// CyberJKD :: MASTER ROADMAP :: v1.1
CyberJKD
FOUNDATIONS → DEFENSE → CLOUD → OFFENSE → ENGINEERING
⚡   BECOMING DANGEROUS THROUGH FUNDAMENTALS   ⚡
PHASE 01
SYSTEMS FOUNDATION
// Identity: Infrastructure Thinker
MONTHS 0–6
// Core Focus Areas
Operating Systems (deep)
Networking fundamentals
Linux comfort & CLI
Python scripting basics
Bash automation
File systems & permissions
// Build These Projects
01
Harden a Linux VM + document a full checklist
→ disable services, configure firewall, lock SSH, write the full report
✓ COMPLETED — MANUAL (WSL2) ✓ COMPLETED — AUTOMATION SCRIPT ✓ COMPLETED — VM REDO (Ubuntu-Hardening)
02
Design a segmented lab network
→ VLANs, firewall rules, draw topology, document all configurations
✓ COMPLETED — APR 25 2026
03
Wireshark packet analysis report
→ capture live traffic, identify protocols, flag anomalies, write findings
✓ COMPLETED — Wireshark Packet Analysis (Apr 28, 2026)
04
Write a Python log parser script
→ parse auth logs, detect failed logins, output a clean summary
05
Simulate brute force + analyze the logs
→ controlled lab environment only — study what it looks like in the logs
// Target Certifications
🎯
ISC2 CC
First cert. Free exam. Start now alongside Phase 1 projects.
🎯
Security+
Target: Aug/Sep 2026. Skill first — cert follows the work.
🎯
CCNA
Target: Nov/Dec 2026. Skill first — cert follows the work.
PHASE 02
DEFENSIVE MATURITY
// Identity: Detection-Aware Engineer
MONTHS 6–12
// Core Focus Areas
Windows event logs
Linux system logs
SIEM (Splunk / Security Onion)
Incident response workflow
MITRE ATT&CK framework
Threat modeling
// Build These Projects
01
Forward logs to a SIEM + build a dashboard
→ ingest from Linux/Windows, visualize events, create alert rules
02
Create a custom detection rule
→ write a Splunk/Sigma rule that catches a real-world attack pattern
03
Write a full incident response report
→ timeline, IOCs, affected systems, containment steps, lessons learned
04
Simulate a phishing scenario in lab
→ craft fake email, analyze headers, map the technique to MITRE ATT&CK
05
Vulnerability Management lab
→ run Nessus/OpenVAS scan on lab VMs, triage findings, write remediation report
// Target Certification
🎯
SPLUNK CORE CERTIFIED USER
After SIEM projects are done. Cert follows the hands-on.
🧠
THINK OPERATIONALLY
Every action you study — ask how it would be detected.
PHASE 03
CLOUD ENTRY
// Identity: Cloud-Aware Defender
MONTHS 9–15
// Prerequisite Check
⚠️
ONLY AFTER NETWORKING FEELS SOLID
Do not start cloud until Phase 1 fundamentals are fully internalized.
// Core Focus Areas
AWS fundamentals
IAM (deep)
VPC + security groups
CloudTrail logging
EC2 hardening
Shared responsibility model
// Build These Projects
01
Deploy EC2 + restrict ports properly
→ configure security groups, disable unused ports, document every config decision
02
Create least-privilege IAM policies
→ build users, roles, and policies from scratch — zero over-permissioning
03
Enable CloudTrail + analyze logs
→ set up trail, generate events, detect suspicious API calls in the log
04
Document the shared responsibility model
→ map what AWS owns vs what you own across 3 different service types
05
Automated cloud lab deployment
→ deploy a basic AWS environment using scripts — EC2, VPC, security groups automated
// Target Certifications
☁️
AWS CLOUD PRACTITIONER
Optional. Only after hands-on. Do not cert before you build.
☁️
AZ-104 AZURE ADMINISTRATOR
Phase 3 stretch target. Multi-cloud awareness for Cloud Security Engineers.
PHASE 04
CONTROLLED OFFENSIVE
// Identity: Precision Striker
MONTHS 12–18
// Core Focus Areas
eJPT certification path
HackTheBox labs
Active Directory attacks
Web exploitation basics
Privilege escalation
Professional report writing
// Build These Projects
01
Complete eJPT + document lab methodology
→ write up every machine like a real professional pentest report
02
Build an Active Directory home lab
→ set up AD, attack it, then detect those attacks in the event logs
03
Complete 5 HTB machines + write reports
→ methodology, findings, exploitation steps, remediation advice for each
04
Write a privilege escalation cheatsheet
→ Linux + Windows paths, detection methods, how defenders catch each one
// The One Rule For This Phase
🎯
ALWAYS ASK: HOW WOULD THIS BE DETECTED?
Every offensive technique studied through a defensive lens first.
PHASE 05
CLOUD SECURITY ENGINEERING
// Identity: Builder of Secure Systems
MONTHS 18–24
// Core Focus Areas
Advanced IAM policies
KMS encryption
Container security
CI/CD pipeline security
Terraform basics
DevSecOps fundamentals
Secure deployment pipelines
// Build These Projects
01
Build a secure cloud deployment with Terraform
→ infrastructure as code, security controls baked in from the start
02
Harden a container environment (Docker / K8s)
→ image scanning, runtime policies, network policies, secrets management
03
Build a CI/CD pipeline with security gates
→ SAST scanning, dependency checks, secrets detection, policy enforcement
04
Implement KMS encryption across a deployment
→ key rotation, envelope encryption, full audit trail via CloudTrail
05
Write a cloud security architecture document
→ threat model + controls map for a fictional company's AWS environment
// Long-Term Cert Targets
🏆
AWS Security Specialty / OSCP
Long-range targets. Built on deep real skill — never shortcuts.
🏆
AZ-400 DEVOPS ENGINEER
Phase 5 stretch. DevSecOps pipeline expertise for Cloud Security Engineering.
🎯   EMPLOYMENT MILESTONE — MONTHS 12–18
SOC Intern
Security Intern
Cloud Intern
Junior IT / Security Hybrid
You don't wait until Month 24. You start applying when Phase 2 feels solid.
Portfolio on GitHub. Lab reports documented. Projects shipped. That is your resume.
⚠   THE ONE RULE THAT MAKES OR BREAKS THIS
Do not jump phases because something looks cool today.
No "cloud looks interesting right now."   No "I want malware."   No "maybe bug bounty."

Foundation first. Then scale. That is the whole game.