Beginner Guide
How to Get Into Cybersecurity in 2026 (Complete Beginner Roadmap)
No degree, no bootcamp required. The exact free roadmap I'd follow as a self-taught CS student.
← Back to all articles
If you're trying to break into cybersecurity and have no idea where to
start, this guide is for you. I'm self-taught — and studying CS at Michigan
Tech with a cybersecurity minor — and this is the roadmap I wish I had
when I started.
The Honest Truth First
Cybersecurity is not as hard to get into as people make it sound. But
it's also not a "watch a few YouTube videos and get a $100k job in 3
months" situation either. Expect 6-18 months of consistent learning before
you're job-ready. The good news? Most of it is free.
Step 1: Build Your Foundation (Month 1-2)
Before you touch any hacking tools, you need basics. Skip this and
you'll struggle with everything else.
Learn These First
- Linux basics — almost everything in cybersecurity runs on Linux
- Networking fundamentals — TCP/IP, DNS, HTTP, ports
- How the web works — requests, responses, cookies, sessions
Free Resources
- TryHackMe Pre-Security path — covers all of the above, completely free
- Professor Messer's CompTIA Network+ videos (YouTube, free)
- OverTheWire Bandit — Linux practice through a fun wargame
My recommendation: Start with TryHackMe — the Pre-Security path took me about 3 weeks and covered everything I needed.
Step 2: Pick Your Lab Setup (Month 1)
You need a safe environment to practice. Never practice on systems
you don't own — always use a lab.
Option A: Free Local Lab
- Download VirtualBox — free VM software
- Download Kali Linux — free pentesting OS
- Run Kali inside VirtualBox on your own machine
Option B: Cloud Lab
- Spin up a DigitalOcean droplet ($4/mo)
- Get $200 free credits as a new user
- Access your lab from anywhere
Step 3: Start Hacking Legally (Month 2-4)
Once you have basics down, start practicing on intentionally vulnerable
platforms.
Best Platforms for Beginners
- TryHackMe — Start here. Guided rooms walk you through every concept.
- HackTheBox — Move here after TryHackMe. More realistic, less hand-holding.
- OverTheWire — Free wargames for Linux and web basics.
Step 4: Get Your First Certification (Month 4-8)
Certs aren't everything but they open doors — especially for your
first job.
Recommended Order
- CompTIA Security+ — Industry standard entry level cert
- eJPT — Practical beginner pentesting cert
- OSCP — Gold standard for pentest roles (after 12+ months)
Step 5: Build a Portfolio (Month 6+)
- CTF writeups — document how you solved challenges
- Lab walkthroughs — show your methodology
- GitHub — put your scripts and tools here
- Blog — writing about what you learn shows deep understanding
Step 6: Apply for Jobs
Entry Level Roles to Target
- SOC Analyst (Tier 1) — easiest to land first
- Junior Penetration Tester — needs more experience
- IT Security Analyst — great stepping stone
Full Roadmap Summary
| Month | Focus |
|---|
| 1-2 | Linux, networking, TryHackMe Pre-Security |
| 2-4 | TryHackMe Jr Pentester path, VirtualBox lab |
| 4-6 | HackTheBox, CTFs, Security+ study |
| 6-8 | Security+ exam, portfolio building |
| 8-12 | OSCP prep, job applications |
| 12+ | First job, keep learning |
Final Advice
The biggest mistake beginners make is jumping straight to hacking tools
without building foundations. Spend your first month on Linux and networking
and everything after that will be 10x easier.
The second biggest mistake is not being consistent. 30 minutes a day
beats a 5 hour session once a week every time.
Disclosure: Some links on this page may be affiliate links. I may earn a small commission if you sign up through them, at no extra cost to you. I only recommend tools I genuinely think are worth it.