144 lines
5.5 KiB
Markdown
144 lines
5.5 KiB
Markdown
# Certification Roadmaps by Role
|
|
|
|
Structured certification paths for different cybersecurity career tracks. Each roadmap provides a progression from entry-level to advanced certifications, with estimated timelines and skill development guidance.
|
|
|
|
[](https://certgames.com)
|
|
|
|
---
|
|
|
|
## Available Roadmaps
|
|
|
|
### Defensive Security
|
|
|
|
1. **[SOC Analyst](./SOC-ANALYST.md)**
|
|
- Monitor and respond to security incidents
|
|
- Timeline: 4-6 years to senior level
|
|
- Key Certs: Security+, CySA+, GCIH, GCIA, CISSP
|
|
|
|
2. **[Incident Responder](./INCIDENT-RESPONDER.md)**
|
|
- Investigate and remediate security breaches
|
|
- Timeline: 4-6 years to expert level
|
|
- Key Certs: Security+, CySA+, GCIH, GCFA, GREM
|
|
|
|
3. **[Security Engineer](./SECURITY-ENGINEER.md)**
|
|
- Design and implement security solutions
|
|
- Timeline: 5-7 years to senior level
|
|
- Key Certs: Security+, CySA+, SecurityX, CISSP, CCSP
|
|
|
|
### Offensive Security
|
|
|
|
4. **[Penetration Tester](./PENTESTER.md)**
|
|
- Ethically hack systems to find vulnerabilities
|
|
- Timeline: 3-5 years to expert level
|
|
- Key Certs: Security+, PenTest+, CEH, OSCP, OSEP, GXPN
|
|
|
|
5. **[Application Security](./APPLICATION-SECURITY.md)**
|
|
- Secure software development lifecycle
|
|
- Timeline: 4-6 years to senior level
|
|
- Key Certs: Security+, CEH, CSSLP, OSWE, GWAPT
|
|
|
|
### Architecture & Governance
|
|
|
|
6. **[Security Architect](./SECURITY-ARCHITECT.md)**
|
|
- Design enterprise security frameworks
|
|
- Timeline: 7-10 years to architect level
|
|
- Key Certs: Security+, SecurityX, CISSP, CCSP, SABSA, TOGAF
|
|
|
|
7. **[GRC Analyst/Consultant](./GRC-ANALYST.md)**
|
|
- Governance, Risk, and Compliance
|
|
- Timeline: 4-6 years to senior level
|
|
- Key Certs: Security+, CISA, CRISC, CISSP, ISO 27001 Lead Auditor
|
|
|
|
### Specialized Tracks
|
|
|
|
8. **[Cloud Security Engineer](./CLOUD-SECURITY-ENGINEER.md)**
|
|
- Secure cloud infrastructure and services
|
|
- Timeline: 4-6 years to senior level
|
|
- Key Certs: Security+, AWS/Azure Security, CCSK, CCSP, SecurityX, CISSP
|
|
|
|
9. **[Threat Intelligence Analyst](./THREAT-INTELLIGENCE-ANALYST.md)**
|
|
- Analyze and disseminate threat intelligence
|
|
- Timeline: 4-6 years to senior level
|
|
- Key Certs: Security+, CySA+, GCTI, GCIA, GOSI
|
|
|
|
10. **[Network Engineer (Security-Focused)](./NETWORK-ENGINEER.md)**
|
|
- Secure network infrastructure
|
|
- Timeline: 5-7 years to senior level
|
|
- Key Certs: Network+, Security+, CCNA, CCNP Security, CISSP
|
|
|
|
---
|
|
|
|
> **Studying for the certifications below?** [CertGames](https://certgames.com) is the platform I built to run this whole journey in one place: 25,000+ practice questions across 20 certifications (CompTIA, AWS, Cisco, ISC2), Learn lessons that teach each exam objective, guided projects you build from scratch, these career roadmaps with progress tracking, and deep analytics like an exam readiness score. Free, no credit card required. **[Start practicing free](https://certgames.com)**
|
|
|
|
---
|
|
|
|
## How to Use These Roadmaps
|
|
|
|
1. **Choose Your Path** - Select the role that aligns with your career goals
|
|
2. **Start at Your Level** - If you have experience, enter at the appropriate certification level
|
|
3. **Build Skills** - Use related projects to practice concepts between certifications
|
|
4. **Get Hands-On** - Certifications alone aren't enough - build real-world experience
|
|
5. **Stay Current** - Security evolves rapidly - continuous learning is essential
|
|
|
|
---
|
|
|
|
## General Advice
|
|
|
|
### Entry-Level (0-2 years experience)
|
|
- Start with CompTIA Security+ regardless of chosen path
|
|
- Build foundational skills before specializing
|
|
- Practice on free platforms (TryHackMe, HackTheBox)
|
|
- Contribute to open-source security projects
|
|
|
|
### Mid-Level (2-5 years experience)
|
|
- Specialize in your chosen track
|
|
- Pursue advanced certifications (OSCP, GCIH, etc.)
|
|
- Gain practical experience in production environments
|
|
- Start building a professional network
|
|
|
|
### Senior-Level (5+ years experience)
|
|
- Consider leadership certifications (CISSP, CISM)
|
|
- Mentor junior team members
|
|
- Contribute to the security community
|
|
- Focus on strategic thinking and business alignment
|
|
|
|
---
|
|
|
|
## Certification Comparison
|
|
|
|
### By Organization
|
|
|
|
**CompTIA** - Vendor-neutral, broad knowledge, good for entry/mid-level
|
|
**Offensive Security (OffSec)** - Hands-on, practical, highly respected for pentesting
|
|
**GIAC/SANS** - Deep technical knowledge, expensive but comprehensive
|
|
**(ISC)²** - Management-focused, industry standard for senior roles
|
|
**EC-Council** - Ethical hacking and security tools
|
|
|
|
### By Cost
|
|
|
|
- **Budget-Friendly:** CompTIA certifications ($300-400 per exam)
|
|
- **Mid-Range:** (ISC)² certifications ($700-750 per exam)
|
|
- **Premium:** SANS/GIAC certifications ($2,000-8,000 including training)
|
|
- **Hands-On:** Offensive Security ($1,000-2,500 with lab time)
|
|
|
|
---
|
|
|
|
## Related Resources
|
|
|
|
- **[Study Platforms & Courses](../RESOURCES/COURSES.md)**
|
|
- **[Practice Projects](../README.md#projects)**
|
|
- **[Cybersecurity Tools](../RESOURCES/TOOLS.md)**
|
|
- **[Exam Prep Resources](../RESOURCES/CERTIFICATIONS.md)**
|
|
|
|
---
|
|
|
|
---
|
|
|
|
> **The certification grind is rough.** Make it less painful with [CertGames](https://certgames.com): gamified practice where you earn XP, level up, build streaks, and compete on leaderboards, plus Learn lessons, guided projects, and roadmaps to keep you moving. 25,000+ questions across 20 certifications. Free, no credit card. **[certgames.com](https://certgames.com)**
|
|
|
|
---
|
|
|
|
**Last Updated:** January 2026
|
|
|
|
[Back to Main README](../README.md)
|