Skip to content
cyber-security.eu
DEEN

Learn cyber security

Cyber security is broad and moves quickly. Structured learning, early hands-on practice and clean notes get you furthest. This page outlines realistic paths and roles.

Who this page is for

This page is written for newcomers, career changers, IT staff moving into security and students or apprentices. It is editorial guidance, not individual career advice.

Learning directions

Fundamentals cover terms, protection goals, common threats and defences. A good starting point is What is cyber security.

Blue team and SOC focus on detection, triage, SIEM, EDR and log work. See SOC and SIEM.

Incident response covers preparation, containment and post-incident work. See Incident response.

Governance, risk and compliance ties security to regulation such as NIS2 and DORA.

Cloud security deals with secure configuration, IAM, logging and detection in cloud platforms.

Application security covers secure development, dependencies and testing.

Red teaming is an advanced topic. Realistic depth belongs on specialised portals, not at entry level.

A realistic path for beginners

A useful path does not start with hacking tools, but with foundations.

1. Networks: IP, TCP/UDP, DNS, HTTP, TLS, routing, segmentation.

2. Operating systems: Windows and Linux day-to-day, processes, file systems, services, permissions.

3. Identities and access: accounts, groups, roles, MFA, Active Directory or Entra ID, OAuth and SAML basics.

4. Web fundamentals: HTTP requests, sessions, cookies, common web vulnerabilities.

5. Logs and events: typical sources, timestamps, fields, correlation.

6. Threats and defences: Phishing, Ransomware, identity abuse, vulnerabilities, detection concepts.

Common learning mistakes

Tool hopping too early: jumping from tool to tool without foundations rarely sticks.

Certificate stacking only: certificates structure knowledge but do not replace hands-on work.

No practice: security is learned through repeated analysis of real or realistic data.

No notes: skipping documentation of your own analyses and failed attempts wastes most of the learning.

Practice ideas

A small home lab with virtual machines, log analysis on publicly available datasets, exercises with detection concepts, controlled phishing analyses with harmless test mails in your own inbox, and a written personal security knowledge base. Step-by-step offensive instructions are intentionally not provided here.

Checklist

  • Solid networking, Linux and Windows skills
  • A working lab environment (VMs or cloud)
  • Chosen at least one focus area
  • Document your own analyses and failed attempts
  • Read logs and build simple correlations
  • Use MITRE ATT&CK as everyday vocabulary
  • Community or mentoring in place
  • Realistic timeline, no quick miracles

Frequently asked questions

+Do I need to code?

For many security roles, solid scripting in Python or PowerShell is enough. Application security and red teaming benefit from deeper development skills.

+Which certificate first?

There is no single right answer. A broad foundation plus one recognised security certificate is a common anchor, but practice still matters most.

+Is red teaming a good entry point?

Rarely. Defence, log work and incident response give more context and are easier to practise. Red teaming builds on that.

+How long does it take?

With IT background, useful security work is often reachable within six to twelve months. Without that background it takes considerably longer.

Related topics

Become a SOC analyst

SOC analysts triage and escalate security events. The role is a realistic entry into detection, incident response and other specialisations. This page describes tasks, skills and a staged learning plan.

What is cyber security?

Cyber security protects digital assets from attack, manipulation and outage. This page explains in plain language what it covers, how it differs from IT and information security and which measures are part of today's standard.

What is a SOC?

A security operations centre combines people, process and technology to detect cyber incidents early, handle them in a structured way and learn from them. This page covers tasks, models and common pitfalls.

SIEM

A SIEM aggregates log and telemetry data, correlates it and provides the foundation for detection and incident response. This page covers function, important data sources and common mistakes.

Incident response

A security incident requires a clear process, rehearsed roles and prepared communication. Improvising during an incident wastes time and creates mistakes. This page covers the phases, responsibilities and common pitfalls.

Phishing

Phishing remains one of the most common entry points. Modern attacks look professional, use trusted brands and adapt quickly. Technical filters, awareness and a simple report button belong together.

Ransomware: risks and first response

Ransomware remains one of the most expensive cyber risks. It is typically the result of a chain of weaknesses rather than a single click. This page covers typical patterns, effective controls and an orderly first response.

Security awareness

Awareness works when it is continuous, relevant and fairly measurable. A yearly mandatory training is not enough. This page shows what good organisational awareness looks like.