CyberJKD Roadmap

PHASE 01

Systems Foundation

// Identity: Infrastructure Thinker

5 / 7 DONE

⏳ IN PROGRESS

MONTHS 0–6

▾

// Core Focus Areas

Operating Systems (deep)

Networking fundamentals

Linux comfort & CLI

Python scripting basics

Bash automation

File systems & permissions

// Foundation Pillars

MASTER THE CORE SERVICE CATEGORIES

COMPUTE

VMs · processing · workload execution

NETWORK

VLANs · firewalls · traffic flow

STORAGE

File systems · permissions · data

// Mission Objectives

01

Harden a Linux VM

disable services · lock SSH · firewall config · full report

✓ Manual (WSL2) ✓ Automation Script ✓ VM Redo

↗

02

Segmented lab network

VLANs · firewall rules · topology diagram

✓ Apr 25 2026

↗

03

Wireshark packet analysis

live capture · protocol identification · anomaly flagging

✓ Apr 28 2026

↗

04

Python log parser script

parse auth logs · detect failed logins · clean summary output

✓ May 2 2026

↗

05

Brute force simulation + log analysis

controlled lab only · study what attack looks like in logs

✓ May 3 2026

↗

06

B819 Router Firmware Research

reverse engineered 4G/5G router · found JS simStatus bug · wrote Patch v1.0 · UART root shell pending

⏳ Phase 1 done · UART pending ✓ Patch v1.0 written

↗

07

Sherlock OSINT — Username Intelligence Recon

run Sherlock across 400+ platforms · document output · analyse security implications · write full recon report

— TODO

// Target Certifications

Aug 2026

CompTIA Security+ (SY0-701)

Via Professor Messer — free. Skill first, cert follows the work.

Nov 2026

CCNA

NetworkChuck + Jeremy Cioara bootcamp. Networking deep.

PHASE 02

Defensive Maturity

// Identity: Detection-Aware Engineer

1 / 5 DONE

⏳ IN PROGRESS

MONTHS 6–12

▾

// Core Focus Areas

Windows event logs

Linux system logs

SIEM (Splunk / Security Onion)

ServiceNow ITSM

Incident response workflow

MITRE ATT&CK framework

Threat modeling

Vulnerability management

// Tools to Master

Splunk

Tenable Nessus

ServiceNow

Wireshark

Security Onion

// Mission Objectives

01

Splunk Enterprise SIEM - Detecting Real Attacks on a Cloud VM

Azure VM deployment · Splunk 9.4.1 · auth log ingestion · SPL queries · brute force alert · CyberJKD Security Monitor dashboard

✓ Jun 7 2026 ⌥ GitHub ▶ YouTube

02

Create a custom detection rule

write Splunk/Sigma rule catching a real-world attack pattern

— TODO

03

Write a full incident response report

timeline · IOCs · affected systems · containment · lessons learned

— TODO

04

Simulate a phishing scenario in lab

craft email · analyse headers · map to MITRE ATT&CK

— TODO

05

Vulnerability Management lab

run Nessus scan on lab VMs · triage findings · write remediation report · log ticket in ServiceNow

— TODO

// Target Certifications

After labs

Splunk Core Certified User

Cert follows the SIEM hands-on. Build first.

Phase 02

AZ-900 — Azure Fundamentals

Entry point into the Azure pathway. Study alongside Phase 02 labs.

Always

Principle: Think Operationally

Not a cert — a mindset. Every technique studied, ask how it would be detected.

PHASE 03

Cloud Entry — Azure Deep

// Identity: Cloud-Aware Security Engineer

2 / 13 DONE

⏳ IN PROGRESS

MONTHS 9–15

▾

// Azure Core Focus Areas

Azure IAM + RBAC (deep)

Virtual Networks + NSGs

Microsoft Entra ID

Privileged Identity Management

Conditional Access policies

Managed Identities

Defender for Cloud

Microsoft Sentinel + KQL

Log Analytics workspace

Azure Key Vault

Azure Policy + Compliance

Azure Purview

Private Endpoints

Zero Trust architecture

Azure Cost Management + FinOps

Shared responsibility model

// Tools to Master

Microsoft Sentinel

Defender for Cloud

Log Analytics + KQL

Microsoft Entra ID

Azure Key Vault

Azure Purview

Logic Apps

Azure Cost Management

Azure Static Web Apps

GitHub Actions

// Mission Objectives

01

Deploy Azure VM + harden it

NSGs · private endpoints · disable unused ports · lock IAM · document every decision

— TODO

02

Active Directory + Microsoft Entra ID

users · groups · RBAC · conditional access · MFA from scratch

✓ May 20 2026 ⌥ GitHub ▶ YouTube

03

Wireshark network analysis on Azure VM

TCP handshake · DNS queries · cleartext HTTP creds · stream reconstruction

✓ May 23 2026 ⌥ GitHub ▶ YouTube

04

Automated Backup System

Blob Storage + versioning + lifecycle policies + daily Logic Apps confirmation

— TODO

05

Website Uptime Monitor

timer-triggered Functions + 3 checks + email/SMS alerts + Workbooks

— TODO

06

Azure Cost + Governance Dashboard

Cost Management budgets · tagging policy · Azure Policy · cost anomaly runbook

— TODO

07

Customer Inquiry Manager

App Service + Azure OpenAI categorization + SQL + Logic Apps routing

— TODO

08

AI Inventory Tracker

App Service + SQL + real-time stock + Azure OpenAI predictive restock

— TODO

09

Azure Security Posture Dashboard

Defender for Cloud + Azure Policy baselines + Log Analytics workbook

— TODO

10

Zero Trust Identity Pipeline

PIM just-in-time access + conditional access + managed identity auth · before/after Entra ID logs

