensive and defensive tools. Automation simplifies daily tasks.

Recommended languages:

• Python (for automation and exploit development)
• Bash (for Linux commands and scripting)
• JavaScript (especially for web security)

You can start practicing with simple Python scripts. I began by writing a “port scanner.”

Certifications: Are They Really Necessary?

Certifications do not measure knowledge; they measure discipline in acquiring knowledge.

My advice: Knowledge first, then documentation.

Recommended certifications:

• CEH (Certified Ethical Hacker)
• eJPT (Junior Penetration Tester)
• OSCP (Offensive Security Certified Professional)

At the beginner level, eJPT is a good option that can be prepared for using TryHackMe and Hack The Box infrastructure.

Join Communities, Build Projects, Share!

Working alone can eventually lower motivation. My most significant growth occurred when I worked on projects with other members of my university’s cybersecurity club.

What can you do?

• Share projects on your GitHub page
• Join Discord and Telegram groups
• Join or start a cybersecurity club at your university
• Write your learnings in a blog (like this article)

A Few Notes from My Own Journey

I started with interest but was initially scattered. Everything fascinated me, and I could not dive deeply into any topic. Then I decided to progress by setting small goals:

• Solve three TryHackMe rooms per week
• Write one blog post per month
• Add two small scripts to GitHub each month

With these goals, I worked consistently and was able to track my progress.

My Resource Recommendations

Books:

• The Hacker Playbook (1–2–3)
• Practical Malware Analysis
• Linux Basics for Hackers

YouTube channels:

• IppSec (Hack The Box solutions)
• John Hammond
• Barış Bıçakcı (Turkish content)

Communities:

• TryHackMe Türkiye Telegram Group
• University cybersecurity clubs
• GitHub and Reddit threads

My Final Words

“Today you may understand nothing, but tomorrow you will. Learn one thing every day—that’s enough.”

This journey is not easy, but every new thing you learn takes you one step ahead of others. When you get stuck, try a different resource instead of giving up. Nothing is impossible to learn; it has simply not yet become suitable for you.

If this article has shed even a little light for you, let us continue this journey together. You can reach me via social media and ask questions whenever you like.