This repository contains a curated, focused learning path for IT professionals moving into a security operations role. The guides are designed to build practical, hands-on skills, moving from core concepts to the day-to-day workflow of a defensive security analyst.
How to Use This Path
The guides are numbered and designed to be followed sequentially. Each one builds on the last, progressively layering more advanced techniques and concepts. There are no shortcuts; mastery of the fundamentals is non-negotiable.
The Guides: Table of Contents
Part 1: The Foundations
- 01: Cybersecurity Foundations
- Core networking principles, threat categorization, and the defender’s mindset.
- 02: Core Investigator Tools
- Hands-on with
tcpdump, Wireshark,curl, and other essential analysis tools.
- Hands-on with
- 03: Identity and Email Threat Analysis
- Principles of identity protection and hunting for email-based threats using KQL.
Part 2: The Analyst’s Workflow
- 04: Endpoint Live Response Techniques
- Investigating running systems: process analysis, network correlation, and persistence hunting.
- 05: Adversary Tactics and Threat Intelligence
- Operationalizing the MITRE ATT&CK framework and using OSINT for threat enrichment.
- 06: The Anatomy of an Investigation
- Using the PICERL framework to manage an incident from initial alert to final ticket.
- 07: SIEM and SOAR Concepts
- Understanding the architecture of modern SOC platforms and security automation.
Part 3: The Toolkit
- 08: The Analyst’s Toolkit & Resource Guide
- A curated list of professional-grade tools, practice labs, and learning resources.