— TODO

11

Automated Incident Detection + Response

Sentinel workspace + KQL rules (priv escalation · impossible travel) + Logic Apps auto-playbook

— TODO

12

Document the Azure Shared Responsibility Model

map Microsoft vs your responsibility across IaaS · PaaS · SaaS · threat model a fictional enterprise

— TODO

13

Migrate Roadmap to Azure Static Web Apps + CI/CD Pipeline

GitHub Actions auto-deploy on push → Azure Static Web Apps → custom domain → HTTPS automatic. The roadmap becomes a live proof of the exact skills it describes.

— PLANNED

// Value Pillars — Every Project Maps to One

GOLDEN RULE — LEAD WITH THE BUSINESS OUTCOME

Services are supporting details — outcomes are what hiring managers remember. Every project maps to at least one pillar below.

Cost Optimization

→ Project 06

Data Resilience

→ Project 04

Monitoring & Reliability

→ Project 05

AI & Automation

→ Projects 07, 08

Security

→ Projects 09, 10, 11

Infrastructure Automation

→ Project 13

// Target Certifications

Phase 03

AZ-104 — Azure Administrator

Primary Phase 03 cert. After hands-on projects are complete.

Stretch

AZ-305 — Azure Solutions Architect

Architect-level thinking for Cloud Security Engineers.

PHASE 04

Controlled Offensive + Multi-Cloud

// Identity: Precision Striker

0 / 5 DONE

— PENDING

MONTHS 12–18

▾

// Core Focus Areas

eJPT certification path

HackTheBox labs

Active Directory attacks

Web exploitation basics

Privilege escalation

AWS fundamentals entry

GCP fundamentals entry

Professional report writing

// Mission Objectives

01

Complete eJPT + document lab methodology

write every machine like a real professional pentest report

— TODO

02

Build an Active Directory home lab

set up AD · attack it · then detect those attacks in event logs

— TODO

03

Complete 5 HTB machines + write reports

methodology · findings · exploitation · remediation for each

— TODO

04

AWS fundamentals lab — EC2, IAM, S3, VPC

first AWS hands-on · Azure knowledge transfers · document differences

— TODO

05

Write a privilege escalation cheatsheet

Linux + Windows paths · detection methods · how defenders catch each one

— TODO

// Target Certifications

Phase 04

AWS SAA — Solutions Architect Associate

After AWS hands-on. Azure foundation makes this faster.

Phase 04

GCPACE — Google Cloud Associate Engineer

GCP entry. Third platform after Azure + AWS.

Always

The One Rule

Every offensive technique studied through a defensive lens first. Always ask: how would this be detected?

PHASE 05

Cloud Security Engineering + AI

// Identity: Builder of Secure Systems

0 / 8 DONE

— PENDING

MONTHS 18–24

▾

// Core Focus Areas

Advanced Azure security

Privileged Access Management

Container security

CI/CD pipeline security

Terraform IaC

DevSecOps fundamentals

Secure deployment pipelines

Multi-cloud security architecture

// Mission Objectives

01

Secure Azure deployment with Terraform

IaC · security controls baked in · deploy from scratch with one command

— TODO

02

Harden a container environment

Docker/K8s · image scanning · runtime policies · secrets management

— TODO

03

CI/CD pipeline with security gates

SAST · dependency checks · secrets detection · GitLab policy · manual approval

— TODO

04

Implement CyberArk PAM in lab

privileged account management · session recording · vault config · audit trails

— TODO

05

Write a cloud security architecture document

threat model + controls map for a multi-cloud enterprise · assets · threats · vulnerabilities · prioritized controls

— TODO

// AI Security Layer — The $300K Differentiator (included in 0/8)

AI-01

Secure an Azure OpenAI deployment

content filters · private endpoints · Entra ID auth · monitor API via Log Analytics

— TODO

AI-02

Map OWASP LLM Top 10 to Azure controls

each risk category → Azure service that addresses it → controls playbook

— TODO

AI-03

Build an AI security posture report

Azure Purview for training data classification · data governance controls · before vs after posture improvement

— TODO

// Target Certifications — The Full Stack

Primary

AZ-500 — Azure Security Engineer

The money cert for Azure Cloud Security Engineering.

Differentiator

AI-102 — Azure AI Engineer Associate

Rare skill. Rare compensation. Engineers who secure AI on Azure.

Advanced

AWS SAP — Solutions Architect Professional

Multi-cloud depth after Azure is mastered.

Advanced

GCPPCA — GCP Professional Cloud Architect

Three-cloud architecture capability.

DevSecOps

GitLab Associate + Terraform Associate

CI/CD security and IaC for Cloud Security Engineers.

PAM

CyberArk Sentry + CyberArk Defender

Privileged Access Management — enterprise standard.

Long range

OSCP

After offensive phase is complete. Built on deep real skill — never shortcuts.